Field Notice: FN - 70442 - Firepower Software - Security Platform Might Not Trust Threat Grid Certificates - Software Upgrade Recommended

Available Languages

Updated:September 3, 2019
Document ID:FN70442

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Publish Date Comments
1.0
03-Sep-19
Initial Release

Products Affected

Affected OS Type Affected Software Product Affected Release Affected Release Number Comments
NON-IOS
Firepower Management Center Software
6.1
6.1.0, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.1.0.4, 6.1.0.5, 6.1.0.6
NON-IOS
Firepower Management Center Software
6.2
6.2.0, 6.2.0.1, 6.2.0.2, 6.2.0.3, 6.2.0.4, 6.2.0.5, 6.2.1, 6.2.2, 6.2.2.1, 6.2.2.2, 6.2.2.3, 6.2.2.4, 6.2.3, 6.2.3.1, 6.2.3.2, 6.2.3.3, 6.2.3.4

Defect Information

Defect ID Headline
CSCvj07038 Firepower devices need to trust Threat Grid certificate

Problem Description

Some versions of Firepower software might fail to properly connect to and integrate with Cisco Threat Grid.

Background

Some versions of Firepower software do not trust the Cisco Threat Grid certificates, which results in a failure to connect to and integrate with Cisco Threat Grid. An updated Cisco Threat Grid Certificate is required to enable Threat Grid functionality on the Firepower platform.

Problem Symptom

For affected software that runs on the Firepower Management Center platforms, the user will be unable to pull reports from Threat Grid or submit files manually for analysis.

For affected software that runs on the Firepower Threat Defense and ASA with Firepower Services, the user will be unable to upload files for Threat Grid analysis.

This message might be observed in the /var/log/messages file:

SF-IMS[8582]: [10811] SFDataCorrelator:FileExtractCloud [INFO] failed to register with sandbox cloud with error = 60

This Health Alert might be observed on the Firepower Management Center GUI:

AMP for Network Status

Successfully connected to cloud

Firepower Management Center: Unable to communicate with dynamic analysis cloud

Workaround/Solution

Cisco recommends that you upgrade the Firepower software in order to resolve the Threat Grid certificate issue for affected units.

Customers that have a valid service contract can download updated Firepower software versions that address this issue from Cisco Software Central.

Refer to this table in order to determine the recommended upgrade path for your specific product.

Impacted Software Version(s) Fixed Software Version(s)
6.1.0.x 6.1.0.7 or later
6.2.0.x 6.2.0.6 or later
6.2.2.x 6.2.2.5 or later
6.2.3.x 6.2.3.5 or later

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products