FTD Deployment Failure from cdFMC Due to Interface

Available Languages

Download Options

  • PDF     (354.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (277.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (221.3 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:May 26, 2026
Document ID:225974

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

The cloud-delivered Firepower Management Center (cdFMC) fails to deploy configuration changes to the device. The deployment consistently fails at approximately 10% progress with this error message: "Deployment failed due to failure in generating configuration for device. If problem persists after retrying, contact Cisco TAC."

The issue was initially triggered when attempting to configure a Virtual Tunnel Interface (VTI) site-to-site VPN. However, rolling back the VPN configuration did not resolve the deployment failure, and only a specific device was affected while other managed devices continued to deploy successfully.

Environment

  • Cisco Secure Firewall 1140 (FPR1140) device running FTD version 7.4.2 managed by cdFMC 10.0.93

  • Standalone cdFMC and FTD configurations

  • VTI site-to-site VPN configuration and removal attempt that triggered the issue

Resolution

The deployment failure was resolved by making a dummy edit to the management interface state between the cdFMC and the affected FTD device. This process involved unmerging and re-merging the FTD management interface from the cdFMC user interface.

Troubleshooting Steps Performed

1: Analyzed the deployment history, preview, and deployment transcript to confirm the failure occurred during the configuration generation phase at approximately 10% progress.

===============FMC DEPLOY===============
DEVICE SNAPSHOT ERROR: "Deployment halted due to interface data inconsistency in Firewall Management Center" "Deployment halted due to interface data inconsistency in Firewall Management Center at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Plugins/NGFWPolicy/Manager.pm line 254.	
SF::UMPD::Plugins::NGFWPolicy::Manager::populateDeviceSnapshot(<SF::UMPD::Snapshot>, <SF::UMPD::CSMData>, <SF::UMPD::Snapshot>, "UUID", undef) called at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Plugin.pm line 236	
SF::UMPD::Plugin::execute("SF::UMPD::Plugins::NGFWPolicy::Manager", "populateDeviceSnapshot", <SF::UMPD::Snapshot>, <SF::UMPD::CSMData>, <SF::UMPD::Snapshot>, "UUID", undef) called at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Framework.pm line 819	
SF::UMPD::Framework::populateDeviceSnapshot("/var/cisco/umpd/51539718357/DC_policy_deployment.db", "/var/cisco/umpd/51539718357/UUID"..., "UUID") called at -e line 1" at UMPD->Plugins->NGFWPolicy 
===============TRANSACTION INFO===============
Transaction ID: 51539718357  
Device UUID:    UUID  
Transaction ID: 51539718357   
Selected policy group list: Prefilter Policy, Access Control Policy, NGFW Interface, NGFW Automatic Application Bypass, FlexConfig Policy, NGFW Inline-set, BGP Routing Policy, DDNS, SNMP Policy, Static Route Policy, Multicast Boundary Filter Policy, OSPFv3 Routing Policy, IGMP Multicast Routing Policy, OSPF Routing Policy, Virtual Router, ECMP Zone, DHCP Server, PIM Multicast Routing Policy, IPv6 Static Route Policy, DHCP Relay, EIGRP Routing Policy, Multicast Route Policy, RIP Routing Policy, Nat Policy, NGFW Settings, Remote Access VPN, Site to Site VPN, Site to Site VPN, Network Discovery, Intrusion Policy, NGFW Policy, Network Analysis Policy, DNS Policy

2: Gathered troubleshooting and pigtail files from both the cdFMC and the affected FTD device to identify the root cause of the deployment failure.

Mar 25 17:26:14 CDFMC  mojo_server.pl[20297]: DEVICE SNAPSHOT ERROR: "Deployment halted due to interface data inconsistency in Firewall Management Center" "
Mar 25 17:26:14 CDFMC  mojo_server.pl[20297]: Deployment halted due to interface data inconsistency in Firewall Management Center at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Plugins/NGFWPolicy/Manager.pm line 254.
Mar 25 17:26:14 CDFMC  mojo_server.pl[20297]:       SF::UMPD::Plugins::NGFWPolicy::Manager::populateDeviceSnapshot(<SF::UMPD::Snapshot>, <SF::UMPD::CSMData>, <SF::UMPD::Snapshot>, "UUID", undef) called at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Plugin.pm line 236
Mar 25 17:26:14 CDFMC  mojo_server.pl[20297]:       SF::UMPD::Plugin::execute("SF::UMPD::Plugins::NGFWPolicy::Manager", "populateDeviceSnapshot", <SF::UMPD::Snapshot>, <SF::UMPD::CSMData>, <SF::UMPD::Snapshot>, "f0d39b4e-1a4a-11f0-a43d-a7dc4a47302f", undef) called at /usr/local/sf/lib/perl/5.34.3/SF/UMPD/Framework.pm line 819
Mar 25 17:26:14 CDFMC  mojo_server.pl[20297]:       SF::UMPD::Framework::populateDeviceSnapshot("/var/cisco/umpd/51539678480/DC_policy_deployment.db", "/var/cisco/umpd/51539678480/UUID"..., "UUID") called at -e line 1" at UMPD->Plugins->NGFWPolicy

3: Internal analysis identified anomalies tied to the FTD management interface state per defect Cisco bug ID CSCwt46144, which occurred after the software upgrade from 7.2.4 to 7.4.2.

Resolution Steps

1: If the issue is with the management interface, confirm from the FTD CLI or cdFMC UI whether the FTD has a converged interface. If so, the management interface needs to be unmerged and re-merged as dummy edits are not possible on a converged interface.

note-icon

Note: For any other interfaces which could cause this defect, the workaround is to deploy a 'dummy edit' for the specified interface.

> show management-interface convergence
management-interface convergence
>

2: Access the cdFMC UI Devices > Device Management, and click Edit (edit icon) for your Firewall Threat Defense, and unmerge the affected FTD device management interface to reset the device management state. For the Management interface, click Unmerge Management Interface (Unmerge Management Interface).

cdFMC UI Devices

The interface is reverted to Diagnostic0/0.

Re-merge FTD Management Interface

2: Re-merge the FTD management interface from the cdFMC user interface to resynchronize the device management state with the cdFMC.

3: Execute a complete deployment of all pending configuration changes after the re-merge operation is completed.

Execute Complete Deployment of Changes

4: Confirm that the deployment completes successfully without errors and that all configuration changes are properly applied to the FTD device.

Confirm Deployment Complete

Cause

The issue was caused by Cisco bug ID CSCwt46144. A stale and inconsistent management interface state on the affected FTD device was introduced after the software upgrade from version 7.2.4 to 7.4.2. This inconsistency prevented the cdFMC from successfully building and pushing the device-specific configuration, resulting in early deployment failure during the configuration generation phase. The management interface state anomaly specifically affects the communication and synchronization between the cdFMC and the FTD device, causing the deployment process to fail before any configuration changes can be applied to the target device.

The defect is particular to cdFMC devices and is intended to be resolved in next 10.0.94 release of cdFMC.

Related Content

Revision History

Revision Publish Date Comments
1.0
26-May-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Echo Quiroz-Garcia
    Technical Consulting Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products