Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
933
Views
0
Helpful
0
Replies

Cisco FTD 6.6.5 - Process Status : Critical Snort Detection Engine

Agung1007
Level 1
Level 1

‎03-29-2022 04:52 AM

Hi Team,

 

Greetings to you all,

 

Recently (or on this week),

My customer FTD Device (Version 6.6.5, managed by FMCv 6.6.5) report that they have some issue

the symptoms is:

- on random time, the device drop all the connection (especially uplink to internet)

- already happened 3 times (on 24 March, 25 March & 28 March)

- the FMC suddenly logout when the issue happened (dont know if related or not)

- the downtime happened about 5-10 minute, then the device running normally again

 

already check all the status health for interface, platform, hardware , running normally

BUT

when I try to check all the module I found that the process Status (Critical) : The Primary Detection Engine process terminated unexpectedly 1 time(s)  (attached)

 

*the timestamp matches with the report that customer give when the downtime happened

 

 

Already check with the community and google:

- caused by SMB etc +

FN this issue

- after upgrade to 6.4.0.2

because of the SI URL Rule

-  Spero analysis on File Policy

- SNMP

 

which all telling me the same that it caused by Snort Detection Engine and happened on FTD/FMC version Below 6.6.5 (the issue should be solved right in the newer version like on 6.6.x ?)

 

Do you guys have some idea why it happened?

on how the workaround for this issue?

 

Many thanks!

Regards.

 

1 person had this problem
Preview file
86 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card