FTDv Appliance Not Starting Up Correctly Following Unexpected Shutdown
We experienced an outage in Azure yesterday afternoon resulting in a number of failed VMs. One of these failed VMs hosts one of our Cisco FTD appliances and although Microsoft say they have now fixed the issue this appliance is not functioning correctly.
We have a Firepower Management Console VM that manages two FTDs in an Active / Active configuration. When the problematic node is powered on currently we experience an intermittent loss of internet connectivity for VMs, upon further investigation it seems that all of the required modules are failing to load. I have attempted to remediate this by restarting the VM in Azure and by resetting it via the FMC, neither of these approaches has resolved the issue.
As a temporary measure I have shut down the problematic node and this seems to have resolved the issue of intermittent connectivity. Can anybody suggest what the issue may be?
I have seen Firepower service modules fail to recover properly after a hard shutdown due to power failure. In those cases we had to reimage and then reregister to FMC and redeploy policy. This was upon advice from TAC though - I'd suggest starting with a TAC case to see if any less drastic option is possible in your case.
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...
Related documentsCisco ISE (Identity Services Engine) IPv6 features by release2.6ISE ManagementNetwork Time Protocol SupportDomain Name System SupportExternal RepositoriesAudit Logs and ReportsSimple Network Management ProtocolAccess Control Lists And Dyn...
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 126.96.36.199Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 188.8.131.52R1(config-ikev2-keyring-pee...