Guest

Preview Tool

Cisco Bug: CSCvs84670 - DOC: FTD HA configuration guide needs to mention snort and disk status as a failover trigger

Last Modified

Jun 15, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.2.3 6.3.0 6.4.0 6.5.0

Description (partial)

Symptom:
Snort down and disk full conditions are triggering failover event. But as of now it is not documented in FMC configuration guides:
- https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_high_availability.html#ID-2107-000001b1
- https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_high_availability.html#ID-2107-000001b1
- https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/high_availability_for_firepower_threat_defense.html#ID-2107-000001b1
- https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/high_availability_for_firepower_threat_defense.html#ID-2107-000001b1

ASA monitors the state of the SW and the interfaces. FTD also monitors Snort and Disk space.
FTD monitors the following components:
- Snort status (50%): meaning that half of the device's snort instances has to be down at a time in order to trigger a failover event. For example, if device has 6 snort instances and only one instance has crashed at a time - failover is not occuring (but traffic interruption is observed; it depends on the traffic that was handled by that snort instance)
- Disk full (~90% of /ngfw/)
- Interfaces (except subinterfaces by default)
- Software status

Conditions:
Missing failover triggering events in documentation added.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.