Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4682
Views
0
Helpful
8
Replies

ASA 5525-X Random Failover / asdm log showing " Module sfr , Application down "ASA Firepower version 6.2.0.2-51" Snort health check failure

SHABEEB KUNHIPOCKER
Level 3
Level 3

‎08-06-2017 09:20 PM - edited ‎03-10-2019 06:54 AM

Hi,

I have  a pair ASA 5525-X with firepower services module in Active / Standby HA. Recently we found that the primary ASA randomly fails over to the secondary unit and shows the error "Module sfr , Application down "ASA Firepower version 6.2.0.2-51" Snort health check failure. Please let me know whether anyone had this issue before.

Thanks and Regards

Shabeeb

4 people had this problem
Labels:
0 Helpful
8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-06-2017 09:37 PM

How often does it happen?

Are there manual or automatic deployments going on at the time? If there are, that will restart Snort process and cause what you see.

If there are not, it could be module / ASA issue. What ASA version are you running?

0 Helpful

paullacap_25
Level 1
Level 1

‎05-09-2018 05:05 PM

Did you ever get a clear response to this? I'm currently having the same problem

Pair of ASA 5508 running 9.9(1)

Firepower Extensible Operating System Version 2.3(1.54)

 

0 Helpful

axelweber
Level 1
Level 1
In response to paullacap_25

‎05-10-2018 12:35 AM

Hi,
the response was "update sfr".
We couldn't upgrade to the actual version. The update failed several times.
The only way was to delete srf. Now after installing 6.2.3.1-43 everything runs.
0 Helpful

foo.bk001
Level 1
Level 1
In response to paullacap_25

‎07-08-2018 07:24 PM

I too am having the same problem, with my FMC and sensors on 6.2.3

0 Helpful

paullacap_25
Level 1
Level 1
In response to foo.bk001

‎07-08-2018 07:26 PM

I've just been advised to update the firepower appliance. Will let you
know if it makes a difference.
0 Helpful

philipw93
Level 1
Level 1
In response to paullacap_25

‎08-23-2018 09:54 AM

I have the same problem 

 

 Aug 23 2018 17:03:57: %ASA-1-505014: Module sfr, application down "ASA FirePOWER", version "6.2.3.1-43" Snort health check failure

 

 Aug 23 2018 17:03:57: %ASA-1-104001: (Primary) Switching to ACTIVE - Service card in other unit has failed.

 

 Aug 23 2018 17:03:57: %ASA-1-104002: (Secondary) Switching to STANDBY - Other unit wants me Standby. Primary unit switch reason: Service card in other unit has failed.

 

 

My ASA is running in CTX mode and the version is 9.8.(2)20

ASA 5545

0 Helpful

noliveira
Level 1
Level 1
In response to paullacap_25

‎04-03-2019 03:29 AM

Did the update make any difference? what version did you update to? 

 

Thanks 

0 Helpful

gbrodt
Level 1
Level 1

‎02-09-2022 01:59 PM

Backup, reimage and update to fix an issue. Restored the firepower backup and this problem occurred.  2nd try also failed. Was told to update and reimage and restore. Failed. Now reimage and update and manual restore of config and lic.  THIS IS BAD. It all started with a different issue of sfr going up and down. TAC (Jorge) want  an update in place (6.2.3-17) to fix the other up down issue. Weeks have gone by with no real fix. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card