https://community.cisco.com/t5/network-security/problem-deploying-flex-config-for-policy-based-routing/m-p/4761281#M1097153 <P>We have an HA pair of 2140 FTDs running 7.0.4 managed by an FMCv also running 7.0.4. We've had PBR configured since April of last year, which is allowing us to migrate to a new edge network with new Internet routers and set of ISPs running BGP. As we get approval to move other subnets and hosts over to the new edge, which is usually a few a month, we do so with no problems. We attempted to add some new devices to the PBR configuration yesterday, but the deployment failed. We removed the configuration, deployment still failed.&nbsp;</P><P>I created a new TAC case, but I don't have confidence with the state of the firewall. PBR was configured with flex-config using Type: Append and Deployment: Everytime. The ONLY way we could deploy after yesterday's failure was to change Type: Prepend and Deployment: Once. The TAC engineer claims PBR will remain in the configuration after subsequent deployments, but that's not been my experience.&nbsp;</P><P>Here is the error information from a failed deployment when I attempt to change back to Type: Append and Deployment: Everytime.</P><P><STRONG><U>Lina messages</U></STRONG><BR /><SPAN>ErrorCode: CFG-IN-PROGRESS Severity: error Description: com.cisco.ngfw.messages.DescriptionType@3b23f0d3</SPAN><BR /><SPAN>FMC &gt;&gt; clear configuration session OBJECT</SPAN><BR /><STRONG><U>Other logs</U></STRONG><BR /><SPAN>Lina config ROLLBACK failure log</SPAN><BR /><SPAN>Lina configuration application failure. Error in lina apply phase due to Config System Error response from LINA</SPAN><BR /><SPAN>Lina Files Rollback successful</SPAN></P><P>We'll have a major outage if PBR drops out of the configuration, so I refused to attempt a second deployment with the TAC engineer today to test my expectation. My questions are the following: 1) Will the PBR configuration drop with Deployment: Once set? 2) Based on the error message, is there potentially something else I can try? Maybe a reboot?</P><P>Thanks for your input.</P> Tue, 24 Jan 2023 19:37:37 GMT ABaker94985 2023-01-24T19:37:37Z https://community.cisco.com/t5/network-security/problem-deploying-flex-config-for-policy-based-routing/m-p/4761281#M1097153 <P>We have an HA pair of 2140 FTDs running 7.0.4 managed by an FMCv also running 7.0.4. We've had PBR configured since April of last year, which is allowing us to migrate to a new edge network with new Internet routers and set of ISPs running BGP. As we get approval to move other subnets and hosts over to the new edge, which is usually a few a month, we do so with no problems. We attempted to add some new devices to the PBR configuration yesterday, but the deployment failed. We removed the configuration, deployment still failed.&nbsp;</P><P>I created a new TAC case, but I don't have confidence with the state of the firewall. PBR was configured with flex-config using Type: Append and Deployment: Everytime. The ONLY way we could deploy after yesterday's failure was to change Type: Prepend and Deployment: Once. The TAC engineer claims PBR will remain in the configuration after subsequent deployments, but that's not been my experience.&nbsp;</P><P>Here is the error information from a failed deployment when I attempt to change back to Type: Append and Deployment: Everytime.</P><P><STRONG><U>Lina messages</U></STRONG><BR /><SPAN>ErrorCode: CFG-IN-PROGRESS Severity: error Description: com.cisco.ngfw.messages.DescriptionType@3b23f0d3</SPAN><BR /><SPAN>FMC &gt;&gt; clear configuration session OBJECT</SPAN><BR /><STRONG><U>Other logs</U></STRONG><BR /><SPAN>Lina config ROLLBACK failure log</SPAN><BR /><SPAN>Lina configuration application failure. Error in lina apply phase due to Config System Error response from LINA</SPAN><BR /><SPAN>Lina Files Rollback successful</SPAN></P><P>We'll have a major outage if PBR drops out of the configuration, so I refused to attempt a second deployment with the TAC engineer today to test my expectation. My questions are the following: 1) Will the PBR configuration drop with Deployment: Once set? 2) Based on the error message, is there potentially something else I can try? Maybe a reboot?</P><P>Thanks for your input.</P> Tue, 24 Jan 2023 19:37:37 GMT https://community.cisco.com/t5/network-security/problem-deploying-flex-config-for-policy-based-routing/m-p/4761281#M1097153 ABaker94985 2023-01-24T19:37:37Z https://community.cisco.com/t5/network-security/problem-deploying-flex-config-for-policy-based-routing/m-p/4761320#M1097155 <P><A href="https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217588-configure-pbr-with-ip-slas-for-dual-isp.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/217588-configure-pbr-with-ip-slas-for-dual-isp.html</A></P><P>&nbsp;</P> Tue, 24 Jan 2023 20:31:41 GMT https://community.cisco.com/t5/network-security/problem-deploying-flex-config-for-policy-based-routing/m-p/4761320#M1097155 MHM Cisco World 2023-01-24T20:31:41Z