03-26-2023 10:13 PM
I have 2 x FTD2110 configured in HA and they managed by FMCv. Both FMC and FTD are running on code 6.2.3.
1: When using FTD, bug 66879 was encountered. Even though I added policy_based_routing_clear to flexconfig, I needed deploy twice to use it properly. After FMCv &FTD was upgraded to version 6.4.0., bugs still existed. How to solve this problem thoroughly? Upgrade or whatever ? Could you tell me in detail?
2:After FMCv &FTD was upgraded to version 6.4.0. The HA of the FTD device is faulty: The ping and CLI of the standby wall are normal. Check it out at FMCv: Devices--Device Management---Secondary, Synchronizing. force refresh High Availability node status: not connected to peer . How to solve this problem ?Could you tell me in detail?
Solved! Go to Solution.
04-03-2023 04:34 AM
Hi,
For the first issue regarding bug 66879, it is recommended to upgrade to the latest version of FTD code. The latest recommended version is 7.0.5. ( even for a 6.x version i would recommend upgrading to atleast 6.7). Additionally, it is important to ensure that the flexconfig is properly configured and deployed to both FTD devices.
Also did you try checking with TAC as why the issue is there post upgrade as well?
For the second issue with the faulty HA, it is recommended to check the HA configuration on both FTD devices and ensure that they are properly synchronized with FMCv. It may also be helpful to check the network connectivity between the FTD devices and FMCv. You can also take paclet captures from sensors or event at network level just to rule out connectivity issue.
if the issue persists, it may be necessary to troubleshoot the HA configuration and network connectivity in more detail or open a case with Cisco TAC for further assistance.
-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------
Reagrds,
Divya Jain
04-03-2023 04:34 AM
Hi,
For the first issue regarding bug 66879, it is recommended to upgrade to the latest version of FTD code. The latest recommended version is 7.0.5. ( even for a 6.x version i would recommend upgrading to atleast 6.7). Additionally, it is important to ensure that the flexconfig is properly configured and deployed to both FTD devices.
Also did you try checking with TAC as why the issue is there post upgrade as well?
For the second issue with the faulty HA, it is recommended to check the HA configuration on both FTD devices and ensure that they are properly synchronized with FMCv. It may also be helpful to check the network connectivity between the FTD devices and FMCv. You can also take paclet captures from sensors or event at network level just to rule out connectivity issue.
if the issue persists, it may be necessary to troubleshoot the HA configuration and network connectivity in more detail or open a case with Cisco TAC for further assistance.
-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------
Reagrds,
Divya Jain
04-03-2023 06:09 PM
Hi Divya Jain,
Thank you very much for your answer.
2 problems encountered so far, I have contacted Cisco TAC and are waiting for their reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide