Hi all
We have an FTD 1010 pair, in high availability, running version 7.0.3 and Snort 3 which is incorrectly classifying packets as malicious and blocking them. We have been advised to downgrade to Snort 2. Has anyone done this before on an HA pair? We've done it on a non HA device but I need to know the following things:
1. Can we do the downgrade on the secondary, deploy, then failover and do the primary or do we have to do it at HA level, thus doing both at the same time?
2 If we have to do it at HA level does FMC automatically manage the failover and keep traffic flowing or is there an outage?
3. I believe the Snort process stops during this procedure so, if that's the case, for how long?
Thanks in advance,
Phil.