Symptom

After using the ca_purge tool on the Secure Firewall Management Center (FMC), future retention of config archives may be higher than expected. Depending on how many devices the FMC manages and how often deployments are done to the managed devices, this could eventually result in the following symptoms (for which the use of ca_purge was likely used to mitigate): * larger backups * longer FMC high availability (HA) sync times

Conditions

Use of the ca_purge tool to reduce the retention of config archives on the FMC.

Workaround

Remember to manually restart the Tomcat service after using the ca_purge tool. To do so: --- 1. Log into the CLI of the FMC (if FMCs are in high availability, the current active FMC of the pair). 2. Go to expert mode: expert 3. Restart the Tomcat process (when prompted, enter the password for the logged-in CLI user): sudo pmtool restartbyid Tomcat --- After restarting Tomcat, the FMC GUI will be inaccessible for a few minutes.

Further Problem Description