THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Affected Product Name | Description | Comments |
---|---|---|
FPR-4110-K9 | ^Firepower 4110 Appliance, 1U, 2 x NetMod Bays | |
FPR-4112-K9 | Firepower 4112 Appliance, 1U, 2 x NetMod Bays | |
FPR-4115-K9 | Firepower 4115 Appliance, 1U, 2 x NetMod Bays | |
FPR-4120-K9 | ^Firepower 4120 Appliance, 1U, 2 x NetMod Bays | |
FPR-4125-K9 | Firepower 4125 Appliance, 1U, 2 x NetMod Bays | |
FPR-4140-K9 | ^Firepower 4140 Appliance, 1U, 2 x NetMod Bays | |
FPR-4145-K9 | Firepower 4145 Appliance, 1U, 2 x NetMod Bays | |
FPR-4150-K9 | ^Firepower 4150 Appliance, 1U, 2 x NetMod Bays | |
FPR-C9300-AC | Firepower 9300 Chassis for AC Power Supply | |
FPR-C9300-DC | Firepower 9300 Chassis for DC Power Supply, 2 PSU/4 fans | |
FPR-C9300-HVDC | Firepower 9300 Chassis for HVDC Power Supply, 2 PSU/4 fans | |
FPR-CH-9300-AC | Firepower 9300 Chassis for AC Power Supply, 2 PSU/4 fans | |
FPR-CH-9300-DC | Firepower 9300 Chassis for DC Power Supply, 2 PSU/4 fans | |
FPR-CH-9300-HVDC | Firepower 9300 Chassis for HVDC Power Supply, 2 PSU/4 fans | |
FPR4110-AMP-K9 | Cisco Firepower 4110 AMP Appliance, 1U, 2 x NetMod Bays | |
FPR4110-ASA-K9 | ^Cisco Firepower 4110 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4110-NGFW-K9 | ^Cisco Firepower 4110 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4110-NGIPS-K9 | ^Cisco Firepower 4110 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4112-ASA-K9 | Cisco Firepower 4112 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4112-NGFW-K9 | Cisco Firepower 4112 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4112-NGIPS-K9 | Cisco Firepower 4112 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4115-ASA-K9 | Cisco Firepower 4115 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4115-NGFW-K9 | Cisco Firepower 4115 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4115-NGIPS-K9 | Cisco Firepower 4115 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4120-AMP-K9 | ^^Cisco Firepower 4120 AMP Appliance, 1U, 2 x NetMod Bays | |
FPR4120-ASA-K9 | ^^Cisco Firepower 4120 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4120-NGFW-K9 | ^^Cisco Firepower 4120 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4120-NGIPS-K9 | ^^Cisco Firepower 4120 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4125-ASA-K9 | Cisco Firepower 4125 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4125-NGFW-K9 | Cisco Firepower 4125 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4125-NGIPS-K9 | Cisco Firepower 4125 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4140-AMP-K9 | ^^Cisco Firepower 4140 AMP Appliance, 1U, 2 x NetMod Bays | |
FPR4140-ASA-K9 | ^^Cisco Firepower 4140 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4140-NGFW-K9 | ^^Cisco Firepower 4140 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4140-NGIPS-K9 | ^^Cisco Firepower 4140 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4145-ASA-K9 | Cisco Firepower 4145 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4145-NGFW-K9 | Cisco Firepower 4145 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4145-NGIPS-K9 | Cisco Firepower 4145 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR4150-AMP-K9 | ^^Cisco Firepower 4150 AMP Appliance, 1U, 2 x NetMod Bays | |
FPR4150-ASA-K9 | ^^Cisco Firepower 4150 ASA Appliance, 1U, 2 x NetMod Bays | |
FPR4150-NGFW-K9 | ^^Cisco Firepower 4150 NGFW Appliance, 1U, 2 x NetMod Bays | |
FPR4150-NGIPS-K9 | ^^Cisco Firepower 4150 NGIPS Appliance, 1U, 2 x NetMod Bays | |
FPR9K-SUP | Firepower 9000 Series Supervisor |
Defect ID | Headline |
CSCvx99172 | M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service |
Due to a flaw in solid-state drive (SSD) firmware, the SSD that is internal to the FPR9300 Supervisor module and FPR4100 Series security appliances will no longer respond after approximately 3.2 years of cumulative operation. After the first unresponsive event occurs, every subsequent power-cycle allows the SSD to operate for approximately six weeks of cumulative operation before the SSD will no longer respond again.
After 28,224 hours (approximately 3.2 years) of accumulated Power On Hours (POH), a memory buffer overrun condition occurs which triggers the firmware event in the SSD. This event causes the drive to become unresponsive until it is power-cycled. No data loss will occur when the memory buffer overrun firmware event occurs. A power-cycle of the FPR9300 Supervisor module and FPR4100 Series security appliances restores normal operation of the drive. The drive continues to operate normally for 1008 additional accumulated POH (six weeks), at which time the drive becomes unresponsive again. Power-cycling the FPR9300 Supervisor module and FPR4100 Series security appliance again will re-initiate the 1008-hour window.
Note: This issue affects an internal SSD component that is not field-replaceable and does not appear in show inventory commands. The field-replaceable SSDs are not affected by this issue.
The FPR9300 and FPR4100 Series security appliances no longer pass network traffic. Users with valid credentials might not be able to log in to the management console.
Workaround
A power-cycle of the FPR9300 Supervisor module or FPR4100 Series security appliance is required in order to temporarily recover from this issue. However, this failure will reappear after 1008 hours of operation.
Note: Proactive reloads before the 28,224 hour or 1008 hour marks will not reset the timer that triggers this issue. The issue is related to cumulative, not consecutive, hours of operation (total power on time) for affected SSDs.
Solution
In order to prevent occurrence of this issue and disruption to the network and operations, Cisco recommends to proactively upgrade the SSD firmware before the accumulated uptime reaches 28,224 hours.
Refer to the Serial Number Validation section to determine if your security appliance might be affected. Use the FPR9300 supervisor module serial number or the FPR4100 series chassis serial number for validation.
If the system is already impacted, the SSD firmware upgrade will permanently resolve this defect.
A product return and replacement (RMA) is not recommended because the firmware upgrade process will resolve the issue.
A service contract is not required to download the referenced software images.
Note: Both Step 1 and Step 2 must be performed in this sequence to complete the SSD firmware update.
Step 1: Upgrade the FXOS chassis software to one of the following versions. This software is available from the Cisco Software Download Center:
See the Cisco Firepower 4100/9300 Upgrade Guide for instructions on how to upgrade the FXOS software.
Step 2: After upgrading the FXOS software, apply the Firepower 4100/9300 Firmware Upgrade Package version 1.0.19 or later to update the SSD firmware revision.
After Firmware Upgrade Package 1.0.19 or later has completed installation, you can enter the following commands to view the SSD firmware revision.
firepower-chassis /firmware/firmware-install # top firepower-chassis# scope chassis 1 firepower-chassis /chassis # show sup version SUP FIRMWARE: ROMMON: Running-Vers: 1.0.15 Package-Vers: 1.0.19 Activate-Status: Ready FPGA: Running-Vers: 2.00 Package-Vers: 1.0.19 Activate-Status: Ready SSD: Running-Vers: MU03 Model: Micron_M500IT_MTFDDAT128MBD
If the SSD Model is Micron_M500IT_* and the Running-Vers is MU03 or later, then the SSD firmware update was successful. Other SSD Models are not affected by the issue.
Note: Reimaging the security appliance will not downgrade the SSD firmware revision after it has been updated.
FPR9300 and FPR4100 - Obtain the Chassis Serial Number for Validation
In order to determine whether your product might be affected by this issue, validate the chassis serial number of the security appliance.
Note: The Serial Number Validation Tool is not a complete asset management tracking tool and may not show all affected units due to the software dependency for this issue. As described in the "Solution" section of this field notice, Cisco recommends using the show sup version command to verify the SSD firmware version on the chassis.
For units that have already failed due to this issue, a visual inspection of the security appliance or review of the Sales Order documentation is required.
The chassis serial number can be obtained from the CLI or through visual inspection of the security appliance.
CLI
firepower# scope chassis
firepower /chassis # show inventory
Chassis PID Vendor Serial (SN) HW Revision
---------- --------------- ----------------- ----------- -----------
1 FPR-4110-K9 Cisco Systems Inc JMX1234ABCD 0
FPR9300 - Obtain the Supervisor Module Serial Number for Validation
For customers with FPR9300 platforms, the Supervisor module serial number must also be validated.
The Supervisor module serial number can be obtained from the CLI.
CLI
firepower# scope chassis
firepower /chassis # show inventory expand
Chassis 1:
Servers:
Server 1/1:
Equipped Product Name: Cisco Firepower 9000 Series Security Module
*** Output continues ***
Fabric Card 1:
Description: Firepower 9300 Supervisor
Number of Ports: 8
State: Online
Vendor: Cisco Systems, Inc.
Model: FPR9K-SUP
HW Revision: 0
Serial (SN): JAD1234ABCD
Perf: N/A
Power State: Online
Presence: Equipped
Thermal Status: N/A
Voltage Status: N/A
*** Output continues ***
firepower /chassis #
For additional information, refer to the Cisco Firepower 4100/9300 FXOS Command Reference.
Visual Inspection
The chassis serial number for the Firepower 4100 Series appliance is located on the bottom surface of the chassis.
The chassis serial number for the Firepower 9300 appliance is located on the pullout asset card on the front panel, on the side of the chassis and on the top of the Supervisor module.
Refer to the Serial Number Validation section in order to verify your FPR9300 and FPR4100 Series serial number(s).
Cisco provides the Serial Number Validation Tool to verify whether a device is impacted by this issue. To check the device, enter the serial number in the Serial Number Validation Tool.
Important: For security reasons, you must click the Serial Number Validation Tool link that is provided in this section. Do not copy and paste the link into a browser. Use of the Serial Number Validation Tool URL external to this field notice will fail.
Version | Description | Section | Date |
2.2 | Updated the How To Identify Affected Products and Workaround/Solution sections. | — | 2023-DEC-01 |
2.1 | Updated the Workaround/Solution Section | — | 2022-DEC-16 |
2.0 | Added the How to Identify Affected Products Section and Updated the Serial Number Validation Section | — | 2021-JUN-16 |
1.0 | Initial Release | — | 2021-MAY-18 |
For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:
To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications
Unleash the Power of TAC's Virtual Assistance