Re: Interfaces on Secondary Firewall "Not receiving packets"

adamgerber · ‎04-12-2023

Hi

I have x2 4115's in Active Passive HA.

On my FMC, I'm getting critical health alerts for the secondary/passive firewall "not receiving any packets" on some of its subinterfaces. Is this normal or a bug? Or an issue with my health monitoring policy? I would like to eliminate these alerts. I have another HA pair of 1140's on the same FMC and don't get this issue. Weird how it's only complaining about a few random subinterfaces?

Any help would be appreciated.

KR,
Adam

MHM Cisco World · ‎04-12-2023

FMC Interface 'DataplaneInterface0' is not receiving any packets - Cisco Community

adamgerber · ‎04-12-2023

Hi - that thread is regarding ASA's with separate SFR modules. I am dealing with x2 FTD's in an HA pair. I dont want to disable interface monitoring for the HA Pair.

MHM Cisco World · ‎04-12-2023

Yes friend I know the FW platform is different but in end the FMC is same.
this behave I think is similar.

adamgerber · ‎04-12-2023

I expected different behavior since the FMC is aware of the a/p HA and again why is it only complaining about 4 out of 9 sub-interfaces. Might be a bug then?

MHM Cisco World · ‎04-12-2023

4 of 9 subinterface <<- are all are config as HA monitor ? if all then think contact TAC it can be bug and there is solution or workaround for it.

adamgerber · ‎04-25-2023

Hi - Yes they are enabled with failover monitoring.

Rob Ingram · ‎04-12-2023

@adamgerber

Symptom: Critical health alerts for Interface Status stating that interfaces are not receiving any packets are seen on the FMC for the standby FTD, which is not supposed to be processing traffic, so this is a normal and expected behavior.

Conditions: FTD deployed in High Availability.

Workaround: Blacklist the health alerts for Interface Status.

https://bst.cisco.com/bugsearch/bug/CSCvk05446
https://bst.cisco.com/bugsearch/bug/CSCvb36840