Showing results for 
Search instead for 
Did you mean: 

FirePower 1010 route SLA Monitor issue




Just upgraded our Cisco Firepower 1010 Threat Defense software to 6.6.1-91 and found that SLA monitor for default route does not work as previously on ASA 5506.

Config is very simple :

route-1 outside IPv4 metric 1
route-2 reserve IPv4 metric 2 - this route has the following SAL monitor:


Monitor Address (tested with many other highly available internet addresses)

Target Interface reserve
Threshold 5000
Timeout 5000
Frequency 20000
Type of Service Not set
Number of Packets 10
Data Size 124


The problem: every period of time equals to Frequency in the SLA monitor it activates reserve route and after another short period of time it fails back to the primary route. I tried many other settings for the SAL but the behavior is the same - monitored route constantly flipping. I used such a configuration many times before on different Cisco ASA models and it worked perfectly. 


Would be very appreciated for any help.


Thank you in advance!


Best regards,



1 Reply 1

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello Nikolay,


what is the output of:


show track




It is a bit hard to troubleshoot this, since it is all GUI based. Have a look at the link below and verify that you have configured the SLA monitor as described...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers