BugZero | Cisco BugID CSCvr76029 - FTD-HA: after restoring FTD-HA backup file, snort ...

Cisco - Defect ID: CSCvr76029

FTD-HA: after restoring FTD-HA backup file, snort process will be down

Cisco - Defect ID: CSCvr76029

FTD-HA: after restoring FTD-HA backup file, snort process will be down

Last updated on 2/17/2025

Overall: 6.26.2

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 66.0

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.26.2

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 66.0

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

Take backup of FTD-HA from FMC. Restore the backup file to a FTD device. After boot, issue "configure high-availability resume" for enabling failover, then snort process on the restore device is still down. [from FTD CLI] > show failover Failover On Failover unit Primary Failover LAN Interface: FO GigabitEthernet0/4 (up) --- snip --- slot 1: snort rev (1.0) status (down) <--- THIS [from expert mode] root@firepower:~# pmtool status | grep -i Down c810308c-7ba4-11e9-a74a-fbecc485cd67-d01 (de,snort) - Down c810308c-7ba4-11e9-a74a-fbecc485cd67-d02 (de,snort) - Down

Conditions

- FMC is managing FTD High Availability. - Take backup of the FTD-HA, then restore the backup file to a FTD device. - Issue "configure high-availability resume" command after the restore.

Workaround

Reboot or latest deployment or force deploy will resolve this issue. Case 1: "After restoring standby FTD device in FTD HA pair" - After issuing "configure high-availability resume" and deploy latest configuration from FMC, please reboot the FTD device manually. After boot, the standby device will sync snort full configuration from active device, then this issue will be gone. Case 2: "After restoring both FTD devices (i.e. active and standby) in FTD HA pair at same time" - After issuing "configure high-availability resume" on each device, deploy latest configuration from FMC. After that, active unit may be resolved. If snort of each device are down after latest configuration deployment, please issue "force deploy" from Device Management > (FTD HA pair) > Device > (select Active Device from pull-down on the top right of the screen) > Edit General Setting, then click "force deploy" button. After force deploy, issue of active unit will be gone. - After active unit is recovered, reboot the standby unit manually. After that, the standby unit will sync snort configuration from the active unit when boot. Case 3: "After restoring standalone FTD device" - After issuing "configure high-availability resume", deploy latest configuration or issuing "force deploy" will resolve this issue.

Further Problem Description

Original Vendor Announcement

9.65Defect ID: CSCvk32563
Catalyst 9400 cmand memory leak
9.65Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'
9.65Defect ID: CSCwk61938
ISE Evaluate OpenSSH CVE-2024-6387 "regreSSHion"
9.65Defect ID: CSCwh87343
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
9.65Defect ID: CSCvd48893
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvr76029

FTD-HA: after restoring FTD-HA backup file, snort process will be down

Cisco - Defect ID: CSCvr76029

FTD-HA: after restoring FTD-HA backup file, snort process will be down

Last updated on 2/17/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?