Solved: Re: Talos Connectivity Problem - Page 3

Ditter · ‎03-31-2025

Hi to all ,

i am getting many messages as the following:

Severity: critical
Module: Talos Communication
Description: 3 modules failed:

* URLDB- Failed to retrieve beaker inventory
* LSP- Failed to retrieve beaker inventory

My subscription is active (it expires in 2026).

Any ideas about why is this happening? Is it a problem that has to do with Talos?

Please note that this is the first time i get this message.

The only change i did some days ago was to change the "Cached URLs Expire" which was set to never and i changed it to "week" but i do not think that my issue has something to do with it.

Any ideas,

Thanks,

Ditter.

Ditter · ‎04-13-2025

@Mark Elsen Thanks , had already followed this bug instruction both the temp step as well as the more persistent one.

But the messages about talos communication were still coming, magically they stopped today at 4:22 am (CET)

To be frank i do not know if they will start again.

Thanks,

Ditter

andrew.butterworth · ‎04-24-2025

I'm not sure if this is related, but I suspect it is.

I've got a HA pair of on-box managed vFTD's running 7.7.0 and they cannot update the SRU. Clicking the Updates, Intrusion Rule, Update From Cloud button initiates the download, but it almost immediately fails with the error "Snort 3 cloud update failed: No response from the update server or connection timeout. Please try again."

The /ngfs/var/log/sf/talos_agen.log file has lots of these

TalosAgent:WARN: main.go:main.main.func4:237 2025/04/24 17:19:04 periodic catalog download failed: <nil>. attempt: 5
TalosAgent:INFO: enrich.go:talosagent.cisco.com/pkg/enrich.QueryTaxonomyCatalogsMetadata:250 2025/04/24 17:19:09 QueryTaxonomyCatalogsMetadata() started.
TalosAgent:INFO: enrich.go:talosagent.cisco.com/pkg/enrich.QueryTaxonomyCatalogsMetadata:265 2025/04/24 17:19:09 QueryTaxonomyCatalogsMetadata request:
{
  "app_info": {
    "device_id": "0050569F0B17",
    "product_family": "secure_firewall",
    "product_id": "75A",
    "product_version": "7.7.0"
  }
}
TalosAgent:INFO: enrich.go:talosagent.cisco.com/pkg/enrich.QueryTaxonomyCatalogsMetadata:273 2025/04/24 17:19:09 QueryTaxonomyCatalogsMetadata() failed.
TalosAgent:ERROR: main.go:main.main.func4:252 2025/04/24 17:19:09 periodic catalog download: failed to query taxonomy catalog metadata: rpc error: code = Internal desc = Internal error occurred: Request failure: connection error: received fatal alert: CertificateExpired

Manually uploading the latest SRU .tar file doesn't initiate the install.

I'm not sure how to resolve.

erdyer · ‎04-24-2025

7.7 deprecates Snort2 which is what the SRUs are for so it's likely related to that. Snort3 uses the LSPs and those should still be working fine on 7.7.

andrew.butterworth · ‎04-25-2025

Thank you erdyer. Manually uploading the latest LSP package seems to have solved it. It looks like clicking the 'Intrusion Rule, Update From Cloud' button attempts to download the SRU package even though Snort 3 is enabled.

erdyer · ‎04-25-2025

You're welcome. I think this is something that they'll need to work on for the first update in the 7.7 line. I just happened to notice the behavior in my lab setup but we'll be seeing more tickets opened for this once the adoption rate of 7.7 picks up.

dyakovsky · ‎04-25-2025

I tried this workaround. I also installed VDB 406 and GeoDB 2025-04-03-094. But the certificate still did not update. Customer Success Network is enabled. Any ideas?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46240369 (0x2c19271)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Jose, O = Cisco Systems Inc., OU = Security, CN = Keymaster CA 2
Validity
Not Before: Jan 30 22:32:39 2024 GMT
Not After : Mar 30 22:32:39 2025 GMT
Subject: CN = SFW76EVAL-prod-01, C = US, ST = California, L = San Jose, O = Cisco, OU = Security
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)

Jon Are Endrerud · ‎04-26-2025

Did ypu restart services or reboot?

Please rate as helpful, if that would be the case. Thanx

dyakovsky · ‎04-26-2025

Yes, I rebooted the FMC, but the certificate is not updated.

Loebmann · ‎04-27-2025

I restarted the FMC and the next day the error was there again. I then restarted the two processes manually and the error message returned the next day. I did not have a more detailed analysis carried out. The permanent fix will be released with 7.7.1 in July or with 7.6.1 in May.

Best regards

dyakovsky · ‎04-28-2025

sounds good, thx for info

Chess Norris · ‎05-28-2025

Since we are approaching the end of May - any news about the 7.6.1 update?

When visiting a client today, I saw this alert again even though the cert is still valid another 11 month after we installed VDB 406 last month.

root@fmcv:/var/sf/beaker3# openssl x509 -text -in securefirewall-dev-prod-01_prod.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 82214246 (0x4e67d66)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = California, L = San Jose, O = Cisco Systems Inc., OU = Security, CN = Keymaster CA 2
Validity
Not Before: Apr 7 07:33:53 2025 GMT
Not After : Apr 6 07:33:53 2026 GMT

A restart of the following two processes seems to have fixed it temporarly.

root@fmcv:/var/sf/beaker3# pmtool restartbyid talosAgent
root@fmcv:/var/sf/beaker3# pmtool restartbyid beaker3

Thanks

/Chess

erdyer · ‎05-28-2025

7.6.1 should be released any time now, although 7.2.10 was in that state for a while and got pushed back a number of times before it finally came out.