FTD Appliance state went disabled by itself in FTD HA Pair managed by FMC

SaintEvn · ‎05-06-2021

We've deployed FTD HA managed by FMC in our DC and it was running normal until the secondary FTD state become disabled itself a few days ago.

We've no idea why the secondary FTD went disabled by itself but we planned to work with TAC while applying for DC access to physically check the appliance status.

But now we cannot access the primary FTD also and all the services are stopped. I can’t even take screenshot to provide TAC.

We are running both FTD and FMC version 6.6.1.

Can you guys please help me what should I check when I got the DC access and also what action plan should I perform in order to solve the issue. And also what are the possible reason for FTD to become disabled automatically.

As for now I can only think of rebooting the appliance but what if it won't help.

Anyone has happened this issue before??

Please help me, please I think I’m going crazy now.

Rob Ingram · ‎05-06-2021

Hi @SaintEvn

It sounds like a bug, upgrading to the latest recommend version (currently 6.6.1) would probably the next logical step and probably something TAC would recommend you doing.

If you are going to the DC, rebooting the FTD's will hopefully restore services quickly. Once the FTDs are up, test connectivity by sending traffic through the FTD (browse the internet). Confirm HA failover is working, run "show failover". If you can get TAC on the phone whilst you are onsite, work with them. And ideally upgrade the FTD's (you'll need to upgrade FMC to 6.6.1 before upgrading the FTDs).

rhuysmans · ‎05-06-2021

With a number of security advisories being sent out by Cisco for the FTD devices, 6.6.4 is the latest version that fixes a lot of bugs and vulnerabilities. I'd also take a look and make sure that it isn't a switch fault which is causing the connectivity issues. You never know when troubleshooting and always good to keep an open mind.