Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1600
Views
0
Helpful
7
Replies

FMCv HA issue with FTD 2120

Go to solution
MTN_CY
Level 1
Level 1

‎05-05-2019 11:41 AM - edited ‎02-21-2020 09:06 AM

Dear Community,

 

I'm trying to build HA on FMCv for two ftds 2120.

The specs of the devices are:

FMCv: 6.3.0 software 

FTD 2120: Cisco Firepower 2120 Threat Defense (77) Version 6.2.3.10 (Build 59)

 

During the HA procedure all prerequisites are met, I'm able to choose the interfaces for the failover and afterwards I get the following error:

 

On System-->Tasks-->: High availability configuration could not be updated on the primary device <Devices' Name>

and on

System-->Deployments:  

Other logs 
May 5 18:20:49 Unable to open /var/cisco/deploy/sandbox///network_analysis/snort.conf.abba00a0-cf29-425c-9d75-49699aadc898 for appending 

 

Has anyone seen this issue before?

 

Thanks in advance.

 

Stelios

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MTN_CY

‎05-06-2019 02:12 AM

OK - that should definitely be supported.

Have you ever managed either FTD device before? It often helps to deploy to them first so that SRUs (Snort Rule Updates), VDB version etc. are all in sync before starting.

If that all looks good then I'd recommend opening a TAC case. They can dig deep in the logs and remedy the root cause for you.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
MTN_CY
Level 1
Level 1
In response to Marvin Rhoads

‎05-05-2019 09:43 PM

Hi Marvin,

Thanks for the reply.
I'm not looking HA for FMCv but for the ftds which are managed by FMCv.

Thanks.
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MTN_CY

‎05-06-2019 02:12 AM

OK - that should definitely be supported.

Have you ever managed either FTD device before? It often helps to deploy to them first so that SRUs (Snort Rule Updates), VDB version etc. are all in sync before starting.

If that all looks good then I'd recommend opening a TAC case. They can dig deep in the logs and remedy the root cause for you.

0 Helpful

Go to solution
MTN_CY
Level 1
Level 1
In response to Marvin Rhoads

‎05-06-2019 02:16 AM

Hi Marvin,

I'm new to FTD, ok i will do what you suggested and if it doesn't work I will reach TAC.

Thanks for your help.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MTN_CY

‎05-06-2019 02:27 AM

You're welcome. Keep us posted on the outcome.

0 Helpful

Go to solution
MTN_CY
Level 1
Level 1
In response to Marvin Rhoads

‎05-06-2019 02:47 AM

Snort Rule Update did the work!!!
Now HA is working smoothly.

Thanks a lot Marvin :)
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MTN_CY

‎05-06-2019 03:38 AM

That's great to hear.

FMC can be particular about Snort rule sets being in sync before allowing FTD or Firepower service module upgrades so I thought it might similarly object to it during creation of an HA pair.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card