Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
779
Views
5
Helpful
6
Replies

FMC becomes very slowly and broken search in ACL Policy

ari82
Level 1
Level 1

‎02-11-2022 02:23 AM

Hi,

we are using FMC 6.6.5 (build 81) on VMware and since the last Updates the FMC becomes more and more slowly while showing the ACL Policy. The Browser will allready ask to break up loading the page oder wait for it.

Also the search function is broken. Find a Value in ACLs allways return zero results.

 

We have about 120 rules and use FMC since more than 3 years but this problem  exists since the last (maybe) 3 patches of FMC and becomes more and more slowly with every patch.

0 Helpful
6 Replies 6

Aref Alsouqi
VIP
VIP

‎02-11-2022 03:56 AM

If you have the right VM resources assigned, 32GB RAM and 8 vCPUs, then I would recommend to work with TAC on this.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2022 05:48 AM

waht kind of compute FMC has ?  if you have too much logging processing, that kills the performance this was noticed before.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ari82
Level 1
Level 1

‎02-11-2022 06:11 AM

The VM has 8 VCPUs (55% usage avg) on a dedicated VM Ware Host ( Intel Silver 4110 CPU) and 128 GB RAM assigned.

 

Logging is of course enabled for all Rules but i hope this shouldn't be the problem.

0 Helpful

Aref Alsouqi
VIP
VIP
In response to ari82

‎02-11-2022 06:16 AM

I would go TAC in this case. Alternatively, I would upgrade to the "second" latest recommended release which I believe it is the 7.0.1.

0 Helpful

ari82
Level 1
Level 1
In response to Aref Alsouqi

‎02-11-2022 06:21 AM

This should be an idea. Is it meanwhile really recommended to switch to 7.0.1 or are there still some major bugs?

I'm allways very carefully before switching to the next major release. In past it was allways a good idea to wait for just some months before really use the FTD/FMC version wich was recommended from Cisco

 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to ari82

‎02-11-2022 06:39 AM

I totally understand your point, however, the 7.0.1 has been around I think for a few months now, and it is not a 0 release, which means I wouldn't feel confident to upgrade to 7.0.0 as an example, but as this release passed already the 0 release I would trust Cisco applied the required fixes that would have been seen on the 0 release. Personally I've done the upgrade and couldn't see any issue. Rather, for a customer who was running 6.6.4 or .5 can't remember, we upgraded to 7.0.1 and a lot of issues and instabilities have been fixed. I highly recommend reading the release notes before doing the upgrade including the open caveats.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card