Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
3
Helpful
5
Replies

Sftunnnel issues after uppgrading FMC to 7.6

Chess Norris
Level 4
Level 4

‎02-11-2025 01:12 AM - edited ‎02-11-2025 01:13 AM

Hello,

Yesterday I upgraded a customers FMC from version 7.4.2.1 to 7.6. This FMC are manage two different FTD 2130 H/A pairs. 

After the upgrade was done, the deploy failed on one of the FTD pairs. The FMC also show the device status as disabled.

Looking at the log files on the FTD, I can see that the Sftunnel is not established correctly, but a restart of the Sftunnel didn't help.

The only thing I can see in the pigtail logs on the FTD, is the following: 

NGFW02-11 08:24:51 ccm[27351] TCReconnectES-Th-1: ERROR com.cisco.sftunnel.TunnelClient- Unable to reconnect to peer:

And in the FMC pigtail, I see this

TCLG: 02-11 08:24:25 ccm[7766] pool-3-thread-4: ERROR com.cisco.sftunnel.TunnelClient- CHANNEL jnr.unixsocket.UnixSocketChannel@7b880d0f IS NOT CONNECTED

TCLG: 02-10 08:24:25 ccm[] pool-3-thread-1: ERROR com.cisco.nm.vms.sftunnel.SFTunnelClient- device UUID : 0c806240-2f4e-11ed-99e2-a5a1ec9c4572Exception while TunnelClient creation:No such file or directory

TCLG: 02-10 08:24:25 ccm[] pool-3-thread-4: ERROR com.cisco.nm.vms.sftunnel.SFTunnelServiceImpl- Connection failed for device:fb49a4b4-2f4d-11ed-8182-

I have opened a TAC case, but haven't heard back from them yet. Has anyone else experienced this and have any suggestions on how to troubleshoot further?

Thanks

/Chess

 

0 Helpful
5 Replies 5

Aref Alsouqi
VIP
VIP

‎02-11-2025 03:27 AM

Is that even supported? what was the reason to move from 7.4.2 to 7.6? based on this link (table 4) the 2130s do not seem to be compatible with the 7.6 version.

Cisco Secure Firewall Threat Defense Compatibility Guide - Cisco

0 Helpful

Chess Norris
Level 4
Level 4
In response to Aref Alsouqi

‎02-11-2025 05:33 AM - edited ‎02-11-2025 05:44 AM

Hello,

Yes, I know that the 2130 not support 7.6, but there was som new features in FMC 7.6 that we needed.

As far as I know, manage older FTD versions should not be an issue. Looking at the combabillity guide, FMC 7.6 can manage FTD's from version 7.1 and newer.

The other FTD pair is also 2130's with the same FTD version (7.4.2.1) and still working as expected.

Working with TAC right now. Will let you know what they find.

/Chess

Chess Norris
Level 4
Level 4

‎02-11-2025 09:05 AM

All good again. There where some additional proccesses that needed to be restarted to get the sftunnel up again.

/Chess

Aref Alsouqi
VIP
VIP
In response to Chess Norris

‎02-12-2025 02:59 AM

Good to know. Which processes in specific?

0 Helpful

Chess Norris
Level 4
Level 4
In response to Aref Alsouqi

‎02-12-2025 05:19 AM

Except for sftunnel, TAC also restarted the SFDataCorrelator and ngfwManager processes.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card