01-27-2023 12:19 PM - edited 01-27-2023 12:36 PM
Hello,
I'm trying to deploy a FlexConfig for NetFlow export to my FTD, which is failing. I'm using FlowDestination text object override on my device because the interface name does not match the default "Inside."
I would like to avoid creating copies of the FlexObjects and using the override feature.
Here is a message I'm getting during the FlexConfig preview:
Preview Config Generation failed Error class: class com.cisco.nm.vms.template.exception.TemplateException$INSTANTIATION_FAILED; code: INSTANTIATION_FAILED Template Netflow_Add_Destination failed instantiation.
Thank you.
02-03-2023 01:29 AM
Hello,
You can try to follow this link for reference : https://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/netflow/216126-configure-netflow-secure-event-logging-o.html
From CLI you can verify the netflow config and mabe try to remove config from cli and try adding again :
no flow-export destination MANAGEMENT <>
policy-map global_policy class class-default
no flow-export event-type flow-create destination <>
no flow-export event-type flow-denied destination <>
no flow-export event-type flow-denied destination <>
no flow-export event-type flow-teardown destination <>
no flow-export event-type flow-update destination <>
to know the reson for failure, we need to check logs and troubleshoot in detail if the above steps dont help.
-----------------------------------------
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------
Regards,
Divya Jain
02-07-2023 10:53 PM
We will need to take a look at the logs to get better understanding. This is a generic error that could be caused because of multiple reasons.
-----------------------------------------
You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------
Regards,
Divya Jain
02-03-2023 04:49 AM
Please share your sanitized configs for review, but generally speaking, when you refer a variable in the FlexConfig template, those variables need to be already populated in FlexConfig objects.
02-03-2023 02:08 PM - edited 02-03-2023 02:14 PM
We don't have issues with deploying FlexConfig to one of our firewalls. The variable set is configured correctly.
The issue is on the second firewall. Its LAN interface has a different ifname, so we added an override to the NetFlow_Destination flex text object.
The deployment is failing without any error messages.
We see the "$INSTANTIATION_FAILED" message when we try to use "Preview" FlexConfig before deploying it.
As a workaround, we created a separate FlexConfig object and NetFlow_Destination text variable set for our second firewall. We were able to deploy the NetFlow config that way.
Our goal is to minimize the duplication of similar objects with override.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide