Symptom
New LSP deployment fails with one or more of below errors in /ngfw/var/log/messages
SF-IMS[127080]: Finished /ngfw/var/sf/detection_engines/c6aa32d4-9cf1-11ed-8c39-36f3e3577d76/snort3.lua:
SF-IMS[127080]: Unknow security attribute '_' on /ngfw/var/sf/lsp/lsp-rel-20240221-1537. LSP so rules will not be loaded.
SF-IMS[127080]: dlopen: loading of /ngfw/var/sf/lsp/lsp-rel-20240221-1537/talos_content/modules/3.1.21.1-114/ftd-x64/so_rules//server-webapp.so (/ngfw/var/sf/lsp/lsp-rel-20240221-1537/talos_content/modules/3.1.21.1-114/ftd-x64/so_rules/server-webapp.so) is prohibited.
…..
SF-IMS[127080]: Loading browser-chrome.rules:
SF-IMS[127080]: ERROR: browser-chrome.rules:1 SO rule 49442 not loaded.
SF-IMS[127080]: ERROR: browser-chrome.rules:2 SO rule 49443 not loaded.
….
SF-IMS[127080]: Reload failed! bad config [reload_config('/ngfw/var/sf/detection_engines/c6aa]
…
SF-IMS[114214]: Unknow security attribute '_' on /ngfw/var/sf/lsp/lsp-rel-20240221-1537. LSP so rules will not be loaded.
SF-IMS[2093]: Last message 'Unknow security attr' repeated 4 times, suppressed by syslog-ng
…
SF-IMS[114214]: FATAL ERROR: see prior 3888 errors (0 warnings)
Conditions
- Multi-Instance FTD on FPR41xx or 93xx
- Deploy new LSP package from FMC
Workaround
1 Log into the FTD CLI
>
2. Go to expert mode (linux shell)
> expert
$ sudo su
Password:
#
3. Go to /ngfw/var/log/sf Directory
# cd /var/log/sf/
# ls -al (check the update.status file is present)
3. Delete the update.status file
# rm update.status
# ls -al (check the update.status file is deleted)
4. Refresh the FMC UI and rerun the new LSP deployment
Further Problem Description
