Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
3
Helpful
6
Replies

FMC showed a strange behavior

Ditter
Level 4
Level 4

‎03-10-2024 06:21 AM - edited ‎03-10-2024 06:21 AM

Hi to all,

i would like to share with you a "worrying" behavior of FMC.

To be more specific, i noticed that a week ago , FMC stopped sending emails for some events i had configured it.

At the beginning i assumed that it was a problem on the relay agent that was responsible for sending these emails.

However this was not the issue as the triggered emails i tried were successful to reach their destinations.

To cut a long story short , i decided to restart the FMC and after that moment everything started working again (emails started reaching their destination).

Any ideas why this happened and how should i troubleshoot it in case it happened again in the future?

I am running:

FMC 7.2.5 with FTDs 2.12.0

Thanks,

Ditter

0 Helpful
6 Replies 6

Sheraz.Salim
VIP
VIP

‎03-10-2024 06:40 AM

not sure what trigger this to come to this stage. however, I shall make some recommandation. consider for patches and software upgrades if this satisfied in your production. next time instead of reload/reboot the FMC you can issue these command to check which services are stop running. I beleive some how some processor stop working and the outcome you were stop receiving the emails.

pmtool status | grep -i down

This Link might find you helpful.

just cruious if the NTP change in the network might trigger this behavior?

While FMC 7.2.5 is compatible with FTDs 2.12.0, Cisco recommends using the suggested release for optimal performance and bug fixes. Upgrading the FMC to the latest suggested release (which according to Cisco is 7.2.5.x) might resolve any underlying bugs causing the email issue. You can find upgrade information on Cisco Secure Firewall Threat Defense Compatibility Guide: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html.

please do not forget to rate.

Ditter
Level 4
Level 4
In response to Sheraz.Salim

‎03-11-2024 08:05 AM

Hi @Sheraz.Salim and @Marius Gunnerud 

pmtool does not show a process down.  

However i followed your advice and upgraded from 7.2.5   to     7.2.5.1-29.

Emails started to "flow" after that , but i am not sure if it is the update that did the difference. As i recall after the restart the email worked for a while.  I will be watching it to see if something changed after the update.

 

Thank you.

Ditter

 

0 Helpful

Marius Gunnerud
VIP
VIP

‎03-10-2024 02:50 PM

This sounds like buggy behavior.  Were there any changes performed prior to seeing this issue?

--
Please remember to select a correct answer and rate helpful posts

Ditter
Level 4
Level 4
In response to Marius Gunnerud

‎03-11-2024 08:07 AM

No @Marius Gunnerud and @Sheraz.Salim  nothing special change that i did before this issue.  The only operation i was performing a lot were some modifications to site to site vpns.   A lot of commit changes i did there but this seems irrelevent though.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Ditter

‎03-11-2024 08:22 AM

I think the only way to truly find out what happed is to open a TAC case.  I suspect that  there might have been an issue with a database which caused this issue, but as to which database and what happened to cause it would need to be identified by TAC.

--
Please remember to select a correct answer and rate helpful posts

Sheraz.Salim
VIP
VIP
In response to Ditter

‎03-12-2024 07:27 PM

as said by @Marius Gunnerud If you have a support contract open a case with Cisco TAC.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card