11-04-2019 04:43 PM - edited 02-21-2020 09:39 AM
Hi All
About a year ago, DNS security via the Security Intelligence section stopped working when the Secondary HA ASA becomes the active firewall (which happens frequently due to module monitoring at the Asa level and weekly deployments resulting in frequent sub second module restarts ). The client is not pushing the DNS layer protection, so I can't spend time on a lengthy Cisco Case. (i did open a case but upgrading was the next step).
I have since upgraded a couple of times and it has never fixed it. Just wondering if anyone else has come across this?
I've unloaded the Dns policy and reapplied it as another step with no change in the situation.
11-04-2019 08:28 PM
Are both the primary and secondary ASA's Firepower service modules registered and licensed in your FMC?
07-21-2020 02:45 PM
Yes.
When the Secondary is Active all other functions work the same. Just not DNS Policy
07-21-2020 07:06 PM
I've deployed numerous ASAs with Firepower service modules in HA pairs and never had this happen. Something is most likely be setup differently on your standby ASA's Firepower service module.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: