What is your Cisco ASA model?

balamuruganmanavalan · ‎05-09-2015

Hi Folks,

Today evening, i found an error that "Interface 'DataPlaneInterface0' is not receiving any packets" error message on SFR, under Health Monitor.

Is this related to interface issues or software corruption on SFR. Since data plane is a virtual interface i understood, correct me if am wrong.

Cisco 5525x appliance.. Fire POWER Services Software Module version 5.3.1-152 and Data Plane status is UP.

ASA version 9.2.2.4

balamuruganmanavalan · ‎05-11-2015

Hi Folks,

From my team i got this error and found no traffic redirection configured in ASA to SFR for inspection. Thats why the events are generated in Fire SIGHT management center.

After i configured and applied the service policy globally. Issue resolved.

twilcox · ‎09-01-2015

I'm also getting this message but it's only on our secondary unit in an active / passive failover scenario. I've configured the policy and redirect on the primary and it appears this is copied to the secondary system but I'm getting this message on the Source Fire Management console; is this normal? Ideally I'd like know if the passive 5525 is supposed to get packets sent to it's fire power module but if it isn't then I'd like to know how to eliminate this since it's flagging a "critical" error on the MC.

alberx · ‎09-02-2015

I had same problem and what finally I did for not having always the red in Health check was to disable the interface status monitoring.

"Health policy --> Interface status --> off".

Another soltion is to create two different health policies one for the active with the interface monitoring on, and another for the passive with the interface status off.

twilcox · ‎09-02-2015

Thanks so much! After I posted this I went back through the Health Policy and did exactly this after finding the interface monitoring status box. What I ended up doing was changing the policy and then applying it only to the secondary system; it too bad that you simply can't copy then mod the existing policy at least I didn't find a way to do that. I really appreciate you getting back to me on this one. It's our first week using this product so everything is new.

Jared Eberle · ‎04-27-2016

You can't seem to copy but you can export the current policy and then reimport it as a new policy and change the name. A little more work but the same result.

andrehenry · ‎01-26-2016

Check your ASA that you are utilizing the correct module for the IPS. At the ASA config itself... Note disabling the health alerts does stop the alerts but may not resolve the underlying issue.

policy-map global_policy

class IPS
sfr fail-open

vs.

policy-map global_policy

class IPS
ips promiscuous fail-open

The latter instructing the ASA to use the ips module vs the former instructing the ASA to use the sfr module.

To change, you will first need to delete the class IPS configuration

#conf t

# policy-map global_policy

# no class IPS

then while still within the policy-map section add the corrected class

#conf t

# policy-map global_policy

#class IPS

#sfr fail-open

you can also fail-close depending on your environment.

huucuonghumg · ‎04-26-2016

Hello everyone

I have same problem with firewall 5525X: version sfr module 5.3.1 and firesight management version 5.4.0. my problem cannot show any data from firesight mannagemnet and an critical. please help me. thanks!

balamuruganmanavalan · ‎04-27-2016

Hi huucuonghumg,

Have you configured Service policy in Cisco ASA?

Thanks.

huucuonghumg · ‎04-27-2016

Hi balamuruganmanavalan

I have config service policy done but not such is true. what information do you want more. i will show it. :)

balamuruganmanavalan · ‎04-27-2016

What I meant to say, have you done the configuration as per andrehenry's comment?

huucuonghumg · ‎04-27-2016

Hi balamuruganmanavalan

Yes, i created policy-map and class-map, but still not show traffic.

balamuruganmanavalan · ‎04-28-2016

Hi,

Upgrade sfr to 5.4.1.2.11

Compatible versions:

Sfr : 5.4.1.2.11

Firesight: 5.4.0

ASA : 9.3.2.2

Update me once you are done...

huucuonghumg · ‎04-29-2016

Hi balamuruganmanavalan

can you tell me the link down load sfr version 5.4.1.2.11. i am not found in the link

https://software.cisco.com/download/release.html?mdfid=286271172&flowid=77244&softwareid=286277393&release=6.0.1&relind=AVAILABLE&rellifecycle=&reltype=latest

thanks you!

balamuruganmanavalan · ‎04-29-2016

What is your Cisco ASA model?