Today evening, i found an error that "Interface 'DataPlaneInterface0' is not receiving any packets" error message on SFR, under Health Monitor.
Is this related to interface issues or software corruption on SFR. Since data plane is a virtual interface i understood, correct me if am wrong.
Cisco 5525x appliance.. Fire POWER Services Software Module version 5.3.1-152 and Data Plane status is UP.
ASA version 126.96.36.199
From my team i got this error and found no traffic redirection configured in ASA to SFR for inspection. Thats why the events are generated in Fire SIGHT management center.
After i configured and applied the service policy globally. Issue resolved.
I'm also getting this message but it's only on our secondary unit in an active / passive failover scenario. I've configured the policy and redirect on the primary and it appears this is copied to the secondary system but I'm getting this message on the Source Fire Management console; is this normal? Ideally I'd like know if the passive 5525 is supposed to get packets sent to it's fire power module but if it isn't then I'd like to know how to eliminate this since it's flagging a "critical" error on the MC.
I had same problem and what finally I did for not having always the red in Health check was to disable the interface status monitoring.
"Health policy --> Interface status --> off".
Another soltion is to create two different health policies one for the active with the interface monitoring on, and another for the passive with the interface status off.
Thanks so much! After I posted this I went back through the Health Policy and did exactly this after finding the interface monitoring status box. What I ended up doing was changing the policy and then applying it only to the secondary system; it too bad that you simply can't copy then mod the existing policy at least I didn't find a way to do that. I really appreciate you getting back to me on this one. It's our first week using this product so everything is new.
You can't seem to copy but you can export the current policy and then reimport it as a new policy and change the name. A little more work but the same result.
Check your ASA that you are utilizing the correct module for the IPS. At the ASA config itself... Note disabling the health alerts does stop the alerts but may not resolve the underlying issue.
ips promiscuous fail-open
The latter instructing the ASA to use the ips module vs the former instructing the ASA to use the sfr module.
To change, you will first need to delete the class IPS configuration
# policy-map global_policy
# no class IPS
then while still within the policy-map section add the corrected class
# policy-map global_policy
you can also fail-close depending on your environment.
I have config service policy done but not such is true. what information do you want more. i will show it. :)
Upgrade sfr to 188.8.131.52.11
Sfr : 184.108.40.206.11
ASA : 220.127.116.11
Update me once you are done...
can you tell me the link down load sfr version 18.104.22.168.11. i am not found in the link