cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1663
Views
4
Helpful
7
Replies

FTD HA pair - interface changes detected after failover

plwalsh
Level 1
Level 1

Hi,

I upgraded FMCv from 6.6.5 to 7.2.4. A few days later, my active-standby HA pair of FTD 6.6.5 devices failed over during resilience testing. FMC gave a health monitor alert about interface changes detected. In the Interface config screen for the HA pair,  I have a notice stating:
'Interface configuration has changed on device. Click to know more'

Clicking takes me to an Interface Changes screen with a Validate Changes option. Validating gives:
'Changes validated successfully.
Close this window and click Save.'

I'm nervous about making changes to the Device policy when I did not make any changes. Can anyone advise if this behaviour is seen after failover? Is it safe to Save the Device policy and Deploy or should I do something else (e.g. Sync Device)?

Regards,
Piaras

7 Replies 7

Are you by any chance managing 1000 or 2100 series FTD appliances?
I'm wondering since you were upgrading from pre 6.7, if it's possible you might be hitting bug CSCwa29956 ?
Could be if you can't clear the health alert.
(The workaround is "Contact TAC")

It's supposed to be fixed in 7.2.0, but sometimes bug resurface.

Hi Jonatan.

I am managing 2100 devices and port-channels are configured on them. Port-channels configured on the device is one of the conditions for bug CSCwa29956. I think a TAC call is warranted. Thank you for your reply.

Regards,
Piaras

I also see this message from time to time, and also see it on FMC / FTD running 7.2.4.  The interfaces the message refers in my case are unused interfaces.  No changes have actually been made to them and when checking the audit logs it shows that the culprit is the "system" user.  I have not yet opened a TAC for this as it is purely cosmetic, but my best guess is that the FMC does some checks and through the process of these checks these messages appear.

If the error is worrying you then I would suggest opening a TAC case as this most likely will require changes to a database or two.  But all in all, it is a cosmetic warning message, which arguably should not be there, and is safe to ignore so long as the interfaces being referred to are not in use.

--
Please remember to select a correct answer and rate helpful posts

Thank you for your reply Marius.

I failed back my 6.6.5 FTD HA pair and again FMC 7.2.4 alerted to say device interfaces have changed, but there have been no changes. I think you are probably correct that this is a cosmetic bug but I am nervous to save the device policy in case it sets a 10GE etherchannel to 1GE or something else unexpected. I was surprised to see 7.2.4.1 that wa released last week, has so many bug fixes in it. Very odd considering 7.2 has been available for 2 years. I have opened a TAC case but no response yet as my issue is not urgent. I will update this topic once I hear from TAC.

Have you heard anything from TAC? Is it just a cosmetic or impacts devices after you deploy changes?

Yes, I did. The bug seemed to be cosmetic - the interfaces had not changed. TAC had me: 

1) From the FTD interface menu, select Sync Device, confirm and Save changes and deploy

 

2) enter the FMC CLI and use OmniQuery.pl to identify the UUID of the amber interface alerts

3) delete any amber interface alerts identifed in 2) using OmniQuery.pl

The above steps cleared my amber interface alerts. Check with TAC if you have the same issue.

I see 7.2.5 is now the recommended software. Maybe it fixes this bug/behaviour.

dmitrykalinsky
Level 1
Level 1

Hit the same bug on FMC7.2.4 and FPR2140 7.0.1 with two SFP ports in a port-channel.

The warning message was fixed by Cisco TAC using OmniQuery.pl (see the message from plwalsh) and the "Interface configuration has changed on device" message was cleared by saving changes and deploying the config during off business hours. I didn't see a single drop.

Here is the change log after saving config on the Device>Interface page:

dmitrykalinsky_0-1694183588173.png

Looks like FMC thought that the speed was 1000 and then discovered 10G from the device and wanted to save and implement the change. 

Review Cisco Networking for a $25 gift card