Preview Tool

Cisco Bug: CSCvv04441 - ngfw.rules mismatch between Primary and Secondary FTD HA when RA-VPN is configured before upgrade

Last Modified

Aug 26, 2020

Products (1)

  • Sourcefire Defense Center

Known Affected Releases

6.6.1 6.7.0

Description (partial)

One or more of the below symptoms can be observed:
1. ngfw.rules mismatch between active and standby after upgrade.
2. After upgrade, App sync may fail on the standby and it will go to disabled state.

All of the below conditions have to be met to hit this issue:
1. Before an upgrade, configure RA VPN with multiple any-connect packages. Followed by multiple other policy deployment.
2. One node goes out of HA and joins back. OR one node is rebooted.
3. After the node join, HA is upgraded.

Note that all these three conditions have to be met to hit this issue.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.