Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1866
Views
0
Helpful
7
Replies

FMC SENSORS FAILING , ON DEPOLYMENT FOR FMC / THANKS IN ADVANCE GUYS!

espinosatinee13@gmail.com
Level 1
Level 1

‎05-20-2022 04:52 AM

I was asked to re-image the firewalls , do the FTD's need to be registered on the FMC , when I 

re-image them , i have had cisco TAC , with me for severals weeks , now and he's done a deep dive on linux , '

to try to fix this problem , here's a snippet of the last session.

 

 

Please let me know if you were able to reimage the firepower modules, also how it went:

  •  

 

Also to follow up on the meeting a recap:

  • We downgraded the SRU and VDB on the FMC to match the ones on the device.
  • Created a test policy with 1 ACP rule, assigned it to one of the 2 devices.
  • The deployment keeps failing on the managed sensors

 

Please let me know if you have any questions or need anything else.

 

Regards!

Technical Consulting Engineer

regards JUAN 

juan espinosa
0 Helpful
7 Replies 7

Marius Gunnerud
VIP
VIP

‎05-21-2022 01:55 PM

What is the error you are getting when the deployment fails under Deployment History?  Also, go to  Updates > Rule Updates and click on Rule Update Logs, are the recent logs showing successful?

 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

espinosatinee13@gmail.com
Level 1
Level 1
In response to Marius Gunnerud

‎05-23-2022 07:47 AM

Transcript Details
 
===============TRANSACTION INFO=============== Device UUID: 7187cc7a-b12a-11ec-b4b4-ef852aa98d6f Transaction ID: 8589943161 Selected policy group list: Access Control Policy, Sensor Policy, Network Discovery, Intrusion Policy, DNS Policy Out-of-date policy group list: Access Control Policy, Sensor Policy, Network Discovery, Intrusion Policy, DNS Policy Deployment Type: Full Deployment
Transcript Details
 
===============TRANSACTION INFO=============== Device UUID: 7f936b62-b418-11ec-8e88-fa8360af2aff Transaction ID: 8589943266 Selected policy group list: Access Control Policy Out-of-date policy group list: Access Control Policy Deployment Type: Full Deployment
These are the Errors in the deployment transcripts, Cisco TAC , said get's to the Sensors and fails , and i will also do what you suggested , 

Also, go to  Updates > Rule Updates and click on Rule Update Logs, are the recent logs showing successful?

Thanks for the response i will let you know the results 

....JUAN

juan espinosa
0 Helpful

espinosatinee13@gmail.com
Level 1
Level 1
In response to Marius Gunnerud

‎05-23-2022 07:53 AM

Recurring Rule Update Imports

Last update failed at 2022-05-22 23:45:05 - Already Installed.
Note: Importing will discard all unsaved intrusion policy and network analysis policy edits.
From updates, as suggested update failed.
juan espinosa
0 Helpful

espinosatinee13@gmail.com
Level 1
Level 1
In response to Marius Gunnerud

‎05-23-2022 08:19 AM

ASA5525XMONARCH1
Deployment failed due to configuration error May 23 14:59:14 snort validation failed: /var/cisco/deploy/sandbox/exported-files/var/sf/detection_engines/10a9e260-b12c-11ec-9b6b-f9ab2aa98d6f/intrusion/variables/76fa83ea-c972-11e2-8be8-8e45bb1343c0/policy_user.conf(1) Invalid configuration line: any . If problem persists after retrying, contact Cisco TAC.
This is the same Error I"ve been getting for weeks now 
 
juan espinosa
0 Helpful

Marius Gunnerud
VIP
VIP
In response to espinosatinee13@gmail.com

‎05-25-2022 03:33 PM - edited ‎05-27-2022 01:25 PM

I believe the issue is with an SRU mismatch or that the FMC is trying to deploy an SRU version that is already installed on the FTD.

Here is the procedure to rollback the SRU on both FMC and FTD.  I highly recommend that you do this with assistance from Cisco TAC. If you do decide to proceed with this I do not take any responsibility for any damage that might be caused to your device and you do so at your own risk.

First identify what is the latest successfully installed SRU version. In this scenario SRU-2022-05-16-001 is the version I wanted to rollback to.  Once you have identified which version you want to rollback to do the following (the rollback should take around 10 minutes per device.):

 

user@firesight:/var/sf/SRU#  sudo su -

 

root@firesight1:/var/sf/SRU# tar -xvf Cisco_Firepower_SRU-2022-05-16-001-vrt.sh.REL.tar

bundle.tar

bundle.sig

 

root@firesight1:/var/sf/SRU# tar -xvf bundle.tar

METADATA

Cisco_Firepower_SRU-2022-05-16-001-vrt.sh

 

root@firesight1:/var/sf/SRU# sudo sh Cisco_Firepower_SRU-2022-05-16-001-vrt.sh -- --rollback

 

The package is /var/sf/SRU/Cisco_Firepower_SRU-2022-05-16-001-vrt.sh

Verifying archive integrity... All good.

Uncompressing Cisco Firepower SRU.............................................

[220520 10:23:23] Lock //tmp/sru.lock for revert created successfully

[220520 10:23:23]

Authority UUID =

AQ UUID =

[220520 10:23:23] Using root directory

[220520 10:23:23] #####################

[220520 10:23:23] # REVERT STARTING

[220520 10:23:23] #####################

[220520 10:23:23]

[220520 10:23:23] BEGIN  pre/000_start.sh

[220520 10:23:23] COMPLETED pre/000_start.sh

[220520 10:23:23]

[220520 10:23:23] BEGIN  pre/010_check_versions.sh

[220520 10:23:23] COMPLETED pre/010_check_versions.sh

[220520 10:23:23]

[220520 10:23:23] BEGIN  pre/020_check_space.sh

[220520 10:23:23] COMPLETED pre/020_check_space.sh

[220520 10:23:23]

[220520 10:23:23] BEGIN  pre/999_finish.sh

[220520 10:23:23] COMPLETED pre/999_finish.sh

[220520 10:23:23]

[220520 10:23:23] BEGIN  installer/000_start.sh

[220520 10:23:23] COMPLETED installer/000_start.sh

[220520 10:23:23]

[220520 10:23:23] BEGIN  installer/050_sru_log_start.pl

[220520 10:23:35] COMPLETED installer/050_sru_log_start.pl

[220520 10:23:35]

[220520 10:23:35] BEGIN  installer/100_install_files.pl

[220520 10:23:35] COMPLETED installer/100_install_files.pl

[220520 10:23:35]

[220520 10:23:35] BEGIN  installer/510_install_policy.pl

[220520 10:23:56] COMPLETED installer/510_install_policy.pl

[220520 10:23:56]

[220520 10:23:56] BEGIN  installer/520_install_rules.pl

[220520 10:30:37] COMPLETED installer/520_install_rules.pl

[220520 10:30:37]

[220520 10:30:37] BEGIN  installer/521_rule_docs.sh

[220520 10:30:38] COMPLETED installer/521_rule_docs.sh

[220520 10:30:38]

[220520 10:30:38] BEGIN  installer/530_install_module_rules.pl

[220520 10:31:03] COMPLETED installer/530_install_module_rules.pl

[220520 10:31:03]

[220520 10:31:03] BEGIN  installer/540_install_decoder_rules.pl

[220520 10:31:16] COMPLETED installer/540_install_decoder_rules.pl

[220520 10:31:16]

[220520 10:31:16] BEGIN  installer/602_log_package.pl

[220520 10:32:33] COMPLETED installer/602_log_package.pl

[220520 10:32:33]

[220520 10:32:33] BEGIN  installer/900_update_version.sh

[220520 10:32:33] COMPLETED installer/900_update_version.sh

[220520 10:32:33]

[220520 10:32:33] BEGIN  installer/999_finish.sh

[220520 10:32:33] COMPLETED installer/999_finish.sh

[220520 10:32:33]

[220520 10:32:33] BEGIN  post/000_start.sh

[220520 10:32:33] COMPLETED post/000_start.sh

[220520 10:32:33]

[220520 10:32:33] BEGIN  post/500_copy_contents.sh

[220520 10:32:33] COMPLETED post/500_copy_contents.sh

[220520 10:32:33]

[220520 10:32:33] BEGIN  post/900_iru_log_finish.pl

[220520 10:32:34] COMPLETED post/900_iru_log_finish.pl

[220520 10:32:34]

[220520 10:32:34] BEGIN  post/999_finish.sh

[220520 10:32:34] COMPLETED post/999_finish.sh

[220520 10:32:34]

[220520 10:32:34] Lock //tmp/sru.lock for revert removed successfully.

[220520 10:32:34] Pruning logs and old installs

[220520 10:32:34]

[220520 10:32:34] ####################

[220520 10:32:34] # REVERT COMPLETE

[220520 10:32:34] ####################

 

root@firesight1:/var/sf/SRU# sfcli.pl show version

--------[ firesight1.builtontrust.it ]--------

Model                     : Cisco Firepower Management Center for VMware (66) Version 7.0.1.1 (Build 11)

UUID                      : xxxxxxxx-56cc-11e9-81de-xxxxxxxxxxxx

Rules update version      : 2022-05-16-001-vrt

LSP version               : lsp-rel-20210503-2107

VDB version               : 351

----------------------------------------------------

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

espinosatinee13@gmail.com
Level 1
Level 1
In response to Marius Gunnerud

‎05-25-2022 04:39 PM

thanks for the support , and if goes well, i will reply,
and post, for the community,
regards , JUAN
juan espinosa
0 Helpful

espinosatinee13@gmail.com
Level 1
Level 1
In response to espinosatinee13@gmail.com

‎05-30-2022 06:19 PM

I would like to thank any and all the community who responded,. I walked through,. What was a Default Variable setting,. On the FMC, that was apart of the a default policy, that was Making the deployment fail,. Tomorrow I will post specifically and Technically what we Did to resolve the issues with the FMC many thanks to all. JUAN

juan espinosa
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card