Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
1
Helpful
1
Replies

FMC: After upgrade I got errors on the FMC.

swscco001
Level 3
Level 3

‎09-03-2024 07:12 AM

Hello everybody,

I performed a FMCv upgrade from rel. 6.6.5.2 ---> 7.2.8 (Suggested Rel.).

The upgrade was performed without problems.

1.) The deployment thereafter failed with 'Validation Errors':

Policy Name: Zone Manroland
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
This rule requires a Threat license, but at least one device does not have a Threat license.
The Policy requires THREAT license ,but atleast one of the devices does not have a THREAT license.
You are deploying for the first time after a management center upgrade. Its recommended to review configuration changes in Advanced Deploy page before continuing.
With object group optimization enabled, the first-time deployment on threat defense, may take several minutes to an hour to re-evaluate policy configurations and to perform the optimization. This may also lead to higher CPU utilization on the device. We recommend that you do the deployment during a low traffic or a maintenance window. To disable (not recommended) object group optimization, go to System > Configuration > Access Control Preferences. Learn More

The rules were not changed and with the former release the customer did not need a Threat license.

2.) When I check the Health Monitor I got the following error for the FMC:

Critical Modules:1,Warning Modules:1,Normal Modules:24,Disabled Modules:43
ModuleSecurity Intelligence: Malcode-IP-Blacklist - Failed to download from http://malc0de.com/bl/IP_Blacklist.txt: Not Found (404)
Cisco-Intelligence-Feed - Failed to download from https://intelligence.sourcefire.com/auto-update/auto-dl.cgi/00:50:56:8A:3C:61/GetCurrent/rep_dd.md5: Peer certificate cannot be authenticated with given CA certificates

I logged in on the FMC-CLI and could reach tools.cisco.com:

3 packets transmitted, 3 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 3.342/3.407/3.450/0.066 ms
root@FPR-Mgmt:/Volume/home/admin# ping tools.cisco.com
PING tools.cisco.com (173.37.145.8) 56(84) bytes of data.
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=1 ttl=237 time=118 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=2 ttl=237 time=118 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=3 ttl=237 time=118 ms
64 bytes from tools2.cisco.com (173.37.145.8): icmp_seq=4 ttl=237 time=118 ms
^C
--- tools.cisco.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 117.657/117.725/117.785/0.046 ms

I did not find much useful in the WWW.

What would you do to get rid of the error messages?

Thanks a lot for every hint!

Thanks a lot!



Bye
R.

0 Helpful
1 Reply 1

marce1000
Hall of Fame
Hall of Fame

‎09-03-2024 09:59 AM

 

          -  FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm81052

   M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card