Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
343
Views
0
Helpful
4
Replies

Cisco FTD all of the interfaces showing link down

LeoKev
Level 1
Level 1

‎03-19-2025 05:45 AM - edited ‎03-19-2025 06:45 AM

Hi All,

Fresh out of the box.

Upgrade the Cisco Secure firewall to 7.4.2-172.

Configure both firewalls as HA (Active/passive) and basic firewall settings like interfaces, rules, etc

Register both firewalls.

Everything is going well, after 20 minutes of testing all of the interfaces show all the link down.

A screenshot of the active unit showing interfaces all down.

interface down.png

I checked, and all my physical connections are okay. I can see light on the interfaces, but the GUI is showing down.

I tried restarting the firepower but it still not resolving. Does anyone have any idea?

0 Helpful
4 Replies 4

Sheraz.Salim
VIP Alumni
VIP Alumni

‎03-19-2025 06:37 AM

The issue with all interfaces showing down in the GUI despite physical link lights being active likely stems from software and HA configuration changes introduced during the 7.4.2 upgrade. The problem appears related to Cisco’s known interface-handling bug (CSCwm40721) in 7.4.x firmware, combined with potential HA topology flaws. if firewalls are directly connected without a switch, which can could cause split-brain scenarios.

The GUI’s layer-2/3 status mismatch with physical layer-1 connectivity suggests either interface mismatches post upgrade or software misreporting. Start by verifying HA port-channel configurations using CLI commands like show lacp neighbor and show interface ip brief, then check for interface errors via show portmanager counters. Adjust health monitor exclusions in the GUI to prevent false alerts, and consider applying 7.4.2 hotfixes.

please do not forget to rate.
0 Helpful

LeoKev
Level 1
Level 1
In response to Sheraz.Salim

‎03-19-2025 06:46 AM

Hi Salim,

 

Previously i have configure similiar setup with the same model and version and HA direct connect each other but do not have such issue. Not sure why this setup happen.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to LeoKev

‎03-20-2025 06:00 AM

@LeoKev I would try to proceed to 7.4.2.2 and check if that resolves the issue. If not, you may be seeing a new cosmetic bug. In that case, Cisco TAC can help.

I do note that you appear to have portchannels configured and the po1 and po2 interface icons DO appear green.

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to LeoKev

‎03-21-2025 02:10 AM

@LeoKev @Marvin Rhoads Sorry, I mentioned the wrong bug. I was looking at three different bug IDs, and I accidentally pasted the incorrect one

please do not forget to rate.
0 Helpful
Review Cisco Networking for a $25 gift card
Top