OPERATIONAL DEFECT DATABASE
...
...
FMC upgraded from 7.1.0.1 to 7.2. Post upgrade we see deployments are failing with the below errors seen in policy_deployment and messages logs. "ERROR Timeout waiting for snort detection engines to process traffic: a8b50856-8def-11ec-8651-34e88c634aa4 at /ngfw/var/cisco/deploy/sandbox/exporter-pkg/code/SF/UMPD/Plugins/Snort/SnortNotifications.pm" "FATAL ERROR: /ngfw/var/sf/detection_engines/a8b50856-8def-11ec-8651-34e88c634aa4/intrusion/61f1c174-3698-11ec-887a-eff6a17c23b5/SORules.conf(6) Could not stat dynamic module path "/ngfw/var/de/so_rules/2bd19e01818214380299123b1ac3a1ad": No such file or directory." Aug 5 10:33:52 Inbound_DMZ SF-IMS[2346]: [2346] pm:de [ERROR] Failed to verify de signatures. See /ngfw/var/log/snort-fsic.log for details. Aug 5 10:34:53 Inbound_DMZ SF-IMS[2346]: [2346] pm:de [ERROR] Failed to verify de signatures. See /ngfw/var/log/snort-fsic.log for details. On snort-fsic.log faf06b50d3c8b2524cf3c29104c7c05273ff162f8eb430d4c2672de9826711dc073af00bb77dd13bd560cc75e346f0bcb57c19c69a39ec8a0aae40c25dbeaa33 56 Hash mismatch. 57 File: /ngfw/var/de.tmp/appid/odp/lua/97c7a8d2-18fa-4354-bb1a-ffecac4a80c8 58 Expected: 59 131c5fa478175f7bd0aa04e48d331de17478308430ff6b29ec412b0811fe42b73552624fac00bff5da4a90cea3dbbd9478b61f4f4ae1f54e8d71200d83ed1043 60 Got: 61 ff36d5a94a1caf245ee8e2e567c58eac59263444b5c3975717f2476aba026da3a00c3eed9ecab6cf99a9a0ed8da6889d6c7e16cd659cf8c8998f67d6ee7df7bb 62 Hash mismatch.
Found that there was a difference in file size of the VDB file when it last worked before the upgrade and after the upgrade. root@FW01:deploy# tar tvf failed-policy-bundle.tgz | grep -i vdb >>>>>> After the upgrade -rw-r--r-- 0/0 40750420 2022-08-03 01:03 pkg/var/cisco/packages/vdb-357.tgz root@FW01:deploy# tar tvf current-policy-bundle.tgz | grep -i vdb >>>>>> Before the upgrade -rw-r--r-- root/root 40788392 2022-07-27 04:32 pkg/var/cisco/packages/vdb-357.tgz
Force installing VDB resolved the issue. Another workaround that worked was deleting the VDB package from deployment.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
