cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
672
Views
5
Helpful
4
Replies

Firepower 7.2.1 - Issue with the FlexConfig Text object override

mr.pavelkozlov
Level 1
Level 1

Hello,

I'm trying to deploy a FlexConfig for NetFlow export to my FTD, which is failing. I'm using FlowDestination text object override on my device because the interface name does not match the default "Inside."

I would like to avoid creating copies of the FlexObjects and using the override feature.

Here is a message I'm getting during the FlexConfig preview:

Preview Config Generation failed Error class: class com.cisco.nm.vms.template.exception.TemplateException$INSTANTIATION_FAILED; code: INSTANTIATION_FAILED Template Netflow_Add_Destination failed instantiation.

Thank you.

4 Replies 4

Divya Jain
Cisco Employee
Cisco Employee

Hello,
You can try to follow this link for reference : https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/netflow/216126-configure-netflow-secure-event-logging-o.html

From CLI you can verify the netflow config and mabe try to remove config from cli and try adding again :


no flow-export destination MANAGEMENT <>

policy-map global_policy class class-default 

no flow-export event-type flow-create destination <>

no flow-export event-type flow-denied destination <> 

no flow-export event-type flow-denied destination <> 

no flow-export event-type flow-teardown destination <>

no flow-export event-type flow-update destination <>

to know the reson for failure, we need to check logs and troubleshoot in detail if the above steps dont help.




-----------------------------------------
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------


Regards,
Divya Jain

We will need to take a look at the logs to get better understanding. This is a generic error that could be caused because of multiple reasons.



-----------------------------------------
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------


Regards,

Divya Jain

Please share your sanitized configs for review, but generally speaking, when you refer a variable in the FlexConfig template, those variables need to be already populated in FlexConfig objects.

We don't have issues with deploying FlexConfig to one of our firewalls. The variable set is configured correctly.
The issue is on the second firewall. Its LAN interface has a different ifname, so we added an override to the NetFlow_Destination flex text object.
The deployment is failing without any error messages.
We see the "$INSTANTIATION_FAILED" message when we try to use "Preview" FlexConfig before deploying it.

As a workaround, we created a separate FlexConfig object and NetFlow_Destination text variable set for our second firewall. We were able to deploy the NetFlow config that way.

Our goal is to minimize the duplication of similar objects with override.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: