02-06-2017 11:49 PM - edited 03-12-2019 01:53 AM
Lets start from beginning.
We have two 5515 running FTD 6.1.0.1 and a Virtual Machine on ESXi with FTD 6.1.0.1!
We upgraded our FTDv to 6.2.0 and our Sensors in HA (Active/Standby) are on 6.1.0.1!
After the Upgrade no Deployment of our Access Policies are possible. The Active Peer switched to Secondary and no Switch back is possible.
The Policy Deployment hangs on 40% over an hour an quits up.
As in Cisco Bug CSCvc81801 mentioned, we should restart the ngfwManager on the Active Peer and restart the secondary peer.
But how can we do that? Which command should we use to restart this ngfwManager?
Thanks in Advance
02-07-2017 05:51 AM
Please see the below url for Command Reference for Firepower Threat Defense.
http://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense.html
Hope to help.
02-07-2017 02:36 PM
You can restart ngfwManager using pmtool on the CLI.
> expert
admin@ftd:/home/admin# sudo pmtool RestartById ngfwManager
Before executing the command you might wanna sync up with TAC to verify you really hit the bug. Your firewall should not restart in case you restart ngfwManager but I would recommend doing it during a maintenance window or consulting TAC.
02-12-2017 10:11 PM
This command was not found! it wasn´t possible to restart this manager!
11-28-2018 01:34 PM
I was able to resolve my deployment conflict using this procedure.
02-12-2017 10:13 PM
Our Solution was to delete the HA Cluster and reimage the the failed appliance to the newest version. afterward brought this device up with the active IP addresses and reimage the "active" device.
after this it was possible to recreate the HA Cluster with both appliances.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide