Solved: Re: Talos Connectivity Problem - Page 3

Ditter · ‎03-31-2025

Hi to all ,

i am getting many messages as the following:

Severity: critical
Module: Talos Communication
Description: 3 modules failed:

* URLDB- Failed to retrieve beaker inventory
* LSP- Failed to retrieve beaker inventory

My subscription is active (it expires in 2026).

Any ideas about why is this happening? Is it a problem that has to do with Talos?

Please note that this is the first time i get this message.

The only change i did some days ago was to change the "Cached URLs Expire" which was set to never and i changed it to "week" but i do not think that my issue has something to do with it.

Any ideas,

Thanks,

Ditter.

erdyer · ‎04-24-2025

7.7 deprecates Snort2 which is what the SRUs are for so it's likely related to that. Snort3 uses the LSPs and those should still be working fine on 7.7.

andrew.butterworth · ‎04-25-2025

Thank you erdyer. Manually uploading the latest LSP package seems to have solved it. It looks like clicking the 'Intrusion Rule, Update From Cloud' button attempts to download the SRU package even though Snort 3 is enabled.

erdyer · ‎04-25-2025

You're welcome. I think this is something that they'll need to work on for the first update in the 7.7 line. I just happened to notice the behavior in my lab setup but we'll be seeing more tickets opened for this once the adoption rate of 7.7 picks up.

dyakovsky · ‎04-25-2025

I tried this workaround. I also installed VDB 406 and GeoDB 2025-04-03-094. But the certificate still did not update. Customer Success Network is enabled. Any ideas?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46240369 (0x2c19271)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Jose, O = Cisco Systems Inc., OU = Security, CN = Keymaster CA 2
Validity
Not Before: Jan 30 22:32:39 2024 GMT
Not After : Mar 30 22:32:39 2025 GMT
Subject: CN = SFW76EVAL-prod-01, C = US, ST = California, L = San Jose, O = Cisco, OU = Security
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)

Jon Are Endrerud · ‎04-26-2025

Did ypu restart services or reboot?

Please rate as helpful, if that would be the case. Thanx

dyakovsky · ‎04-26-2025

Yes, I rebooted the FMC, but the certificate is not updated.

Loebmann · ‎04-27-2025

I restarted the FMC and the next day the error was there again. I then restarted the two processes manually and the error message returned the next day. I did not have a more detailed analysis carried out. The permanent fix will be released with 7.7.1 in July or with 7.6.1 in May.

Best regards

dyakovsky · ‎04-28-2025

sounds good, thx for info

Chess Norris · ‎05-28-2025

Since we are approaching the end of May - any news about the 7.6.1 update?

When visiting a client today, I saw this alert again even though the cert is still valid another 11 month after we installed VDB 406 last month.

root@fmcv:/var/sf/beaker3# openssl x509 -text -in securefirewall-dev-prod-01_prod.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 82214246 (0x4e67d66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Jose, O = Cisco Systems Inc., OU = Security, CN = Keymaster CA 2
Validity
Not Before: Apr 7 07:33:53 2025 GMT
Not After : Apr 6 07:33:53 2026 GMT

A restart of the following two processes seems to have fixed it temporarly.

root@fmcv:/var/sf/beaker3# pmtool restartbyid talosAgent
root@fmcv:/var/sf/beaker3# pmtool restartbyid beaker3

Thanks

/Chess

erdyer · ‎05-28-2025

7.6.1 should be released any time now, although 7.2.10 was in that state for a while and got pushed back a number of times before it finally came out.

Marvin Rhoads · ‎05-28-2025

@Chess Norris I am told that 7.6.1 is in final QA sign off and is still expected out in the next couple of days.

Marvin Rhoads · ‎06-03-2025

FYI 7.6.1 was released yesterday (2 June 2025).

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/release-notes/threat-defense/760/threat-defense-release-notes-76.html#resolved-bugs-7610

It does say it fixes the bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwo63951

Artezys79 · ‎06-03-2025

Unfortunately, same issue persist in 7.6.1

Marvin Rhoads · ‎06-03-2025

@Artezys79 make sure you have the "Customer Success Network" integration enabled under Cloud Services. I upgraded several FMCs in the past day and it fixed the issue for the ones that were manifesting it.

Artezys79 · ‎08-14-2025

With next upgrade to 7.6.2 still having issues with certificate expired in March 2025 and Talos alarms keep appearing with all services enabled.