Loading...
Loading...
During the upgrade of the Firewall Management Center (FMC), the certificate used by the Beaker process to communicate with Talos Cloud Services that already exists on the FMC will be replaced by a certificate from the upgrade package that may be expired upon installation. In the FMC GUI, one may see health alerts from the Talos Connectivity Status health module for at least one of the following module failures: * LSP- Failed to retrieve beaker inventory * URLDB- Failed to retrieve beaker inventory * Enrichment - failed to perform batch query
The software upgrade of the FMC to version 7.6.1 or later starting from version 7.6.0 or later. For example, 7.6.0 > 7.6.1 or 7.6.0 > 7.7.0.
A workaround is not available to prevent the upgrade from replacing the existing Talos certificate.
As long as the FMC can connect to the appropriate cloud services for Cisco Security Cloud (and Smart Software Manager, if the FMC has not been directly registered to Cisco Security Cloud), the FMC should replace the Talos certificate used by Beaker as soon as Beaker starts after the reboot following the conclusion of the software upgrade. That should happen before the GUI login page becomes available again. Otherwise, the expired certificate will remain in place on the FMC. Scenarios where the FMC will not replace the expired Talos cert with a new downloaded cert just after reboot following the upgrade: * on the FMC that was operating as standby within FMC HA at the start of the software upgrade if affected by defect CSCwq37519 * if the FMC is not registered to Cisco Security Cloud and use evaluation (eval) licensing, Specific License Reservation (SLR), or an on-prem Smart Software Manager (SSM) for its smart licensing configuration
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.