Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
0
Replies

Anybody have issues with pushing NGFW policies with new LSP updates?

otokekhaw22
Level 1
Level 1

‎03-20-2024 10:28 PM - last edited on ‎03-21-2024 12:33 AM by Cisco Employee

Got a weird issue with some of my FTDs, running 7.2.5 on FMC and FTD. It seems if there is a new LSP update (we're on snort 3), 9 times out of 10, a policy deployment fails to remote FTDs. Without an LSP update, it works fine. With an LSP update, its a tossup on if the push is successful or not. I'm investigating WAN link integrity as part of this, I did notice latency would spike to above 100ms on the 10mb circuit we have at some of these sites, but given the size of the LSP update, I figured this would be ok. WAN latency is usally around 10-20 ms.

I do have a tac case open, they haven't found anything weird with the config, and even ran our config in their own lab (allegedly) to 100% success.

One thing I am testing later is adding FMC-to-FTD connection to the prefilter policy on the HQ FTD, since the FMC is southbound of that, and has to send control connections through that site's FTD to connect to other sites' FTDs.

Just wondering if anybody else running cisco ftd / secure firewall has encountered something similar.

https://xender.vip/
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card