General

7.2.4 has not been released yet.

Symptom

The following error is seen on an FMC running 7.2.4-92 when converting Snort2 rules to Snort3: "Failed to convert snort 2 custom rules. Refer /var/sf/htdocs/ips/snort.rej for more details."

Conditions

To reproduce the error, go to Objects | Intrusion Rules | Snort 3 All Rules. From there, select Tasks, then select Convert Snort 2 Rules and Import. Click OK when the prompt is received that explains why the rules must be converted. The error will be seen after that.

Workaround

The VDB and SRU should have been upgraded after restoring from backup, and before attempting the upgrade to 7.2. That step is noted in the documentation for restoring from backup, but wasn't done here. To allow the upgrade to complete from the failed step noted in the bug, upgrade the VDB and restart the upgrade from the CLI using the following commands (replace the VDB package name w/ whatever the latest VDB version is): install_update.pl /Volume/7.2.0-82/sf/updates/Cisco_VDB_Fingerprint_Database-4.5.0-356.sh.REL.tar install_update.pl --detach /Volume/7.2.0-82/sf/updates/Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.0-82.sh.REL.tar or install_update.pl /var/sf/updates/Cisco_VDB_Fingerprint_Database-4.5.0-361.sh.REL.tar install_update.pl --detach /var/sf/updates/Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.2-54.sh.REL.tar Synch Inconsistent DB Entries ------------------------------ Use the below query to fetch the IPS policy records which got corrupted : select hn.NODE_ID , hn.NODE_NAME from hierarchy_nodes hn where hn.NODE_ID not in (SELECT NODE_ID from HIERARCHY_NODE_STATUS where NODE_TYPE = 'PG.FIREWALL.Snort3IpsPolicy') and NODE_ID not in (7001,7002,7003,7004,7005) and NODE_TYPE = 'PG.FIREWALL.Snort3IpsPolicy'; +---------+---------------+ | NODE_ID | NODE_NAME | +---------+---------------+ | 10111 | ArmiIPSPolicy | +---------+---------------+ 1 row in set (0.002821 seconds) For all those records insert the records in HIERARCHY_NODE_STATUS table. (just replace the NODE_ID value in the below query. Leave the other values as it is.) INSERT INTO HIERARCHY_NODE_STATUS (NODE_ID, NODE_TYPE, DATA, HEADLINE) VALUES (10111, 'PG.FIREWALL.Snort3IpsPolicy', '{"syncStatus":{"description":"All rules with user action overrides synced to Snort 3 version."}}', '{"syncStatus":{"description":"All rules with user action overrides synced to Snort 3 version."}}'); After the above insert , the above select query should not return any data. Once done ,conversion of Snort2 rules to Snort3 will work fine. If there is any rule override , perform synch again to retain any overrides.

Further Problem Description