cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
486
Views
0
Helpful
1
Replies

Problem deploying flex-config for policy-based routing

ABaker94985
Spotlight
Spotlight

We have an HA pair of 2140 FTDs running 7.0.4 managed by an FMCv also running 7.0.4. We've had PBR configured since April of last year, which is allowing us to migrate to a new edge network with new Internet routers and set of ISPs running BGP. As we get approval to move other subnets and hosts over to the new edge, which is usually a few a month, we do so with no problems. We attempted to add some new devices to the PBR configuration yesterday, but the deployment failed. We removed the configuration, deployment still failed. 

I created a new TAC case, but I don't have confidence with the state of the firewall. PBR was configured with flex-config using Type: Append and Deployment: Everytime. The ONLY way we could deploy after yesterday's failure was to change Type: Prepend and Deployment: Once. The TAC engineer claims PBR will remain in the configuration after subsequent deployments, but that's not been my experience. 

Here is the error information from a failed deployment when I attempt to change back to Type: Append and Deployment: Everytime.

Lina messages
ErrorCode: CFG-IN-PROGRESS Severity: error Description: com.cisco.ngfw.messages.DescriptionType@3b23f0d3
FMC >> clear configuration session OBJECT
Other logs
Lina config ROLLBACK failure log
Lina configuration application failure. Error in lina apply phase due to Config System Error response from LINA
Lina Files Rollback successful

We'll have a major outage if PBR drops out of the configuration, so I refused to attempt a second deployment with the TAC engineer today to test my expectation. My questions are the following: 1) Will the PBR configuration drop with Deployment: Once set? 2) Based on the error message, is there potentially something else I can try? Maybe a reboot?

Thanks for your input.

1 Reply 1
Review Cisco Networking for a $25 gift card