Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
2
Helpful
5
Replies

FTDv100 inside and outside interfaces SUDDENLY not passing traffic!!!

voidray87
Level 1
Level 1

‎08-07-2024 08:12 AM - edited ‎08-07-2024 08:14 AM

Hi!

We deployed FTDv100 7.3.1.2 (Build 79) on VMWare ESXi 7.0, and we experience now the following problem:

- SUDDENLY inside and outside interface stop passing ANY traffic, including ARP!!! Meanwhile management interface is working! Debug is absolutely clean at that moment!!! CPU, memory, disk space and bandwidth are sufficient aswell!!!

Reboot is the only solution that helps!!! We completely followed the Cisco Official Guide on deployment of our virtual machine!

Please any help about this issue! We are already about to throw this buggy soft out of our production! Updates never help!
Started with version 7.3.0. ending now with newest 7.3.1.2 (Build 79)!

Any suggestions to call TAC or any will be denied. We don't want to pay yearly for nothing, for the support of the product that is full of bugs and so annoying!

0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎08-07-2024 10:02 AM

 

     - Configure a syslog server/(service) on the  FTDv100 ; the idea is to collect logging from the device
         during normal operations
        and then have the ability to review final logs just before this issue occurs or occurred (afterwards). This may
        give insights (not guaranteed)

       + Another idea is to configure a new VM/FTDV100 with the same purpose or a restored configuration ; this to
         consider if the problem would be related to some corruption in the related  (current) VM<->ESXi context

     >....Any suggestions to call TAC or any will be denied. We don't want to pay yearly for nothing....
                        You are so right I am much better , check my signature (LOL!)

       



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

voidray87
Level 1
Level 1
In response to marce1000

‎08-07-2024 07:47 PM

We have configured Syslog before, but all we can see there (even after rising severity level to informational), is the normal operation. Then both inside and outside interfaces suddenly just halt for any traffic, including the FTD's ARP. Meanwhile management still works fine.

About VMware - we followed all the instructions from Cisco and even given the dedicated host for FTDv. Nothing helps

0 Helpful

Karsten Iwen
VIP
VIP

‎08-07-2024 10:07 AM

Both versions that you mention are the worst in the whole 7.x range. In general, 7.3 should be avoided altogether. Yes, you can also deny this suggestion, but you should use either the latest 7.2 or the latest 7.4.

voidray87
Level 1
Level 1
In response to Karsten Iwen

‎08-07-2024 07:48 PM

Thanks, looks like downgrading to 7.2 is the only solution for now, as 7.4 is reported with Hostscan issues, which are not going to be fixed by so called developers at all

0 Helpful

voidray87
Level 1
Level 1
In response to voidray87

‎08-19-2024 09:11 PM

Now upgraded to 7.4.2, got the following issue:
 
Unlike in 7.3.2, which suddenly stopped all the traffic on interfaces, now on 7.4.2:
 
 - suddenly HostScan stopped working properly, stuck on "HostScan mission complete" and not moving to the next steps, as described in Bug CSCwj08302. 
 In release notes for 7.4.2 Cisco says this bug is fixed, but it's NOT!!!
 
 - to resolve the issue temporarily, we disabled HostScan. But got the authentication errors for Secure Client users:
 
 [48243] Session Start
[48243] New request Session, context 0x00001487871f14a0, reqType = Authentication
[48243] Fiber started
[48243] Creating LDAP context with uri=ldaps://10.15.132.240:636
[48243] TLS Connection to LDAP server: ldaps://10.15.132.240:636, status = Successful
[48243] supportedLDAPVersion: value = 3
[48243] supportedLDAPVersion: value = 2
[48243] Binding as (svc_CC_ldap@user.ftdisgarbage.local) [svc_CC_ldap@user.ftdisgarbage.local]
[48243] Performing Simple authentication for svc_CC_ldap@user.ftdisgarbage.local to 10.15.132.240
[48243] LDAP Search:
        Base DN = [ou=company,dc=user,dc=pb,dc=lo
cal]
        Filter  = [sAMAccountName=remote_USER]
        Scope   = [SUBTREE]
[48243] Request for remote_USER returned code (-1) Can't contact LDAP server
[48243] Talking to Active Directory server 10.15.132.240
[48243] Failed to get Active Directory current time, ret code(-1) Can't contact LDAP server
[48243] Fiber exit Tx=291 bytes Rx=660 bytes, status=-2
[48243] Session End
 
 Meanwhile test connection to our LDAP works properly, and our other services authenticated there successfully!
 We also checked all the resouces of virtual machine and inside the appliance - everything is sufficient!
 
 AGAIN, TO RESOLVE BOTH ISSUES, WE REBOOT THE FTD - AND IT HELPS!
 
 
 DEAR SO CALLED DEVELOPERS OF CISCO, WILL YOU EVER MAKE YOUR PRODUCT WORK AS EXPECTED, OR WE BETTER THROW IT AWAY AND MIGRATE TO OTHER VENDOR???
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card