Re: FMC: Deployment is not sucessful because missing configuration mem

swscco001 · ‎04-27-2022

Hello everybody,

our customer has the FMCv 7.0.1.1 and two ASA5516-X (also 7.0.1.1) and the deployment
for one device is not running, most likely because missing configuration memory.

===============TRANSACTION INFO===============
Device UUID: 4b11adbe-a8ff-11ec-babe-af0eacb0b60c
Container UUID: 8c3786d2-9ed3-11e7-b428-eb5af86c6419
Transaction ID: 137439183967

Selected policy group list: Platform Settings

Out-of-date policy group list: Platform Settings
Deployment Type: Full Deployment
=============================================

In the health monitor for the device I get this:
"Your deployed configurations require more memory than the system can allocate. Re-evaluate your configurations."

"Most often you can reduce the number or complexity of access control rules or intrusion policies. See the online help to learn best practices for access control. (see attacheched screen dump)

The customer has just three Access Control Policies (see attacheched screen dump) but all with Intrusion Policy and File Policy."

Could it be that the Intrusion Policy has too many rules enabled for such a device?

I would like to hear your oppinion to how can I reduce the memory used for configuration.

If you need further information please let me know.

Thanks a lot!

Bye
R.

erikwiechers · ‎10-21-2022

I have the same issue. It started today, before that we never had any problem with it. However, there was a update for the vulnerability database last night. Maybe that has some influence on the performance?

FMC: Deployment is not sucessful because missing configuration memory