THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
30-Nov-17 |
Initial Release |
Affected OS Type | Affected Release | Affected Release Number | Comments |
---|---|---|---|
NON-IOS |
6.2 |
6.2.2, 6.2.1 |
Defect ID | Headline |
---|---|
CSCvg06695 | FP2100 Threat Defense pair reporting failed status due to "Detect service module failure" |
Cisco Firepower 2100 Series security appliances in a High Availability (HA) configuration might experience a momentary failover from the active to the standby unit.
Cisco Firepower Threat Defense (FTD) software supports active/standby failover, where one unit is the active unit and passes traffic. The standby unit does not actively pass traffic, but synchronizes configuration and other state information from the active unit. When a failover occurs, the active unit fails over to the standby unit, which then becomes active. Refer to the Cisco Firepower Management Center Configuration Guide for additional information.
Cisco Firepower 2100 Series security appliances in an HA configuration might experience a momentary failover from the active to the standby unit because of a software issue that causes incorrect status reporting. If the incorrect status is reported by the active unit of the HA pair, a momentary failover of 1-3 seconds is triggered. If the message is reported by the standby unit of the HA pair, the momentary failover will not occur.
For the active Firepower 2100 unit in the HA pair configuration, use the management CLI to enter the show failover history command as described in the Command Reference for Firepower Threat Defense.
The output will show "Detect service module failure" in the log files. See the example shown here.
> show failover history ========================================================================== From State To State Reason ========================================================================== UTC Sep 13 2017 Active Standby Ready Other unit wants me Standby 04:38:50 UTC Sep 13 2017 Standby Ready Failed Detect service module failure 04:38:51 UTC Sep 13 2017 Failed Standby Ready My service module is as good as peer
The output continues...
Upgrade the Firepower 2100 Series security appliances to FTD software version 6.2.2 Hotfix D in order to fix the issue.
FTD software is available from Cisco Software Central for customers with a valid service contract.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance