Cisco Bug: CSCvv04441 - ngfw.rules mismatch between Primary and Secondary FTD HA when RA-VPN is configured before upgrade
Aug 26, 2020
- Sourcefire Defense Center
Known Affected Releases
Symptom: One or more of the below symptoms can be observed: 1. ngfw.rules mismatch between active and standby after upgrade. 2. After upgrade, App sync may fail on the standby and it will go to disabled state. Conditions: All of the below conditions have to be met to hit this issue: 1. Before an upgrade, configure RA VPN with multiple any-connect packages. Followed by multiple other policy deployment. 2. One node goes out of HA and joins back. OR one node is rebooted. 3. After the node join, HA is upgraded. Note that all these three conditions have to be met to hit this issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases