Cisco Firepower 4100/9300 FXOS Release Notes, 2.6(1)
This document contains release information for Cisco Firepower eXtensible Operating System (FXOS) 2.6(1).
Use this release note as a supplement with the other documents listed in the documentation roadmap:
 Note |
The online versions of the user documentation are occasionally updated after the initial release. As a result, the information contained in the documentation on Cisco.com supersedes any information contained in the context-sensitive help included with the product. |
Introduction
The Cisco security appliance is a next-generation platform for network and content security solutions. The security appliance is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.
The security appliance provides the following features:
-
Modular chassis-based security system—Provides high performance, flexible input/output configurations, and scalability.
-
Firepower Chassis Manager—Graphical user interface provides a streamlined, visual representation of the current chassis status and allows for simplified configuration of chassis features.
-
FXOS CLI—Provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.
-
FXOS REST API—Allows users to programmatically configure and manage their chassis.
What’s New
New Features in FXOS 2.6.1.265
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.265).
New Features in FXOS 2.6.1.264
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.264).
New Features in FXOS 2.6.1.259
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.259).
New Features in FXOS 2.6.1.254
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.254).
New Features in FXOS 2.6.1.239
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.239).
New Features in FXOS 2.6.1.238
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.238).
New Features in FXOS 2.6.1.230
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.230).
New Features in FXOS 2.6.1.229
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.229).
New Features in FXOS 2.6.1.224
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.224).
New Features in FXOS 2.6.1.214
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.214).
New Features in FXOS 2.6.1.204
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.204).
New Features in FXOS 2.6.1.192
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.192).
New Features in FXOS 2.6.1.187
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.187).
New Features in FXOS 2.6.1.174
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.174).
New Features in FXOS 2.6.1.169
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.169).
New Features in FXOS 2.6.1.166
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.166).
New Features in FXOS 2.6.1.157
Cisco FXOS 2.6.1.157 introduces the following new features:
-
Support for Firepower Threat Defense 6.4.0.
-
Support for 56-physical core security module SM-56.
-
You can now deploy ASA and FTD logical devices on the same Firepower 9300.
Note
Requires ASA 9.12(1) and Firepower 6.4.0.
-
You can now enable TLS/SSL hardware acceleration for one container instance on a module/security engine. TLS/SSL hardware acceleration is disabled for other container instances, but enabled for native instances. See the Firepower Management Center configuration guide for more information.
-
New/modified commands: config hwCrypto enable, show hwCrypto
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.157).
New Features in FXOS 2.6.1.131
Cisco FXOS 2.6.1.131 introduces the following new features:
-
Support for ASA 9.12(1).
-
Support for Radware DefensePro 8.13.01.09-3.
-
Support for Firepower 4115, 4125, and 4145 security appliances.
-
Support for 40 and 48-physical core security modules SM-40 and SM-48.
-
You can now install a mix of different security module types on the same Firepower 9300. Support for this feature requires ASA 9.12(1) or later.
Note
To use clustering with your Firepower 9300, all security modules installed on the chassis must be of the same type.
-
For the FTD bootstrap configuration, you can now set the NAT ID for the FMC in the Firepower Chassis Manager. Previously, you could only set the NAT ID within the FXOS CLI or FTD CLI. Normally, you need both IP addresses (along with a registration key) for both routing purposes and for authentication—the FMC specifies the device IP address, and the device specifies the FMC IP address. However, if you only know one of the IP addresses, which is the minimum requirement for routing purposes, then you must also specify a unique NAT ID on both sides of the connection to establish trust for the initial communication and to look up the correct registration key. The FMC and device use the registration key and NAT ID (instead of IP addresses) to authenticate and authorize for initial registration.
New/modified screens:
Logical Devices > Add Device > Settings > Firepower Management Center NAT ID field
-
You can now configure the key used for encrypting sensitive data during configuration export. You must set the encryption key before you can export a configuration. Make sure that the same encryption key is set on the system when importing that configuration.
-
You can now generate and download technical support log files from Firepower Chassis Manager.
-
You now have the option to enable or disable LLDP.
-
You can now use a new Low Touch Provisioning method to perform first time setup over the Management port.
-
Fixes for various problems (see Resolved Bugs in FXOS 2.6.1.131).
Software Download
You can download software images for FXOS and supported applications from one of the following URLs:
-
Firepower 9300 — https://software.cisco.com/download/type.html?mdfid=286287252
-
Firepower 4100 — https://software.cisco.com/download/navigator.html?mdfid=286305164
For information about the applications that are supported on a specific version of FXOS, see the Cisco FXOS Compatibility guide at this URL:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
Important Notes
-
When you configure Radware DefensePro (vDP) in a service chain on a currently running Firepower Threat Defense application on a Firepower 4110 or 4120 device, the installation fails with a fault alarm. As a workaround, stop the Firepower Threat Defense application instance before installing the Radware DefensePro application. Note that this issue and workaround apply to all supported releases of Radware DefensePro service chaining with Firepower Threat Defense on Firepower 4110 and 4120 devices.
-
Firmware Upgrade—We recommend upgrading your Firepower 4100/9300 security appliance with the latest firmware. For information about how to install a firmware update and the fixes included in each update, see https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html.
-
When upgrading a network or security module, certain faults are generated and then cleared automatically. These include a “hot swap not supported” fault or a “module removed when in online state” fault. If you have followed the appropriate procedures, as described in the Cisco Firepower 9300 Hardware Installation Guide ( http://www.cisco.com/go/firepower9300-install) or Cisco Firepower 4100 Series Hardware Installation Guide ( http://www.cisco.com/go/firepower4100-install), the fault(s) will be cleared automatically and no additional action is required.
Adapter Bootloader Upgrade
FXOS 2.6(1) contains additional testing to verify the security module adapters on your security appliance. After installing FXOS 2.4.1.101 or later, you might receive a critical fault similar to the following indicating that you should update the firmware for your security module adapter:
Critical F1715 2017-05-11T11:43:33.121 339561 Adapter 1 on Security Module 1 requires a critical firmware upgrade. Please see Adapter Bootloader Upgrade instructions in the FXOS Release Notes posted with this release.
If you receive the above message, use the following procedure to update the boot image for your adapter:
-
Connect to the FXOS CLI on your Firepower security appliance. For instructions, see the “Accessing the FXOS CLI” topic in the Cisco Firepower 4100/9300 FXOS CLI Configuration Guide, 2.6(1) or Cisco Firepower 4100/9300 FXOS Firepower Chassis Manager Configuration Guide, 2.6(1).
-
Enter the adapter mode for the adapter whose boot image you are updating:
fxos-chassis# scope adapter 1/security_module_number/adapter_number
-
Enter show image to view the available adapter images and to verify that fxos-m83-8p40-cruzboot.4.0.1.62.bin is available to be installed:
fxos-chassis /chassis/server/adapter # show image Name Type Version --------------------------------------------- -------------------- ------- fxos-m83-8p40-cruzboot.4.0.1.62.bin Adapter Boot 4.0(1.62) fxos-m83-8p40-vic.4.0.1.51.gbin Adapter 4.0(1.51) -
Enter update boot-loader to update the adapter boot image to version 4.0.1.62:
fxos-chassis /chassis/server/adapter # update boot-loader 4.0(1.62) Warning: Please DO NOT reboot blade or chassis during upgrade, otherwise, it may cause adapter to become UNUSABLE! After upgrade has completed, blade will be power cycled automatically fxos-chassis /chassis/server/adapter* # commit-buffer -
Enter show boot-update status to monitor the update status:
fxos-chassis /chassis/server/adapter # show boot-update status State: Updating fxos-chassis /chassis/server/adapter # show boot-update status State: Ready -
Enter show version detail to verify that the update was successful:
Note
Your show version detail output might differ from the following example. However, verify that Bootloader-Update-Status is “Ready” and that Bootloader-Vers is 4.0(1.62).
fxos-chassis /chassis/server/adapter # show version detail Adapter 1: Running-Vers: 5.2(1.2) Package-Vers: 2.2(2.17) Update-Status: Ready Activate-Status: Ready Bootloader-Update-Status: Ready Startup-Vers: 5.2(1.2) Backup-Vers: 5.0(1.2) Bootloader-Vers: 4.0(1.62)
System Requirements
You can access the Firepower Chassis Manager using the following browsers:
-
Mozilla Firefox—Version 42 and later
-
Google Chrome—Version 47 and later
-
Microsoft Internet Explorer—Version 11 and later
We tested FXOS 2.3(1) using Mozilla Firefox version 42, Google Chrome version 47, and Internet Explorer version 11. We anticipate that future versions of these browsers will also work. However, if you experience any browser-related issues, we suggest you revert to one of the tested versions.
Upgrade Instructions
You can upgrade your Firepower 9300 or Firepower 4100 series security appliance to FXOS 2.6(1.157) if it is currently running any FXOS 2.0(1) or later build.
For upgrade instructions, see the Cisco Firepower 4100/9300 Upgrade Guide.
Installation Notes
-
An upgrade to FXOS 2.6(1) can take up to 45 minutes. Please plan your upgrade activity accordingly.
-
If you are upgrading a Firepower 9300 or Firepower 4100 series security appliance that is running a standalone logical device or if you are upgrading a Firepower 9300 security appliance that is running an intra-chassis cluster, traffic does not traverse through the device while it is upgrading.
-
If you are upgrading a Firepower 9300 or a Firepower 4100 series security appliance that is part of an inter-chassis cluster, traffic does not traverse through the device being upgraded while it is upgrading. However, the other devices in the cluster continue to pass traffic.
-
Downgrade of FXOS images is not officially supported. The only Cisco-supported method of downgrading an image version of FXOS is to perform a complete re-image of the device.
Resolved and Open Bugs
The resolved and open bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note |
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account. |
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Open Bugs
The following table lists select bugs open at the time of this Release Note publication:
| Identifier | Description |
|---|---|
| CSCus73654 | ASA do not mark management-only for the mgmt interface assign by LD |
| CSCuu33739 | Physical interface speeds in port-channel are incorrect |
| CSCuw31077 | Filter applied to a interface should be validated |
| CSCux37821 | Platform settings auth the order field shows only lowest-available |
| CSCux63101 | All memory(s) under Memory array shows as unknown in operable column |
| CSCux77947 | Pcap file size not updated properly when data sent at high rate |
| CSCux98517 | Un-decorating data port for VDP should be allowed from Chassis Manager |
| CSCuz93180 | AAA LDAP configuration does not preserve information if validation fails |
| CSCvc03494 | Radware vDP cannot be added into APSolute Vision. As a workaround, you must manually download the device driver and install it into Vision. |
| CSCvc44522 | Log Capacity on Management controller Server1/1 is very low Warning |
| CSCvd90177 | Security Module went to fault state after reloading Supervisor on 4150 with FXOS 2.2.1.57 |
| CSCvg68299 | FXOS chassis manager interface gets disassociated from FTD after a failover |
| CSCvi71367 | Supervisor crashed after reboot--unable to handle kernel NULL pointer dereference |
| CSCvk26697 | bcm_usd_log core files detected with 92.4.1.2889 image |
| CSCvk72915 | Security Module stuck in Rommon inconsistently after reboot |
| CSCvm66013 | Supervisor unresponsive during reboot. Kernel Panic issue seen. |
| CSCvm84592 | Filter configs are lost when “Edit Session” is done for a capture session |
| CSCvm86523 | 6th node will not ssp3ru cluster 6.3.0-1592 |
| CSCvn42252 | Low-touch provisioning debug command mode prompt not working properly |
| CSCvn57429 | Ftd app-instance is stuck in install failed with INSTALL_ERROR. Application internal script Error. |
| CSCvo03589 | App agent heart beat can miss in MI scenario |
| CSCvo30356 | Port-channels are in suspended state after upgrade |
| CSCvo40078 | incorrect uptime displayed |
| CSCvo55237 | The global upgrade button is grayed out even though one security module is up |
| CSCvo55510 | FXOS low-touch provisioning screen does not allow prefix |
| CSCvo58998 | FXOS Cruz Adapter doesn't validate data sent by logical device causing dropped offloaded packets |
| CSCvo60117 | Interface not associated to MI instance even though it shows in chassis manager as allocated |
| CSCvo74625 | 6.4.0 - IPv6 routing doesn't work for WM and KP when mgmt gateway configure as data-interfaces |
| CSCvo83802 | Cluster node management connectivity lost after reboot |
| CSCvp10674 | FTD may not become online after installing vDP and upgrading FXOS to version 2.4.1 |
| CSCvp44939 | ASA app stuck in installing with error 'SMA_blade_reboot_inprogress' on 2.6.1.157 + 9.12.1.111 |
Resolved Bugs in FXOS 2.6.1.265
The following table lists the previously release-noted and customer-found bug that is resolved in FXOS 2.6.1.265:
| Identifier | Description |
|---|---|
| CSCwd18015 | Evaluation of ssp for NX-OS CLI command injection. |
Resolved Bugs in FXOS 2.6.1.264
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.264:
|
Identifier |
Description |
|---|---|
|
LTS18 commit id update in CCM layer (Seq 27) |
|
|
WR6, WR8, LTS18, and LTS21 commit id update in CCM layer (Seq 32) |
|
|
WR6, WR8, LTS18, and LTS21 commit id update in CCM layer (Seq 33) |
|
|
WR8, LTS18, and LTS21 commit id update in CCM layer (Seq 34) |
|
|
WR6 and WR8 commit id update in CCM layer (Seq 30) |
|
|
WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 35) |
Resolved Bugs in FXOS 2.6.1.259
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.259:
|
Identifier |
Description |
|---|---|
|
Port-channel member interfaces are lost and status is down after software upgrade |
|
|
WR8 and LTS18 commit id update in CCM layer (sprint 126, seq 22) |
|
|
WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 25) |
|
|
Tune throttling flow control on syslog-ng destinations |
|
|
WR6, WR8 commit id update in CCM layer(Seq 30) |
|
|
WM 1010 10/100Mbps full duplex setting is not getting effect |
|
|
FTD/ASA stuck on "Starting" due to blade going in fault state following FTD upgrade |
|
|
Update certificate bundle for 7.2 release |
|
|
WR6 and WR8 commit id update in CCM layer (sprint 129, seq 23) |
|
|
WR8 and LTS18 commit id update in CCM layer (seq 24) |
|
|
WR8, LTS18 and LTS21 commit id update in CCM layer (seq 26) |
|
|
Upgrade fail & App Instance fail to start with err "CSP_OP_ERROR. CSP signature verification error." |
Resolved Bugs in FXOS 2.6.1.254
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.254:
|
Identifier |
Description |
|---|---|
|
Able to login into platform page though the user account-status is inactive |
|
|
High CPU on FXOS due to bcm_usd process |
|
|
FPR 4100 saw an unexpected reload with reason "Reset triggered due to HA policy of Reset" |
|
|
Unable to collect blade logs even when blade is online |
|
|
FXOS reporting old FTD version after FTD upgrade to 6.7.0 |
|
|
FXOS System temporary directory usage is unexpectedly high |
|
|
Disable kernel warning due to rommon failing to align initramfs memory pointer |
|
|
System/Npu: Platform Version and Package version is empty in show version detail output |
|
|
FXOS A crafted request uri-path can cause mod_proxy to forward the request to an origin server... |
|
|
WR6, WR8 and LTS18 commit id update in CCM layer(sprint 125, seq 21) |
|
|
Firepower may reboot for no apparent reason |
|
|
Crashes on SMP platforms produce incomplete/corrupt tracebacks |
|
|
Not able to set Bangkok time zone in FPR 2110 |
|
|
Cisco FXOS and NX-OS Software Cisco Discovery Protocol Service Denial of Service |
|
|
Can't Generate FPRM Logs - Fails when custom user with admin priviledge tries |
|
|
NTP script generates "binary operator expected" syntax error |
|
|
FTD/ASA stuck on "Starting" due to blade going in fault state following FTD upgrade |
|
|
ASA upgrade failed with: "CSP directory does not exist - STOP_FAILED Application_Not_Found" |
|
|
FXOS changes to provide dmidecode access to container |
|
|
connector log exhausted disk space |
|
|
No utility to handle XFS corruption on 2100/1000 series Firepower devices |
|
|
Firepower 2100 series in appliance mode: FAN speed was found "CRITICAL" |
|
|
FP-1010 HA link goes down or New hosts unable to connect to the device |
|
|
Core file “svc_sam_portAG” was seen with WM-1010 models FTD. |
|
|
Chassis local date and time may drift back to midnight Jan 1 2015 after reboot |
|
|
FXOS traceback and reload due Service "ascii-cfg" sent SIGABRT for not setting heartbeat. |
Resolved Bugs in FXOS 2.6.1.239
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.239:
|
Identifier |
Description |
|---|---|
|
"Link not connected" error when using WSP-Q40GLR4L transceiver and Arista switch |
|
|
statsAG memory leak |
|
|
FXOS: svc_sam_dcosAG process crash on FirePower 4100/9300 |
Resolved Bugs in FXOS 2.6.1.238
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.238:
|
Identifier |
Description |
|---|---|
|
Backplane Eth1/9 link keeps DOWN until reboot the chassis |
|
|
Fxos Snmp-user is not persistent after reboot |
|
|
FXOS: some interface transition logs have no reason |
|
|
FPR4100/9300: Packet drops during the transition of BYPASS to NON-BYPASS when device is rebooted |
|
|
extra "Local Disk 3" displayed on FPR9300 (improved solution) |
|
|
bad allowed_cpus in /etc/sf/arc.conf probably from cspCfg.xml |
|
|
FXOS Operational State:Thermal-problem intermittently |
|
|
Firepower 4100/9300 - Fail-to-wire (FTW) EPM ports link flap during show tech collection |
|
|
FXOS: Voltage on DC PSU displayed with wrong values from the 'show stats' |
|
|
4100/9300: Cannot associate port channel / interface to App |
|
|
Timezone in "show clock" is different from which in "show run clock" |
|
|
Radius Key with the ASCII character " configured on FXOS does not work after chassis reload. |
|
|
ENH: Rename status BYPASS-FAIL for fail-to-wire inline pairs |
|
|
Firepower memory leak in svc_sam_dcosAG |
|
|
FXOS show fault warning code F4526902 |
|
|
Handle CIMC Watchdog reset in MIO |
|
|
ENH: Prevent CCL IP addressing on the 169.254.x.x subnet on cluster creation |
|
|
ENH: Include output of 'show card detail expand' and 'show card-config' in chassis show-tech |
|
|
AppAgent Heartbeat enhancement |
|
|
Disk utilization increasing /var/tmp in FPR4150-ASA chassis |
|
|
FXOS process core pruned/deleted from system files (no validation) |
|
|
Chassis SSD firmware upgrade may be prevented improperly |
|
|
Application interface down whereas physical interface Up on FXOS |
|
|
Download image errored in automation as download state is missing in show download-task |
|
|
core svc_sam_appAG seen on 2.6.1.207 |
|
|
7.0.0.1-14 9300 FTD node failed to join the cluster after the upgrade |
|
|
Enhancement to make link down/flap reasons from CSCvo90987 user readable |
|
|
The 4k/9k SUP should reboot the blade when it is hung due to CATERR |
|
|
"show hardware internal bcm-usd info driver-info" returns error |
|
|
BCM SDK patch 6.5.8 - Parity error in TDM Calendar memories causes traffic drop after SER correction |
|
|
Display message ???nothing to update??? if the SSD installed is not applicable for the firmware update |
|
|
NTP conf updates to support 4.2.8p13 and up |
|
|
show tech-support missing FTW port-pair status |
|
|
FXOS does not check the total amount of available memory with a missing or failed DIMM |
|
|
PortAG Core file detected while testing UUT Image 92.10.1.212 |
|
|
Need to include AAA logs/debugs in FPRM tar bundle |
Resolved Bugs in FXOS 2.6.1.230
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.230:
|
Identifier |
Description |
|---|---|
|
Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021 |
Resolved Bugs in FXOS 2.6.1.229
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.229:
|
Identifier |
Description |
|---|---|
|
core_svc_sam_dme found after upgrade |
|
|
An extra whitespace in cluster group name of FTD causing data unit to be kicked out. |
|
|
App Mode: WM 1010 - changing speed settings causing traffic to stop permanently |
|
|
\"System does not allow more than 16 TPs\" on 2.3.1.213 |
|
|
MIO SSD upgraded to wrong firmware version. |
|
|
FTD contains expired root CA certificates |
|
|
QuoVadis root CA decommission on Firepower 9300/4100 Supervisor |
Resolved Bugs in FXOS 2.6.1.224
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.224:
|
Caveat ID Number |
Description |
|---|---|
|
core_svc_sam_dme found after upgrade |
|
|
"Link not connected" error after reboot when using QSFP-40G-LR4 transceiver on FPR9K-NM-4X40G |
|
|
An extra whitespace in cluster group name of FTD causing data unit to be kicked out. |
|
|
FXOS - AAA/RADIUS - NAS-IP Field set to 127.0.01 |
|
|
Service module not returning error to supervisor when SMA resources are depleted |
|
|
FXOS dynamically learning mac-address of external machine causing outage |
|
|
FXOS portAG memory leak during periodical interface polls |
|
|
Upgrade : FSM status can show incorrect value after upgrade |
|
|
Cisco FXOS and NX-OS Software UDLD DoS and Arbitrary Code Execution Vulnerability |
|
|
Cisco FXOS and NX-OS Software UDLD DoS and Arbitrary Code Execution Vulnerability |
|
|
FXOS clock sync issue during blade boot up due to "MIO DID NOT RESPOND TO FORCED TIME SYNC" |
|
|
FP93K // 2.3.1.144 // SSH sessions not clearing. More than 32 FPRM CLI sessions are not allowed |
|
|
ASA module fails to upgrade (GracefulStopApp FSM failure) |
|
|
Memory leak : DME process may traceback generating core on Firepower 4100/9300 (M5 series only) |
Resolved Bugs in FXOS 2.6.1.214
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.214:
|
Identifier |
Description |
|---|---|
|
9300/4100 : Port-channel down after chassis software upgrade. |
|
|
FXOS ASA race condition leading to cluster join failure and network outage |
|
|
TD2 does not load balance MPLS across backplane interfaces and sends it all to first interface |
|
|
ASA app-instance restart without audit log or trigger |
Resolved Bugs in FXOS 2.6.1.204
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.204:
|
Identifier |
Description |
|---|---|
|
Not able to login after system init setup, with [No space left on device] error |
|
|
FXOS: Firepower Chassis not taking changes on RADIUS Server(s) and still using the old one(s) |
|
|
Inconsistent interface status on the FXOS when Port is Down by Propagate Link State |
|
|
FXOS L3 Egress Object Resource Leak due to Port-Channel Member Interface Flaps |
|
|
NTP script error leading to clock drift and traffic interruption |
|
|
FXOS displays a WSP-Q40GLR4L transceiver from show interface as type QSFP-40G-LR4 |
|
|
Need dedicated Rx rings for failover and OSPF on Firepower platform - Cruz fix |
|
|
Firepower 4100 series all FTW interfaces link flap at the same time but occur rarely |
|
|
"Link not connected" error after reboot when using WSP-Q40GLR4L transceiver on FPR9K-NM-4X40G |
|
|
FP 4120 svc_sam_dcosAG crashed with crash type:139 |
|
|
fpr4100 snmp polling to fxos memory-usage shows incorrect value compare with CLI's output |
Resolved Bugs in FXOS 2.6.1.192
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.192:
|
Identifier |
Description |
|---|---|
|
"show open-network-ports" not showing the proper infomration on FP4100 Series |
|
|
FXOS randomly shows one NTP server as 'Unreachable Or Invalid NTP Server' once added 4 NTP servers |
|
|
FPR4100/9300 Smart Licensing fail - Error : Licensing internal error(68) |
|
|
FXOS 'show lacp counters' Sent vs Recv counters are not properly separated |
|
|
Unable to add user on FTD using external authentication |
|
|
AppAG encoding for FXOS logical device bootstrap |
|
|
Traceback in cruz |
|
|
mgmt bootstrap PASSWORD should not be in appAG log |
|
|
FPR9300 hangs after reboot is triggered for firmware upgrade |
|
|
BladeAG reload due to memory leak with M5 blade |
|
|
Continuous link flapping leading to snm_log corefile |
|
|
FXOS 8x1G FTW continuous link flap |
|
|
FTW watch-dog kick delays |
Resolved Bugs in FXOS 2.6.1.187
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.187:
|
Identifier |
Description |
|---|---|
|
extra "Local Disk 3" displayed on FPR9300 |
|
|
Firepower Chassis Reloads due to License Manager |
|
|
"show open-network-ports" not showing the proper infomration on FP4100 Series |
|
|
OpenSSL 0-byte Record Padding Oracle Information Disclosure Vulnerabil |
|
|
Storage controller firmware version is not upgraded during FXOS upgrade |
|
|
FXOS: Show System Resources yields negative value of the memory |
|
|
WRL6 and WRL8 commit id update in CCM layer (sprint 67) |
|
|
Data interfaces bring up delayed after chassis reboot |
|
|
FPR-4100: FXOS CLI crash with fwm hap reset |
|
|
FPR-4100: FXOS CLI crash with fwm hap reset |
|
|
DME process crash due to memory leak on Firepower 9300/4100 |
Resolved Bugs in FXOS 2.6.1.174
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.174:
|
Identifier |
Description |
|---|---|
| CSCvq31946 | Ability to disable auto-negotiation for SFP (1G optical) |
| CSCvq33092 | output discards also includes input discards and input discards is not incremented |
| CSCvq36298 | Cannot change MTU size on ASAv after upgrade |
| CSCvr04845 | DME crash after FXOS chassis reload with maximum number of https ip-blocks configured |
| CSCvr24920 | FPR-4110: FXOS CLI crash in feature-mgr process |
Resolved Bugs in FXOS 2.6.1.169
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.169:
|
Identifier |
Description |
|---|---|
| CSCvm96265 | Disable HTTP OPTIONS enabled |
| CSCvo40340 | FPR4100: serial, model and vendor are black after FAN OIR |
| CSCvq17910 | Multicast MAC not programmed on chassis upon app reboot or cluster rejoin |
| CSCvq19641 | Evaluation of Firepower 4k/9k Supervisor for TCP_SACK |
| CSCvq33916 | Linkdown between FP 4100 and switch when using 40gb bidi to 40/100 bidi |
Resolved Bugs in FXOS 2.6.1.166
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.166:
|
Identifier |
Description |
|---|---|
| CSCvk60985 |
Machine Check events logged. Possible hardware issue. FXOS Blade: mcelog support |
| CSCvn77125 |
FXOS: copy command should allow for wildcards to transfer multiple files |
| CSCvn99658 |
FXOS lacp related logs pktmgr.out and lacp.out grows too large |
| CSCvo55809 |
ASA App stuck in installing sate on 2.6.1.112 + ASA 9.12.0.125 |
| CSCvo85861 |
Propagate link-state not shown in FTD CLI |
| CSCvo90987 |
Enhancement for debugging link down/flap issues for bcm_usd.log files on customer units |
| CSCvp10674 |
FTD may not become online after installing vDP and upgrading FXOS to version 2.4.1 |
| CSCvp15176 |
Apps installed on firepower devices may report comm failure and assume itself as active/master. |
| CSCvp21561 |
Cruz Adaptor crash due to kernel patch incompatible with cruz kernel version |
| CSCvp40260 |
Prevent STP and FC frames from being sent to SUP CPU |
| CSCvp56801 |
'show tech-support module 1 app-instance <appname> <identifier>' fails when only 1x instance on 4100 |
| CSCvp83437 |
serial console login using local account succeeds but immediately returns to login prompt |
Resolved Bugs in FXOS 2.6.1.157
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.157:
| Identifier | Description |
|---|---|
| CSCvm72541 | Speed is 0 in interfaceMapping message if a port-channel's status is down |
| CSCvo10291 | FTD External Auth using RADIUS fails when pre-shared key contains database characters |
| CSCvo29067 | FXOS upgrade hangs and started generating DME corefiles |
| CSCvo44171 | Firepower version 2.2.2.86 reloads due to License Manager with abnormal auth renewal each 30 sec |
| CSCvo64091 | SSP:Cluster Slave FTD Provisioning failing because "Required external ports not available" |
| CSCvo65464 | FPR2100: EIGRP routes with learned over port channel interface become Infinite FD |
| CSCvo75349 | FXOS Blade CRUZ FW coredump due to a memory corruption |
| CSCvo87116 | MTS messages stuck in AppAG recv_q |
| CSCvp09791 | FXOS/FTD multi-instance deployments multicast traffic outage |
Resolved Bugs in FXOS 2.6.1.131
The following table lists the previously release-noted and customer-found bugs that were resolved in FXOS 2.6.1.131:
| Identifier | Description |
|---|---|
| CSCvg54742 | FTW - Traffic loss seen when chassis shutdown gracefully from FXOS GUI |
| CSCvj00997 | "show open-network-ports" not showing the proper information on FP4100 Series |
| CSCvj47857 | MIO Crashed on bootup due to ethpm hap reset |
| CSCvj96380 | SAM Coupler should force FTW bypass if switch bypass enable fails |
| CSCvk46399 | svc_sam_bladeAG_log core seen after MIO reboot |
| CSCvm31905 | OpenSSH Bailout Delaying User Enumeration Vulnerability |
| CSCvm37578 | Local User login asaConsoleDbg Permission denied error |
| CSCvm51377 | Linux Kernel acpi_ns_evaluate() Function Information Disclosure Vulnerability |
| CSCvm97473 | Linux Kernel drivers/tty/n_tty.c Denial of Service Vulnerability |
| CSCvn24594 | add NTPDATE update of blade sysclock from the supervisor before starting NTPD |
| CSCvn41072 | Linux Kernel vcpu_scan_ioapic Function Issue |
| CSCvn50990 | Wireshark DCOM Dissector Denial of Service Vulnerability |
| CSCvn68238 | DPDK vhost-user Interface Information Disclosure Vulnerability |
| CSCvn76908 | [ciam] Linux Kernel USB Subsystem Data Size Checks Handling Vulnerability |
| CSCvn83018 | Firepower 2100: Memory leak seen with process LACP |
| CSCvo08464 | [ciam] Sudo get_process_ttyname Function Device Name Handling Security Bypass Vulnerability |
| CSCvo31071 | Traffic drops when a unit is re-joining the cluster. |
| CSCvo58998 | FXOS Cruz Adapter doesn't validate data sent by logical device causing dropped offloaded packets |
Related Documentation
For additional information on the Firepower 9300 or 4100 series security appliance and FXOS, see Navigating the Cisco FXOS Documentation.
Online Resources
Cisco provides online resources to download documentation, software, and tools, to query bugs, and to open service requests. Use these resources to install and configure FXOS software and to troubleshoot and resolve technical issues.
-
Cisco Support & Download site: https://www.cisco.com/c/en/us/support/index.html
-
Cisco Bug Search Tool: https://tools.cisco.com/bugsearch/
-
Cisco Notification Service: https://www.cisco.com/cisco/support/notifications.html
Access to most tools on the Cisco Support & Download site requires a Cisco.com user ID and password.
Contact Cisco
If you cannot resolve an issue using the online resources listed above, contact Cisco TAC:
-
Email Cisco TAC: tac@cisco.com
-
Call Cisco TAC (North America): 1.408.526.7209 or 1.800.553.2447
-
Call Cisco TAC (worldwide): Cisco Worldwide Support Contacts
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Feedback