Solved: Failed to deploy flexobject policy - threat-detection service to RAVPN

EminaBrkanic · ‎03-17-2025

Hi all,

I am trying to deploy threat detection service for ravpn on ftd managed by fmc.

I am following this guide:

Configure Threat Detection for Remote Access VPN Services on Secure Firewall Threat Defense - Cisco

FTD is on version 7.4.2 but when I try to install policy, status is failed with error shown below. Did anybody have this problem?

Lina messages
FMC >> clear configuration session
FMC >> no strong-encryption-disable
FMC >> time-range timezone tzname 1 00
FMC >> ssl dh-group group14
FMC >> dp-tcp-proxy
FMC >> policy-map global_policy
FMC >> class class-default
FMC >> class inspection_default
FMC >> exit
FMC >> crypto isakmp nat-traversal
FMC >> vpn-addr-assign local reuse-delay 0
FMC >> access-group CSM_FW_ACL_ global
FMC >> threat-detection service invalid-vpn-access
EDGE-FTD1 >> error :
threat-detection service invalid-vpn-access
^
ERROR: % Invalid input detected at '^' marker.
Config Error -- threat-detection service invalid-vpn-access

Other logs

Lina config ROLLBACK failure log
Lina configuration application failure. Error in lina apply phase due to Config Error response from LINA

Rollback skipped as Lina and SNORT are in sync
Write mem executed as Lina and SNORT are in sync

Lina write mem operation successful

Rob Ingram · ‎03-17-2025

@EminaBrkanic that feature is applicable to 7.4.2.1 have you applied that patch?

View solution in original post

Rob Ingram · ‎03-17-2025

@EminaBrkanic that feature is applicable to 7.4.2.1 have you applied that patch?

EminaBrkanic · ‎03-17-2025

Hi Rob.

you are right!

I didn't. I check the version twice, but just didn0t see that .1

I will try it a little bit later and inform you.

thanks

EminaBrkanic · ‎03-18-2025

It was the version.

thanks Rob.