Cisco Bug: CSCvs84670 - DOC: FTD HA configuration guide needs to mention snort and disk status as a failover trigger
Jun 15, 2020
- Cisco Firepower Management Center
Known Affected Releases
6.2.3 6.3.0 6.4.0 6.5.0
Symptom: Snort down and disk full conditions are triggering failover event. But as of now it is not documented in FMC configuration guides: - https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_high_availability.html#ID-2107-000001b1 - https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/firepower_threat_defense_high_availability.html#ID-2107-000001b1 - https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/high_availability_for_firepower_threat_defense.html#ID-2107-000001b1 - https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/high_availability_for_firepower_threat_defense.html#ID-2107-000001b1 ASA monitors the state of the SW and the interfaces. FTD also monitors Snort and Disk space. FTD monitors the following components: - Snort status (50%): meaning that half of the device's snort instances has to be down at a time in order to trigger a failover event. For example, if device has 6 snort instances and only one instance has crashed at a time - failover is not occuring (but traffic interruption is observed; it depends on the traffic that was handled by that snort instance) - Disk full (~90% of /ngfw/) - Interfaces (except subinterfaces by default) - Software status Conditions: Missing failover triggering events in documentation added.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases