CSCwj81646

UDP throughput highly variable on snort reload

CSCwk33511

low memory/stress causing block double free and reload

CSCwk36770

FMC - SDWAN - Same IKE identity issues between multiple topologies

CSCwk76563

SDWAN: Same spoke in another topology with different community causes issues in route redistribution

FMC HA role switch secondary FMC does not get event configuration and threat hunting is lost on FTD

Unable to trigger second immediate backup after first scheduled backup completed

CSCwm34180

Traffic on port-channel/port-channel subinterfaces not working with device template registration

Change management: Error in save of SD-WAN topology if security zone is added inline in the wizard

CSCwm40854

Break FTD-HA pair fails on MI app

Child domain template adding through Global Device wizard page is not working

Erroneous message - Interface 'management0' has no link - during device onboarding

CSCwm46752

Edit configuration on Secure Firewall 3100 L3 Cluster fails with BGP enabled

CSCwm47187

Policy deploy failing constantly after changing interface nameif if interface used in SAML CP rule

CSCwm47308

Policy deployment failing constantly on Secure Firewall cluster data node post cluster break

CSCwm51467

SSL Server check-box is missing only in default new theme for Device- >Certificates- > Add New Cert

FMC: critical processes can not boot up including vmsDBEngine

ASA concatenates syslog event to other syslog event while sending to the syslog server

FTD traceback in Thread Name cli_xml_server when deploying QoS policy

FTD - Flow-Offload should be able to coexist with Rate-limiting Feature (QoS)

Lack of throttling of ARP miss indications to CP leads to oversubscription

Remove Syslog Messages 852001 and 852002 in Firewall Threat Defense

SNMPv3: Special characters used in FXOS SNMPv3 configuration causes authentication errors

FXOS Major Faults about adapter host and virtual interface being down

FXOS: Fault "The password encryption key has not been set." displayed on FPR1000 and FPR2100 devices

App-instance showing as Started instead of Online

IPTables.conf file is disappearing resulting in backup and restore failure.

Deployment fails with internal_errors - Cannot get fresh id

ERROR: Deleted IDB found in in-use queue - message misleading

Getting Unprocessable URL categories objects when using API call

PLR license reservation for ASAv5 is requesting ASAv10

ASA may fail to create NAT rule for SNMP with: "error NAT unable to reserve ports."

show access-control-config doesn't show NAP/IPS policy name

ASA: FPR11xx: Loss of NTP sync following a reload after upgrade

Some syslogs for AnyConnect SSL are generated in admin context instead of user context

Tune throttling flow control on syslog-ng destinations

ENH: Support for snapshots of RX queues on InternalData interfaces when "Blocks free curr" goes low

Primary node disconnected from VPN-Cluster when performed HA failover on Primary with DNS lookup

"SFDataCorrelator:Parser [ERROR] Syntax error" on FTD device

ASA/FTD stuck after crash and reboot

Microsoft update traffic blocked with Snort version 3 Malware inspection

ASA/FTD Traceback and reload in Process Name: lina

snort3 crashinfo sometimes fails to collect all frames

MFIB RPF failed counter instead of Other drops increments when outgoing interface list is Null

ASA: The timestamp for all logs generated by Admin context are the same

cache and dump last 20 rmu request response packets in case failures/delays while reading registers

Snort down due to missing lua files because of disabled application detectors (PM side)

AnyConnect SAML - Client Certificate Prompt incorrectly appears within External Browser

Cisco ASA and FTD Software RSA Private Key Leak Vulnerability

Prevention of RSA private key leaks regardless of root cause.

FTPS getting ssl3_get_record:bad record type during connection for KK and DR rules

Unnecessary FAN error logs needs to be removed from thermal file

ASA/FTD may traceback and reload during ACL changes linked to PBR config

ASA/FTD may traceback and reload in Thread Name 'lina'

FXOS ASA/FTD SNMP OID to poll Internal-data 'no buffer' interface counters

logging/syslog is impacted by SNMP traps and logging history

ASA: ASDM sessions stuck in CLOSE_WAIT causing lack of MGMT

User/group download may fail if a different realm is changed and saved

25G CU SFPs not working in Brentwood 8x25G netmod

ASA/FTD tmatch compilation check when unit joins the cluster, when TCM is off

cacert.pem on FMC expired and all the devices showing as disabled.

AnyConnect SAML using external browser and round robin DNS intermittently fails

Failover trigger due to Inspection engine in other unit has failed due to disk failure

critical health alerts 'user configuration(FSM.sam.dme.AaaUserEpUpdateUserEp)' on FPR 1100/2100/3100

ASA/FTD may traceback and reload in Thread Name 'lina' following policy deployment

ASA/FTD: Traceback and reload in Thread Name: EIGRP-IPv4

ASA/FTD may traceback and reload in Thread Name 'lina'

User with no vpn-filter may get additional access when per-user-override is set

DHCP Relay is looping back the DHCP offer packet causing dhcprelay to fail on the FTD/ASA

FTD: Traceback & reload in process name lina

ASA/FTD traceback and reload on thread name fover_fail_check

ASA/FTD: Command "no snmp-server enable oid mempool" enabled by default or enforced during upgrades

ssl policy errors: Unable to get server certificate's internal cached status

SSL Policy DND default Rule fails on error unsupported cipher suite and SKE error.

Analyze why there is no logrotate for /opt/cisco/config/var/log/ASAconsole.log

FPR 2100: 10G interfaces with 1G SFP goes down post reload

fxos log rotate failing to cycle files, resulting in large file sizes

ASA/FTD: Traceback and reload in Thread Name: appAgent_reply_processor_thread

256 / 1550 Block leak with TLS1.3 session

Evaluate FMC for CVE-2022-42252

ASA restore is not applying vlan configuration

AWS: SSL decryption failing with Geneve tunnel interface

Stale CPU core health events seen on FMC UI post upgrade to 7.0.0+.

FTD Lina traceback and reload in Thread Name 'IP Init Thread'

Disable asserts in FTD production builds

ASA/FTD: Traceback and reload due to SNMP group configuration during upgrade

FMC UI Showing inaccurate data in S2S VPN Monitoring page

ASA Connections stuck in idle state when DCD is enabled

Cisco ASA and FTD AnyConnect SSL/TLS VPN Denial of Service Vulnerability

FPR2100: Increase in failover convergence time with ASA in Appliance mode

FTDv Single-Arm Proxy behind AWS GWLB drops due to geneve-invalid-udp-checksum with all 0 checksum

AC clients fail to match DAP rules due to attribute value too large

Packets through cascading contexts in ASA are dropped in gateway context after software upgrade

ASA traceback and reload on Datapath process

FPR1150 : Exec format error seen and the device hung until reload when erase secure all is executed

ASA|FTD: Implement different TLS diffie-hellman prime based on RFC recommendation

QEMU KVM console got stuck in "Booting the kernel" page

Port-channel interfaces of secondary unit are in waiting status after reload

Port-channel member port status flag and membership status are Down if LACPDUs are not received

ASA/FTD may traceback and reload in idfw fqdn hash lookup

FXOS: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.

30+ seconds data loss when unit re-join cluster

FTD with Snort3 might have memory corruption BT in snort file with same IP traffic scaling

Cisco ASA and FTD ICMPv6 Message Processing Denial of Service Vulnerability

ASA configured with HA may traceback and reload with multiple input/output error messages

MI FTD running 7.0.4 is on High disk utilization

Snort drops Bomgar application packets with Early Application Detection enabled

High CPU Utilization on FXOS for processes smConlogger

FTD Traffic failure due to 9344 block depletion in peer_proxy_tx_q

LINA Traceback on FPR-1010 under Thread Name: update_cpu_usage

Snort outputs massive volume of packet events - IPS event view may show "No Packet Information"

Microsoft SCEP enrollment fails to get ASA identity cert - Unable to verify PKCS7

ASA/FTD may traceback and reload in Thread Name 'telnet/ci'

ASA/FTD may traceback and reload in Thread Name 'lina'

Observing some devcmd failures and checkheaps traceback when flow offload is not used.

Snort3 stream core found init_tcp_packet_analysis

AWS ASAv PAYG Licensing not working in GovCloud regions.

Traceback and reload when webvpn users match DAP access-list with 36k elements

ASA/FTD: Traceback and Reload on Netflow timer infra

Cut-Through Proxy does not work with HTTPS traffic

Enhance logging mechanism for syslogs

ASA/FTD NAT Pool Cluster allocation and reservation discrepancy between units

Stratix5950 and ISA3000 LACP channel member SFP port suspended after reload

Traffic fails in Azure ASAv Clustering after "timeout conn" seconds

ASA/FTD failure due to heartbeat loss between chassis and blade

ASA: After upgrade cannot connect via ssh to interface

ASA/FTD may traceback and reload in logging_cfg processing

FAN LED flashing amber on FPR2100

Clientless VPN users are unable to download large files through the WebVPN portal

Anyconnect users unable to connect when ASA using different authentication and authorization server

Blade not coming up after FXOS update support on multi-instance due to ssp_ntp.log log rotation prob

The Standby Device going in failed state due to snort heartbeat failure

Primary ASA traceback upon rebooting the secondary

ASA/FTD traceback and reload, Thread Name: rtcli async executor process

Link Up seen for a few seconds on FPR1010 during bootup

FTD: Unable to configure WebVPN Keepout or Certificate Map on FPR3100

ASA is unexpected reload when doing backup

FPR41xx/9300: Blade does not capture or log a reboot signal

ASA/FTD: External IDP SAML authentication fails with Bad Request message

Cisco ASA and FTD Software VPN Packet Validation Vulnerability

Optimization of Side Bar loading for HealthMon page

License Commands go missing in Cluster data unit if the Cluster join fails.

ASA/FTD may traceback and reload after a reload with DHCPv6 configured

ASA/FTD may traceback and reload in Thread Name 'lina'

FTD traceback and reload while deploying PAT POOL

Need to provide rate-limit on "logging history <mode>"

FTD/ASA traceback and reload during to tmatch compilation process

Unexpected "No Traffic" health alert on Standby HA Data Interface where no data flows

FTD traceback/reloads - Icmp error packet processing involves snp_nat_xlate_identity

FPR1K/FPR2K: Increase in failover time in Transparent Mode with high number of Sub-Interfaces

Cluster data unit drops non-VPN traffic with ASP reason "VPN reclassify failure

FPR1120:connections are getting teardown after switchover in HA

None option under trustpoint doesn't work when CRL check is failing

FTD traceback and reload during policy deployment adding/removing/editing of NAT statements.

FTD is dropping GRE traffic from WSA

ASA binding with LDAP as authorization method with missing configuration

Identity network filter not removed from FTD

ASA: Traceback and reload while processing SNMP packets

Nodes randomly fail to join cluster due to internal clustering error

FTD: HA crash and interfaces down on FPR4200

High Lina memory use due to leaked SSL handles

Secondary state flips between Ready & Failed when node is rebooted and mgmt interface is shutdown

multimode-tmatch_df_hijack_walk traceback observed during shut/unshut on FO connected switch interfa

IKEv2 Multi-DVTI Hub Support FTD/ASA

FTD - 'show memory top-usage' providing improper value for memory allocation

FTD: IP SLA Pre-emption not working even when destination becomes reachable

ASA/FTD Traceback and reload of Standby Unit while removing capture configurations

Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability

cdFMC : User with VPN Sessions Manager Role can't access cdFMC

null connection error seen in logs

ASA/FTD: Improve GTP Inspection Logging

ASA/FTD: GTP Inspection engine serviceability

[FTD Multi-Instance][SNMP] - CPU OIDs return incomplete list of associated CPUs

ASA/FTD may traceback and reload in Thread Name: CTM Daemon

256-byte memory block gets depleted on start if jumbo frame is enabled with FTD on ASA5516

Traffic drop when primary device is active

Cisco ASA and FTD Software Remote Access SSL VPN Multiple Certificate Auth Bypass

ASA/FTD may drop multicast packets due to no-mcast-intrf ASP drop reason until UDP timeout expires

Multicast connection built or teardown syslog messages may not always be generated

Write wrapper around "kill" command to log who is calling it

Snort3: Process in D state resulting in OOM with jemalloc memory manager

SNMPD cores seen in in snmp_sess_close and notifyTable_register_notifications

WR6, WR8, LTS18 and LTS21 commit id update in CCM layer (Seq 43)

Partition "/opt/cisco/config" gets full due to wtmp file not getting logrotated

Unexpected firewalls reloads with traceback.

[SXP-UserIP Muted Leader]FMC HA Join flushes FW IP_SGT Mapping and restreams in registered sensors.

NTP polling frequency changed from 5 minutes to 1 second causes large useless log files

Multiple instances of nvram.out log rotated files under /opt/cisco/platform/logs/

8x10Gb netmod fails to come online

ASA/FTD - SNMP related memory leak behavior when snmp-server is not configured

rpc service detector causing snort traceback due to universal address being an empty string

Azure D5v2 FTDv unable to send traffic - underruns and deplete DPDK buffers observed

ASA Traceback & reload citing thread name: asacli/0

FTD taking longer than expected to form OSPF adjacencies after a failover switchover

ASA/FTD may traceback and reload after executing 'clear counters all' when VPN tunnels are created

Copy and pasting rules is broken and give blank error message in ID policy

LINA traceback with icmp_thread

The command "app-agent heartbeat" is getting removed when deleting any created context

FPR 4115- primary unit lost all HA config after ftd HA upgrade

CLUSTER: ICMP reply arrives at director earlier than CLU add flow request from flow owner.

FTD MI does not adjust PVID on vlans attached to BVI

ASA/FTD may traceback and reload in Thread Name 'None' at lua_getinfo

ASA/FTD Show chunkstat top command implementation

ASA/FTD might traceback in funtion "snp_fp_l2_capture_internal" due to cf_reinject_hide flag

Traffic drops with huge rule evaluation on snort

Workaround to set hwclock from ntp logs on low end platforms

ASA/FTD may traceback and reload in Thread Name 'ci/console' when checking Geneve capture

changing time window settings in FMC GUI event viewers may not work with FMC integrated with SecureX

Supervisor does not reboot unresponsive module/blade due to IERR with minor severity sensor ID 79

ASA/FTD: High failover delay with large number of (sub)interfaces and http server enabled

TLS Server Identity may cause certain clients to produce mangled Client Hello

Gateway is not reachable from standby unit in admin and user context with shared mgmt intf

Multiple traceback seen on standby unit.

2100: Power switch toggle leads to ungraceful shutdowns and "PowerCycleRequest" reset

Stale IKEv2 SA formed during simultaneous IKE SA handling when missing delete from the peer

FDM WM-HA ssh is not working after upgrading 7.2.3 beta with data interface as management

FTD may not reboot as expect post upgrade if bundled FXOS version is the same on old and new version

ASA: FP2100 FTW timeout triggered by high CPU usage during FTD Access Control Policy deploy.

Deleting a BVI in FTD interfaces is causing packet drops in other BVIs

Classic and Unified Events should handle cases when SMC is unreachable

FP2100:Update LINA asa.log files to avoid recursive messages-<date>.1.gz rotated filenames

Syslog ASA-6-611101 is generated twice for a single ssh connection

User with no vpn-filter may get additional access when per-user-override is set (IKEv2 RAVPN)

FTD upgrade from 7.0 to 7.2.x and traceback/reload due to management-access enabled

ASA/FTD drops traffic to BVI if floating conn is not default value due to no valid adjacency

FTD: CLISH slowness due to command execution locking LINA prompt

The public API function BIO_new_NDEF is a helper function used for str

Management interface link status not getting synced between FXOS and ASA

ASA/FTD may traceback and reload in Thread Name 'lina'

ASA Evaluation of OpenSSL vulnerability CVE-2022-4450

SSL decrypted conns fails when tx chksum-offload is enabled with the egress interface a pppoe.

FTD on FPR2140 - Lina traceback and reload by TCP normalization

Protocol Down with lower CPU instances on ESXi 8 for ASAv and FTDv

Memory leak observed on ASA/FTD when logging history is enabled

ASA/FTD: Revision of cluster event message "Health check detected that control left cluster"

FTD: "timeout floating-conn" not operating as expected for connections dependent on VRF routing

ASA/FTD reboots due to traceback pointing to watchdog timeout on p3_tree_lookup

CCM seq 45 - WR6, WR8, LTS18 and LTS21.

FTD Traceback and reload on Thread Name "NetSnmp Event mib process"

PIM register packets are not sent to RP after a reload if FTD uses a default gateway to reach the RP

ASA Multicontext 'management-only' interface attribute not synced during creation

ASA reboots due to heartbeat loss and "Communication with NPU lost"

New context subcommands are not replicated on HA standby when multiple sessions are opened.

Policy Deploy Failing when trying to remove Umbrella DNS Connector Configuration

ASA/FTD traceback in snp_tracer_format_route

ASA/FTD may traceback and reload in Thread Name 'lina' due to due to tcp intercept stat

ASA/FTD: Ensure flow-offload states within cluster are the same

Need fault/error for invalid firmware MF-111-234949

Post backup restore multiple processes are not up. No errors are observed during backup or restore.

Cluster hardening fixes

Cisco ASA and FTD ACLs Not Installed upon Reload

ASA/FTD may traceback and reload

ASA: Prevent SFR module configuration on unsuported platforms

The command "neighbor x.x.x.x ha-mode graceful-restart" removed when deleting any created context

FP2100 series devices might use excessive memory if there is a very high SNMP polling rate

KP Generating invalid core files which cannot be decoded 7.2.4-64

show xlate does not display xlate entries for internal interfaces (nlp_int_tap) after enabling ssh.

ASA - Standby device may traceback and reload during synchronization of ACL DAP

ASA/FTD may traceback and reload in Thread Name 'lina'

Last fragment from SIP IPv6 packets has MF equal to 1, flagging that more packets are expected

ASA / FTD Traceback and reload when removing isakmp capture

Failover fover_trace.log file is flooding and gets overwritten quickly

Snort3 fails to match SMTPS traffic to ACP rules

Multiple times the failover may be disabled by wrongly seeing a different "Mate operational mode".

Connections not replicated to Standby FTD

FTD Crash in Thead Name: CP Processing

ASA/FTD may traceback and reload in Thread Name DATAPATH-3-21853

FTD LINA traceback and reload in Datapath thread after adding Static Routing

Unable to login to FTD using external authentication

Cross-interface-access: ICMP Ping to management access ifc over VPN is broken

logrotate is not compressing files on 9.16 ASA or 7.0 FTD

ASA/FTD may traceback and reload in Thread Name DATAPATH-1-1656

AnyConnect - mobile devices are not able to connect when hostscan is enabled

Interface remains DOWN in an Inline-set with propagate link state

ndclientd error message 'Local Disk is full' needs to provide mount details which is full

ASA/FTD: From-the-box ping fails when using a custom VRF

ASA/FTD : Degradation for TCP tput on FPR2100 via IPSEC VPN when there is delay between VPN peers

User Group Download fetches less data than available or fails with "Size limit exceeded" error

ASA/FTD may traceback and reload in Thread Name 'pix_flash_config_thread'

ASA/FTD may traceback and reload in Thread Name 'lina'

Default DLY value of port-channel sub interface mismatch with parent Portchannel

ASA: Standby failure on parsing of "management-only" not reported to parser/failover subsystem

health alert for [FSM:STAGE:FAILED]: external aaa server configuration

PortChannel sub-interfaces configured as data/data-sharing, in multi-instance HA go into "waiting"

ASA/FTD may traceback and reload in Thread Name 'lina'

Prune target should account for the allocated memory from the thread pruned

asa_snmp.log is not rotated, resulting in large file size

FTD: 10Gbps/full interfaces changed to 1Gbps/Auto after upgrade and going to down state

ASA/FTD traceback and reload on thread DATAPATH-14-11344 when SIP inspection is enabled

ASA/FTD traceback and reload due citing thread name: cli_xml_server in tm_job_add

Consul and Consul Enterprise allowed an authenticated user with service:

ASA/FTD: Traceback and reload due to high rate of SCTP traffic

Cisco FTD Software SSL/TLS URL Category and Snort 3 Detection Engine Bypass and DOS Vulnerability

FMC UI response is very slow: Add health module monitoring FMC ntpd server(s) accessibility

ASA traceback and reload with process name: cli_xml_request_process

Serial number attribute from the subject DN of certificate should be taken as the username

Firepower Chassis Manager is not accessible with ECDSA certificates

Notification Daemon false alarm of Service Down

CVIM Console getting stuck in "Booting the kernel" page

Username-from-certificate feature cannot extract the email attribute

Unable to Access FMC GUI when using Certificate Authentication

ASA: Standby failure on parsing of "management-only" for dynamic configuraiton changes

Elephant flow detection disabled on FMC, getting enabled on FTD after random deployment

ASA Traceback and reload in parse thread due ha_msg corruption

Snort3 is crashing frequently on cd_pdts.so

FPR31xx - SNMP poll reports incorrect FanTray Status at Down while actually operational

ngfwManager process continuously restarting leading to ZMQ Out of Memory traceback

FTD returns no output of "show elephant-flow status" when efd.lua file's content is empty

KP - multimode: ASA traceback observed during HA node break and rejoin.

FXOS REST API: Unable to create a keyring with type "ecdsa"

Threat-detection does not recognize exception objects with a prefix in IPv6

ASA/FTD may traceback and reload in Thread Name 'lina'.

Threat-detection does not allow to clear individual IPv6 entries

Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability

ASA not updating Timezone despite taking commands

Deployment fails to FTD when reusing/reassigning existing vlan id to diff interface

FTD DHCP Relay drops NACK if multiple DHCP Servers are configured

Connection events incorrectly show OVERSUBSCRIPTION flow message for passive interface traffic

Cisco ASA & FTD SAML Authentication Bypass Vulnerability

ASA/FTD may traceback and reload in Thread Name 'lina'

ASa/FTD: SNMP related traceback and reload immediately after upgrade from 6.6.5 to 7.0.1

ASA: Configurable CLU for Large amount of under/overruns on CLU RX/TX queues

Observed ASA traceback and reload when performing hitless upgrade while VPN traffic running

ASA/FTD Cluster: Change "cluster replication delay" with max value increase from 15 to 50 sec

Snort3 cores seen in certain conditions with traffic

ASAConfig multiple restarts are leaking 16K memory in every Restart leading to ZMQ Out Of Memory.

Cisco FTD Software Software for Cisco Firepower 2100 Series Inspection Rules DoS Vulnerability

traceback and reload thread datapath on process tcpmod_proxy_continue_bp

Add knob to pause/resume file specific logging in asa log infra.

FTD: Unable to process a TLS1.2 website with TLS Server Identity with client generating SSL Errors

FTD/ASA Hub and spoke (U-turn) VPN fails when one spoke is IPSec flow offloaded and the other isn't

TCP ping is completely broken starting in 9.18.2

Snort3 Crash in SslServiceDetector after call from nss_passwd_lookup

portmanager.sh outputing continuous bash warnings to log files

ASA/FTD may traceback and reload in Thread Name 'ci/console'

ASA: "Ping <ifc_name> x.x.x.x" is not working as expected starting 9.18.x

3100 unit failed to join the cluster with error "configured object (sys/switch-A/slot-2) not found"

FTD running on FP1000 series might drop packets on TLS flows after the "Client Hello" message.

Readiness check needs to be allowed to run without pausing FMC HA

Setting heartbeat timeout to 6sec for Firepower 4100 and 9300

ASA running out of SNMP PDU and SNMP VAR chunks

Lina traceback and reload due to fragmented packets

LSP version not updated to latest in LINA Prompt in SSP_CLUSTER with 7.2.4 build.

FPR3100: ASA/FTD High traffic impact on all data interfaces with high counter of "demux drops"

FTD : Traceback in ZMQ running 7.3.0

TPK 3110 - Firmware version MISMATCH after upgrade to 7.2.4-144

ASA sends OCSP request without user-agent and host

ASA: After upgrade to 9.16.4 all type-8 passwords are lost on first reboot

FTDv: Traffic failure in VMware Deployments due to dpdk pool exhuastion and rx_buff_alloc_failure

Deployments can cause certain RAVPN users mapping to get removed.

Snort down due to missing lua files because of disabled application detectors (VDB side)

ASA Traceback and reload citing process name 'lina'

getting wrong destination zone on traffic causing traffic to match wrong AC rule

traceback and reload in Process Name: lina related to Nat/Pat

TCP normalizer needs stats that show actions like packet drops

LDAP authentication over SSL not working for users that send large authorisation profiles

Very specific "vpn-idle-timeout" values cause continuous SSL session disconnects and reconnects

ASAv in Hyper-V drops packets on management interface

HA Serviceability Enh: Maintain HA NLP client stats and HA CTL NLP counters for current App-sync

ASDM replaces custom policy-map with default map on class inspect options at backup restore.

FMC deploy logs rotating faster because of /internal_rest_api/accesscontrol/rapplicationsavailable

ASA accepts replayed SAML assertions for RA VPN authentication

Failure to remove snort stat files older than 70 days

ASA/FTD may traceback and reload in Thread Name '19', free block checksum failure

node is leaving TPK cluster due to interface health check failure

ASA may traceback and reload in Thread Name 'DHCPv6 Relay'

ASA/FTD: Traceback on thread name: snmp_master_callback_thread during SNMP and interface changes

DBCheck shouldn't run against MonetDB if user is collecting config backup alone

Correlation rule 'Security Intelligence Category' option is missing DNS and URL values

ASA/FTD : Packet-tracer may displays incorrect ACL rule, though produces correct verdict.

MYSQL, or any TCP high traffic, getting blocked by snort3, with snort-block as Drop-reason

SSH to Chassis allows a 3-way handshake for IPs that are not allowed by the config

Unable to establish BGP when using MD5 authentication over GRE TUNNEL and FTD as passthrough device

Update Configuration State if sync is skipped

crashhandler running with test mode snort

FP2130- Unable to disassociate member from port channel, deployment fails, member is lost on FTD/FMC

ASA/FTD: Connection information in SIP-SDP header remains untranslated with destination static Any

Error loading data in NAT page - When unused port object is used

FTD may fail to create a NAT rule with error: "IPv4 dst real obj address range is huge"

KP: Cleanup/Reformat the second (MSP) disk on FTD reinstall

AC policy change is not reflected in instance page on edit

Inconsistent log messages seen when emblem is configured and buffer logging is set to debug

Snort3 crash found during cleaning up a CHP object

ASA in multi context shows standby device in failed stated even after MIO HB recovery.

ASA integration with umbrella does not work without validation-usage ssl-server.

Add CIMC reset as auto-recovery for CIMC IPMI hung issues

[IMS_7_5_MAIN]High CPU usage on multiple appliances

ASA traceback and reload with the Thread name: **CP Crypto Result Processing**

Firewall may drop packets when routing between global or user VRFs

ASA access-list entries have the same hash after upgrade

[IMS_7_4_0] - Virtual FDM Upgrade fails: HA configStatus='OUT_OF_SYNC after UpgradeOnStandby

FTD: GRE traffic is not being load balanced between CPU cores

ASA: Traceback and reload while updating ACLs on ASA

Cisco Adaptive Security Appliance Software and Firepower Threat Defense DoS

FMC should handle error appropriately when ISE reports error during SXP download

FXOS/SSP: System should provide better visibility of DIMM Correctable error events

Traffic may be impacted if TLS Server Identity probe timeout is too long

ASA/FTD: Traceback and reload with Thread Name 'PTHREAD'

access-list: Cannot mix different types of access lists.

AnyConnect Ikev2 Login Failed With certificate-group-map Configured

Change in syslog message ASA-3-202010

Firewall rings may get stuck and cause packet loss when asp load-balance per-packet auto is used

ASAv - High latency is experienced on Azure environment for ICMP ping packets while running snmpwalk

Wyoming/SFCN ASA: Wrong values shown DBRG in show crypto ssl objects CLI

WINSCP and SFTP detectors do not work as expected

ASA/FTD client IP missing from TACACS+ request in SSH authentication

Improper load-balancing for traffic on ERSPAN interfaces on FPR 3100/4200

PSEQ (Power-Sequencer) firmware may not be upgraded with bundled FXOS upgrade

ASA/FTD may traceback and reload citing process name "lina"

Traceback in Thread Name: ssh/client in a clustered setup

Lina crash in thread name: cli_xml_request_process during FTD cluster upgrade

ECMP + NAT for ipsec sessions support request for Firepower.

99.20.1.16 lina crash on nat_remove_policy_from_np

Traceback and reload on Thread DATAPATH-6-21369 and linked to generation of syslog message ID 202010

Old LSP packages are not pruned causing high disk utilization

Snort3 matches SMTP_RESPONSE_OVERFLOW (IPS rule 124:3) when SMTPS hosts exchange certificates

Remove Priority-queue command from FTD|| Priority-queue command causes silent egress packet drops

Cisco ASA and FTD VPN Web Client Services Client-Side Request Smuggling Vulnerability

VPN load-balancing cluster encryption using deprecated ciphers

ASA/FTD: Traceback and reload when issuing 'show memory webvpn all objects'

DNS cache entry exhaustion leads to traceback

2100 Reload due to internal links going down and NPU disconnection

FXOS SNMP "property community of sys/svc-ext/snmp-svc is out of range" is unclear to users

FTD username with dot fails AAA-RADIUS external authentication login after upgrade

ASA SNMP polling not working and showing "Unable to honour this request now" on show commands

Reduce time taken to clear stale IKEv2 SAs formed after Duplicate Detection

ASA traceback and reload on Thread Name: DHCPRA Monitor

FMC config archives retention reverts to default if ca_purge tool was used prior to 7.2.4 upgrade

vFTD runs out of memory and goes to failed state

ASA Traceback & reload on process name lina due to memory header validation

FXOS Traceback and reload caused by leak on MTS buffer queue

KP2140-HA, reloaded primary unit not able to detect the peer unit

Identity Policy Active auth snort3 redirect hostname doesn't list all FQDN objects\u0009

FTD/Lina - ZMQ issue OUT OF MEMORY. due to less Msglyr pool memory on certain platforms

FTD: HA App sync failure due to fover interface flap on standby unit

ASA generating traceback with thread-name: DATAPATH-53-18309 after upgrade to 9.16.4.19

"show route all summary" executed on transparent mode FTD is causing CLISH to become Sluggish.

Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability

Failover: standby unit traceback and reload during modifying access-lists

FTDv Single-Arm Proxy behind AWS GWLB drops due to geneve-invalid-udp-checksum.

FTD Diskmanager.log is corrupt causing hm_du module to alert false high disk usage

FTD snmpd process traceback and restart

FTD taking longer than expected to form OSPF adjacencies after a failover switchover

Units get kicked out of the cluster randomly due to HB miss | ASA 9.16.3.220

The exclude policy to exclude interface status will be removed on FMC after a while

Selecting "All interfaces " under FTD exclude policy for interface status module doesn't work

Firewall Traceback and reload due to SNMP thread

FTD: Traceback and reload during OSPF redistribution process execution

FTD: TLS Server Identity does not work if size of client hello more than TCP MSS bytes

Cisco ASA and FTD ACLs Not Installed upon Reload

FTD Lina engine may traceback, due to assertion, in datapath

Add meaningful logs when the maximums system limit rules are hit

Avoid both the devices in HA sends events to FMC

FTD is dropping GRE traffic from WSA due to NAT failure

Dumping of last 20 rmu request response packets failed

ASA removes the IKEv2 Remote PSK if the Key String ends with a backslash "\" after reload

ASA - The GTP inspection dropped the message 'Delete PDP Context Response' due to an invalid TEID=0

ASA appliance mode - 'connect fxos [admin]' will get ERROR: failed to open connection.

FMC QoS dashboard does not show QoS rule matched

False critical high CPU alerts for FTD device system cores running instantaneous high usage

ASA: Checkheaps traceback and reload due to Clientless WebVPN

FMC process ssp_snmp_trap_fwdr high memory utilization

azure vftd node traceback while loading multiple network-service objects during ns_reload.

after HA break, selected list shows both the devices when 1 device selected for upgrade

Snort3 core in navl seen during traffic flow

FTD: Firepower 3100 Dynamic Flow Offload showing as Enabled

Policy deployment fails when a route same prefix/metric is configured in a separate VRF.

Excessive logging of ssp-multi-instance-mode messages to /opt/cisco/platform/logs/messages

Editing identity nat rule disables "perform route lookup" silently

FTD: SNMP not working on management interface

Snort2 engine is crashing after enabling TLS Server Identity Discovery feature

Snort core while running IP Flow Statistics

ASA/FTD traceback and reload on thread DATAPATH

Cisco ASA Software and FTD Software SAML Assertion Hijack Vulnerability

Decrypting engine/ssl connections hang with PKI Interface Error seen

WM RM - SFP port status of 9 follows port of state of SFP 10|11|12

When state-link is flapped HA state changed from Standby-ready to Bulk-sync without failover reason

Switch ports in trunk mode may not pass vlan traffic after power loss or reboot

ASA/FTD: Traceback and reload due to NAT L7 inspection rewrite

CDFMC: VDB version rolling back to old version after performing Disaster Recovery

ASA: ISA3000 does not respond to entPhySensorValue OID SNMP polls

ASA: Traceback and reload on Tread name "fover_FSM_thread" and ha_ntfy_prog_process_timer

Traceback: CdFMC - Edit of network object (network/host/range/fqdn) override throws internal error

HA secondary unit disabled after reboot - Process Manager failed to secure LSP

ECDSA Self-signed certificate using SHA384 for EC521

ASA|FTD: Traceback & reload due to a free buffer corruption

Some Vault secrets including LDAP missing files after upgrade if the Vault token is corrupted

FTD Lina traceback Thread Name: DATAPATH due to memory corruption

"failover standby config-lock" config is lost after both HA units are reloaded simultaneously

OSPFv3 Traffic is Centralized in Transparent Mode

FPR1k Switchport passing CDP traffic

FMC: ACP Rule with UDP port 6081 is getting removed after subsequent deployment

Management UI presents self-signed cert rather than custom CA signed one after upgrade

Failed to transfer new image file to FPR2130 and traceback was observed

Traceback @<capture_file_show+605 at ../infrastructure/capture/capture_file_finesse.c:282>

FTD /ngfw disk space full from Snort3 url db files

Radius authentication stopped working after ASAv on AWS upgrade to any higher version than 9.18.2

Do not enable TLS Server Identity Discovery on FTDv deployed with GWLB

Snort crash in active response

ASA Traceback & reload on process name lina due to memory header validation - webvpn side fix

ASDM application randomly exits/terminates with an alert message on multi-context setup

ASA/FTD HA checkheaps crash where memory buffers are corrupted

ASA omits port in host field of HTTP header of OCSP request if non-default port begins with 80

Interface speed mismatch in SNMP response using OID .1.3.6.1.2.1.2.2

ASA traceback on Lina process with FREEB and VPN functions

FTDv/AWS - NTP clock offset between Lina and FTD cluster

FPR1010 in HA failed to send or receive to GARP/ARP with error "edsa_rcv: out_drop"

ASA/FTD: Traceback and reload due to NAT change and DVTI in use

ASA/FTD traceback and reload when invoking "show webvpn saml idp" CLI command

Snort blacklisting traffic during deployment

ASA/FTD may traceback and reload in Thread Name "RAND_DRBG_bytes" and CTM function on n5 platforms

Max Detect on Detection is blocking some ping traffic

Incorrect exit interface choose for VTI traffic next-hop

ASA/FTD may traceback and reload in when changing capture buffer size

Lina CiscoSSL upgrade to 1.1.1v and FOM 7.3a

FTD 7.0.4 cluster drops Oracle's sqlnet packets due to tcp-not-syn

Lina crash in snp_fp_tcp_normalizer() when DAQ/Snort sends malformed L3 header

ARP learning issues with Multiple-instance running 100G Netmod

Incorrect Hit count statistics on ASA Cluster only for Cluster-wide output

SNMP is not working on the primary active ASA unit in multi-context environment

Lack of validation of string length creating object/category names using API

Site-to-Site VPN tunnel status on FMC shows down even though it is UP from FTD side

Include "show env tech" in FXOS FPRM troubleshoot

Intermittently flow is getting white-listed by the snort for the unknow app-id traffic.

ASA/FTD Cluster: Reuse of TCP Randomized Sequence number on two different conns with same 5 tuple

FMC fails deployment after removing NAT or ACL rule

741 - HA & AppAgent - Long term solution for avoiding momentary split-brain situations

Logging improvement for messages exchange between LinaConfigTool and xml server

ASA unexpected HA failover due to MIO blade heartbeat failure

ASA traceback when re-configuring access-list

Snort 3 HTTP Intrusion Prevention System Rule Bypass Vulnerability

FXOS: Remove enforcement of blades going into degraded state after multiple DIMM correctable errors

Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability

PAC Key file missing on standby on reload

FXOS: Alperton 100G NetMod not being acknowledged properly

ASA software on FP3110 showing incorrect serial number in show inventory output

FTD VMWare: High disk utilization on /dev/sda8 partition caused by file system corruption

SQL packets involved in large query is drop by SNORT3 with reason snort-block

Connections are not cleared after idle timeout when the interfaces are in inline mode.

Chassis Manager shows HTTP 500 Internal Server error in specific cases

Specific OID 1.3.6.1.2.1.25 should not be responding

Firewall Blocking packets after failover due to IP <-> SGT mappings

ASA: Traceback and reload when switching from single to multiple mode

snort3 crashes observed due to memory corruption in file api

ASA/FTD: 1 Second failover delay for each NLP NAT rule

Ping to the configured systemIP on management interface getting failed in cluster setup.

ASA/FTD may traceback and reload in Thread Name 'ssh' when adding SNMPV3 config

FTD - Traceback and reload due to nat rule removed by CPU core

Enhancement for Lina copy operation for startup-config to backup-config.cfg in HA

ASDM management-sessions quota reached due to HTTP sessions stuck in CLOSE_WAIT

FTD not generating end of connection event after "Deleting Firewall session"

Getting an exception on the UI while editing and saving the intrusion policy

Policy deployment failed due to "1 errors seen during populateGlobalSnapshot"

Snort2:Skip writing malware seed file duing process shutdown

FTD responding to UDP500 packet with a Mac Address of 0000.000.000

ASA "pager line 25" command doesn't work as expected on few terminal applications

Occasionally External auth may not work after HA failover to Active

FTD hosted on KP incorrectly dropping decoded ESP packets if pre-filter action is analyze

ASA traceback due to panic event during SNMP configuration

Large file download failed due to hitting the max segment limit

ASA/FTD: NAT64 error "overlaps with inside standby interface address" for Standalone ASA

Extensive logging for a problematic deployment caused logs to rollover important logs

Cisco_Firepower_GEODB_FMC_Update* are not included in diskmanager

FTD Block 9344 leak due to fragmented GRE traffic over inline-set interface inner-flow processing

Strong Encryption license is not getting applied to ASA firewalls in HA.

FTD/ASA traceback and reload may occur when ssl packet debugs are enabled

ENH - Exempt TSID probe from going through EVE inspection

Cisco ASA and FTD Software Remote Access VPN Unauthorized Access Vulnerability

2100: Interfaces missing from FTD after removing interfaces as members of a port-channel

ASA/FTD may traceback and reload in Thread Name 'dns_cache_timer'

ASA allows same BGP Dynamic routing process for Physical Data and management-only interfaces

FTD: Failover/High Availability disabled with Mate version 0.0 is not compatible

"show aaa-server" command always shows the Average round trip time 0ms.

ASA/FTD may traceback and reload while running show inventory

4200 Series: Portchannel in cluster may stay down sometimes when LACP is in active mode

Message asa_log_client exited 1 time(s) seen multiple times

FMC SSO timesout when user session is active for more than 1 hr (idle timeout)

evaluate open-vm-tools / VMware Tools on FMC for VMware -- CVE-2023-20900 and VMSA-2023-0019

ASA:Management access via IPSec tunnel is NOT working

The FMC is showing "The password encryption key has not been set" alert for a 11xx/21xx/31xx device

FXOS: svc_sam_dcosAG process getting crashed repeatedly on FirePower 4100

FMC 4600 v7.2.4 EVE dashboard widget showing corrupt data

After rebooting, the future date set on the FPR2100 platform is not reflected (set clock manually)

Improve CPU utilization in ssl inspection for supported signature algorithm handling

FMC Deployment failure in csm_snapshot_error

ASA does not sent 'warmstart' snmp trap

FMC Deployment failed due to internal errors after upgrade

ASA/FTD traceback and reload with IPSec VPN, possibly involving upgrade

SNORT3 - FTD - TSID high cpu, daq polling when ssl enabled is not pulling enough packets

Source NAT Rule performing incorrect translation due to interface overload

ASA/FTD may traceback and reload in Thread Name 'lina' while processing DAP data

Fragmented UDP packet via MPLS tunnel reassemble fail

NAT pool is not working properly despite is not reaching the 32k object ID limit.

Multicast through the box traffic causing high CPU with 1GBps traffic

FTD Upgrade from 6.6.5 to 7.2.5 removing OGS causing rule expansion on boot

Lina core at snp_nat_xlate_verify_magic.part and soft traces

FTD SNMPv3 host configuration gets deleted from IPTABLES after adding host-group configuration

LINA show tech-support fails to generate as part of sf_troubleshoot.pl (Troubleshoot file)

ASDM can not see log timestamp after enable logging timestamp on cli

Configuring and unconfiguring "match ip address test" may lead to traceback

Firepower WCCP router-id changes randomly when VRFs are configured

FTD: Traceback and Reload in Process Name: lina

Configuration to disable TLS1.3

Diskmanager process terminated unexpectedly

FTD-HA does not fail over sometimes when snort3 crashes

ASA: Traceback and reload when restore configuration using CLI

WM DT - ASA in transparent mode doesn't send equal IPv6 Router Advertisement packets to all nodes

Timestamp entry missing for some syslog messages sent to syslog server

Community string sent from router is not matching ASA

ASA/FTD may traceback and reload due to watchdog time exceeding the default 15 seconds

Secondary lost failover communication on Inside, using IPv6, but next testing of Inside passes

CSF 4200: PSU Fan speed is critical

FXOS : Duplication of NTP entry results in Error message : Unreachable Or Invalid Ntp Server

Unable to create VRF via FDM in Firepower 3105 device

Coverity 886745: OVERRUN in verify_generic_signature

ASA traceback under match_partial_keyword during CPU profiling

FTD: Mariadb might cause OOM due to not-so-effective memory release algorithm in glibc allocator

Snort3 dropping IP protocol 51

Upgrade from FMC 7.2.4.1 to 7.2.5 failed at 600_schema/000_install_fmc.sh

Unexpected high values for DAQ outstanding counter

FMC Primary disk degraded error

ASA: Traceback and reload when executing the command "show nat pool detail" on a cluster setup

FTD: The crucial upgrade script should not be bypassed by the Upgrade Retry

ASA/FTD traceback and reload on process fsm_send_config_info_initiator

Snort generating an excessive number of snort-unified log files with zero bytes

[Multi-Instance] Second Hard Drive (FPR-MSP-SSD) not in use

Bulk FTD backups to be generated in batches internally

ASA/FTD HA pair EIGRP routes getting flushed after failover

ASA/FTD: Traceback and reload on thread name CP Crypto Result Processing

High CPU Utilization alerts caused by the process Telegraf

SNMP fails to poll accurate hostname from FMC

VTI tunnel goes down due to route change detected in VRF scenario

Cannot configure Correlation rule because there are no values for GID that exceed 2000

In FPR4200/FPR3100-cluster observed core file ?core.lina? observed on device reboot.

Disconnecting RA VPN users from the FMC gui fails.

Backup restore: silent failure when the device managed locally

Every HA sync attempts to disable URL filtering if already disabled.

eStreamer JSON parse error and memory leak

FTD: Internal certificate generation results to certificate and private key mismatch

FTD unregisters the standby FMC immediately after a successful registration

FTD installation fails on FPR-2K "Error in App Instance FTD. Available memory not updated by blade"

FTD: Traceback in threadname cli_xml_request_process

Firewall shows misleading SCP file copy failure reasons

crypto_archive file generated after the software upgrade.

Random FTD snort3 traceback

File copy via SCP using ciscossh stack fails with error "no such file or directory"

Last Rule hit shows a hex value ahead of current time in ASA and ASDM

Init process spikes to 100% CPU usage after a failed backup

Unexpected traceback on thread name Lina and device experienced reboot

GTP connections, under certain circumstances do not get cleared on issuing clear conn.

ASA/FTD may traceback and reload in Thread Name 'lina'

Datapath hogs causing clustering units to get kicked out of the cluster

Management DNS Servers may be unreacheable if data interface is used as the gateway

ASA: Traceback and reload during tests of High number of traffic flows and syslog messages

ASA/FTD may traceback and reload in Thread Name 'DATAPATH-34-17852'

FTD VMWare tracebacks at PTHREAD-3587

SNMP OID ifOutDiscards on MIO are always zero despite show interface are non-zero

ASA/FTD may traceback and reload in Thread Name 'lina'

Connection drops during file transfers due to HeartBeat failures

Thirty-day automatic upgrade revert-info deletion is not resilient to communication failures

FMC clean_revert_backup script fails silently without creating any logs

FTD sends multiple replicated NetFlow records for the same flow event

SSX Eventing continues to go to old tenant upon FTD migration to CDO.

FTD 1120 standby sudden reboot

SNMP Unresponsive when snmp-server host specified

Traceback on FP2140 without any trigger point.

Cross ifc access: Revert PING to old non-cross ifc behavior

Daily Change Reconciliation Report Randomly Generating Reports with the same time periods

FTD upgrade failling on script 999_finish/999_zz_install_bundle.sh

ASA - Traceback the standby device while HA sync ACL-DAP

[ENH] FMC to pull FTD device current SRU version rather than device records for SRU deployed.

FTD HA sync failure due to "CD App Sync error is Failed to apply SSP config on standby"

Certificate Encoding Issue when using AnyConnect cert Authentication/Authorisation

ASA/FTD traceback and reload on thread DATAPATH

SFDataCorrelator logs "Killing MySQL connection" every minute, causing performance problems

FMC backup fails with "Registration Blocking" failure caused by DCCSM issues

Cisco Secure Access: Occasional traffic loss occurring through FWaaS

FTD OSPFV3 IPV6 Routing: FTD is sending unsupported extended LSA request to neighbor routers

ASA cluster traceback Thread Name: DATAPATH-8-17824

Hardware bypass not working as expected in FP3140

Source of the VTI interface is getting empty

Config-url is accepting directory as the config file

Node kicked out of cluster while enabling or disabling rule profiling

ASA/FTD - may traceback and reload in Thread Name 'Unicorn Proxy Thread'

ASA traceback and reload during ACL configuration modification

FMC does not generate email health notifications for Database Integrity Check failures.

Capture-traffic Clish command with snort3 not producing a proper resulting capture

Firewall traceback and reload due to SSH thread

FMC-4600: Pre-Filter policy is showing as none

ASA/FTD may traceback and reload in Thread Name 'DATAPATH-13-6022'

FTD/ASA may traceback and reload in PKI, syslog, during upgrade

Fail open snort-down is off in inline pairs despite it being enabled and deployed from FMC

VPN load-balancing cluster encryption using Phase 2 deprecated ciphers

ASA/FTD may traceback and reload in Thread Name 'lina' due to a watchdog in 9.16.3.23 code

ASA/FTD high memory usage due to SNMP caused by RAVPN OID polling

FTD with may traceback in data-path during deployment when enabling TAP mode

FailSafe admin password is not properly sync'd with system context enable pw

ASA: The logical device may boot into failsafe mode because of an large configuration.

ACP rule is deleted when discarding changes, post rule reposition.

Standby manager addition is failed on Primary FMC due to previous entries in table

Stale HA transactions need to be moved to failed and subsequent HA transaction needs to be created

Device/port-channel goes down with a core generated for portmanager

In FIPS mode, External auth with TLS config enabled, CLI logins are not working (FMC & FTDs)

ASA dropping IPSEC traffic incorrectly when "ip verify reverse-path" is configured

ASA : Modifying a route-map in one context affects other contexts

ASA SNMP OID cpmCPUTotalPhysicalIndex returning zero values instead of CPU index values

Stale asp entry for TCP 443 remains on standby after changing default port

FTD: Update WM firmware to 1023.0207

User assigned to a read only custom role is not able to view content of intrusion policy for snort2

Log spam in /var/log/messages: Out of range value for column 'map_id'

EIGRP migration failed using 'FlexConfig Policiies' script failed generating database corruption

Cisco FXOS Software Link Layer Discovery Protocol Denial of Service Vulnerability

Error Fetching Data in Exclude Policy Page when non permanent exclude periods are selected

Deployment stuck on FMC when device goes down during deploy and doesn't boot up

OSPF Redistribution route-map with prefix-list not working after upgrade

Alert: Decommission failed, reason: Internal error is not cleared from FCM or CLI after acknowledge

File-extracts.logs are not recognised by the diskmanager leading to high disk space

PSU fan shows critical in show environment output while operating normally

FTD ADI debugs may show incorrect server_group and/or realm_id for SAML-authenticated sessions

ASA/FTD: SSL VPN Second Factor Fields Disappear

Username-from-certificate secondary attribute is not extracted if the first attribute is missing

ipv6 table flush exception when cli_firstboot installs bootstrap configuration multi instance

ASA: Snmpwalk shows "No Such Instance" for the OID ceSensorExtThresholdValue

Unable to SSH into FTD device using External authentication with Radius

tls website decryption breaks with ERR_HTTP2_PROTOCOL_ERROR

TLS1.3: core decode points to tls_trk_try_switch_to_bypass_aux()

use kill tree function in SMA instead of SIGTERM

Detailed logging related to reason behind sub-interface admin state change during operations

ASA/FTD traceback and reload due to file descriptor limit being exceeded

Health Monitor Alerts set in Global are not sending alert from devices assigned in leaf domain

Hostnames are replaced with IP addresses in alert email content

Module name displayed in the alert got changed and it is differ from the one set in FMC

FTD HA should not be created partially on FMC

FDM deployment failure

Policy Apply failed moving from FDM to FMC

Hairpinning of DCE/RPC traffic during the suboptimal lookup

Deployment fails on new AWS FTDv device with "no username admin"

FTD HA Failure after SNORT crash.

ASA/FTD: Traceback and reload when running show tech and under High Memory utilization condition

Umbrella Profile and others cleared incorrectly when editing group policy in the UI

MonetDB startup enhancement to clean up large files

Radius traffic not passing after ASA upgrade 9.18.2 and above version.

installing GeoDB country code package update to FMC does not automatically push updates to FTDs

ASA/FTD may traceback and reload in Thread Name IKEv2 Daemon

Deployment fails if Network Discovery policy reference is missing from FMC Database

ASA traceback and reload on Thread Name: DATAPATH

GTP inspection dropping packets with IE 152 due to header length being invalid for IE type 152

FMC Validation failure for large object range and success for object network in NAT64

Incorrect health monitor alerts for ISE-PIC connectivity

low memory/stress causing traceback in SNMP

ISA3000 Traceback and reload boot loop

We should be skipping sru_install during for Minor patch upgrades and install only on required basis

FMC Deployment preview shows different information before and after FTD deploy

Monetdb having 14GB of unknown BAT data causing "High unmanaged disk usage on /Volume"

Snort3 traceback with fqdn traffics

ASA/FTD: DNS Load Balancing with SAML does not work with VPN Load Balancing

ASA/FTD: Cluster incorrectly generating syslog 202010 for invalid packets destined to PAT IP

FTD drops double tagged BPDUs.

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.

FTDv may traceback and reload in Thread Name 'PTHREAD-3744' when changing interface status

API:/operational/commands not working as swagger indicate

"Update file is corrupted" for "Download Latest Cisco Firepower Geolocation Database Update." in FMC

ASA traceback and reload on Thread Name: pix_flash_config_thread

ASA|FTD Traceback & reload in thread name Datapath

Event Searching with Objects and Networks Leads to only showing events matching Objects

Threat Defense Service Policy - Reset Connection Upon Timeout not working

Their standalone FTD running 7.2.2 on FPR-4112 experienced a traceback on the SNMP module

FTD 7.4.1 Snort shows 100% utilization even at a low traffic rate

Snort3 traceback and restarts with race conditions

Service object-group protocol type mismatch error seen while access-list referencing already

Unable to Synch more then 100 environment-data with data unit

Snot3 traceback in TcpReassembler::scan_data_post_ack

SSL protocol settings does not modify the FDM GUI certificate configuration or disable TLSv1.1

Decryption policy page is empty if user that modified/created policy was deleted.

Error thrown if Security Analytics user tries to access Packet Capture page

ASA/FTD : Port-channels remain down on Firepower 1010 devices after upgrade

7.4 - If policy save in progress deploy might indicate failure for only few devices

Interface fragment queue may get stuck at 2/3 of fragment database size

Cut-Through Proxy feature spikes CP CPU with a flood of un-authenticated traffic

ASA Traceback and reload on Thread Name "fover_parse" on Standby after Failover Group changes

Internal error when attempting to configure PBR in FMC

interface idb logging log rotation to FXOS logrotate utility

RAVPN SAML: External browser gives misleading message when FTD/ASA fails to parse assertion

Blocking SMB traffic with reason "Blocked by the firewall preprocessor"

Bootstrap after upgrade failed - Resume HA with reason deployment already exists

Multiple lina cores on 7.2.6 KP2110 managed by cdFMC

ASA/FTD may traceback and reload in Thread Name 'lina'

High disk usage caused by large write-ahead log in eventdb

ZTNA: FMC pushes incorrect sp-acs-url parameter - "?" encoded as 0x3F

ZTNA: FMC doesn't accept IdP with local domain

ASA/FTD may traceback and reload in Thread Name 'lina'

CVE-2023-51385 (Medium Sev) In ssh in OpenSSH before 9.6, OS command injection might occur if a us

Debugs failed to be enabled on SSH session

The SSH transport protocol with certain OpenSSH extensions, found in ... (CVE-2023-48795)

ASA/FTD Traceback and reload related to SSL/DTLS traffic processing

SFDataCorrelator timeout thread deadlock detection core on busy FMC

Threat Defense Upgrade wizard might incorrectly show clusters/HAs as disabled

Null pointer dereference in SNMP that results in traceback and reload

ASA/FTD may traceback and reload in Thread Name "appAgent_monitor_nd_thread" & Rip: _lina_assert.

MonetDB memory usage grows slowly over time

traceback and reload around function HA

DHCPv6:ASA traceback on Thread Name: DHCPv6 CLIENT.

Flow velocity metric in IAB settings is incorrect.

WARN msg(speed not compatible, suspended) while creating port-channel on Victoria CE

The report doesn't include "Default Variables" information after change "Variable Sets" name

ASA/FTD may traceback and reload in Thread Name 'webvpn_task'

FMC: Packet-tracer showing a "Interface not supported" error for VLAN interfaces

Devices might change status to "missing the upgrade package" after Readiness Check is initiated

FMC configured DAP rule with Azure IDP SAML attributes does not match

Policy deployment failures on TPK MI chassis after redeploying same instance

During FMC hardware migration failure encountered due to missing prometheus directories

Error logs generated for ssh access to ASA when eddsa is used as kex hostkey

Continuous snmpd restarts observed if SNMP host is configured before the IP is configured

ASA/FTD: Memory leak caused by Failover not freeing dnscrypt key cache due to unsyned umbrella flow

Creating DAP policy with underscore "_" is not visible as applied to Remote Access VPN policy

ASA/FTD may traceback and reload in Thread Name 'lina'

upgrade of FMC to 7.2.x removes FlexConfig-provided EIGRP authentication from interfaces on FTDs

Intermittent Packet Losses When VTI Is Sourced From Loopback

Firewall is in App Sync error in pseudo-standby mode and uses IPs from Active unit

standard error (stderr) not inserted into restore.log when restoring FMC backups

Download failed for Available Upgrade Packages

"Stream: TCP normalization error in NO_TIMESTAMP" is seen when SSL Policy decrypt all is used

Unable to delete custom DNS Server Group Object post upgrade 7.2.x

Devices in HA pair shows as standalone in Threat Defense Upgrade page

FTD: Improve or optimize LSP package verification logic to run it faster

ASA/FTD traceback and reload in Thread Name: IKEv2 Daemon when moving from active to standby HA

Configuring MTU value via CLI does not apply

Standby FTD experiencing periodic traceback and reload

Memory exhaustion due to absence of freeing up mechanism for tmatch

Transparent firewall MAC filter does not capture frames with STP-UplinkFast dst MAC consistently

FP2100/FP1000: ASA Smart licenses lost after reload

ASDM connection lost issue is observed in ASAv device due to config issue

CloudAgent Smart Agent Exception - The Smart Agent Manager requires NTP to be running on FDM

41xx/93xx : Update CiscoSSH (Chassis Manager FXOS) to address CVE-2023-48795

FDM deployment fails with error "Some interfaces have been added to or removed from the device"

IKEv2 client services is not getting enabled - XML profile is not downloaded

FTD/Lina traceback and reload of HA pairs, in data path, after adding NAT policy

some ssh sessions not timing out, leading to ssh and console unable to connect to the FXOS CLI

FMC: Add logging for PM functions

Policy Deployment Fails when removing the Umbrella DNS Policy from Security Intelligence

FMC API Call for Network Object Overrides Returns Different Results for Active vs Standby FW

Incorrect Timezone Format on FTD When Configured via FXOS

Snort stripping packet information and injects its packet with 0 bytes data

HTTP/HTTPS detection for application needs to fail it's detection earlier

Unable to send unknown file disposition to ThreatGrid due to mem cache issue

MonetDB Monitor triggers for restarting MonetDB based on WAL size are not effective

Report file generated for AC policy is empty

ASA CLI hangs with 'show run' on multiple SSH

some stdout logs not rotated by logrotate

Upgrade Failed with error "Upgrade failed because of undeployed changes present on the device"

TLS Server Identify: 'show asp table socket' output shows multiple TLS_TRK entries

Modify UUID during license communication to avoid disrupting customer's licenses

External Radius authentication fails post upgrade if radius key includes special characters

VTI tunnel showing incorrect port-channel association info in VPN Monitoring page

SFData correlator keep terminating on FTDs configured for IDS

Traceback and reload on Primary unit while running debugs over the SSH session

Automatic VDB/SRU Download Fails Due to Simultaneous Signature Validation

Every realm sync indicates an access control policy change

Cisco ASA and FTD Software Command Injection Vulnerability

ASA:request to add "logging list" option to the "logging history" command.

FTD/ASA system clock resets to year 2023

Access to website via Clientless SSL VPN Fails

Unable to login to FDM GUI using external user account via RADIUS

FTD/ASA - SNMP queries using snmpwalk are not displaying all "nameif" interfaces

ASA SNMP Polling Failure for environmental FXOS DME MIB (.1.3.6.1.4.1.9.9.826.2)

Migration of S2S from ASA to FMC across domains

Heap-use-after-free in Discovery Filter on Snort shutdown

Deployment doesn't timeout as notification (but not started), runs for hours after LSP install

Run All function on FMC Health Monitoring page is greyed out after upgrade

"crypto ikev2 limit queue sa_init" resets after reboot

FTD: Hostname Missing from Syslog Message

FTD SNMP OID 1.3.6.1.4.1.9.9.109.1.1.1.1.7 always returns 0% for SysProc Average

SSH/SNMP connections to non-admin contexts fail after software upgrade

Chromium-based browsers have SSL connection conflicts when FIPS CC is enabled on the firewall.

Push clear configure access-group to avoid error while applying access group on FTD

ASA traceback and reload after configuring capture on nlp_int_tap and deleting context

FTD traceback assert in vni_idb_get_mode and reloaded

EIGRP bandwidth is changing after upgrade or after "shutdown"/"no shutdown" commands

Tomcat restarts in the middle of the LTP flow due to certificate update

Cisco ASA and FTD Software Persistent Local Code Execution Vulnerability

Policy deployment failure rollback didnt reconfigure the FTD devices

FMC: Multiple Email address in Email Alert not working

Snort process spamming syslog-ng messages so our on KP platform syslog-ng is being killed

VMXNET3 driver is not getting loaded automatically on the bootup for FMCv300

logging list MANAGER_VPN_EVENT_LIST getting removed and re-applied for every deployment

Policy deployment failure in standalone FDM due to an interface error

Backup failures needs to be displayed with the correct state on GUI

ASA Checkheaps traceback while entering same engineID twice

Backup generation on FDM fails with the error "Unable to backup Legacy data."

pmtool restart of monetdb fails to bring up monetdb, too many files in monetdb Volume directory

SFDataCorrelator creates huge numbers of to_import files when MonetDB table partition creation fails

FMC : Health Monitor Alert is not properly issued regarding disk usage

vFMC25 OCI to vFMC300 OCI migration failed 'Migration from Y to a is not allowed.'

In Spoke dual ISP case if ISP2 is down, VTI tunnels related to ISP1 flapping.

Deleting Snort 3 IPS Rule doesn't Generate Audit Log

ENH: FTD Add debug message to indicate "No CRL found in User identity Certificate"

Intermittent loss of management traffic due to DHCP service failing to start

ASA/FTD may traceback and reload in Thread Name DATAPATH due to GTP Spin Lock Assertion

FMC Server Certificate shows Only First 20 Objects

ASA upgrade from 9.16 to 9.18 causing change in AAA ldap attribute values by adding extra slash '\'

Deployment failure due to exceeding logging event list name size

FTW no longer working in NM3 on Warwick

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.1

FMC: fireamp generating too many logs

FTD: HostScan scanning results not processed in version 7.4.1

ICMP replies randomly does not reaching the sender node when initiated from the node.

Upload files through Clientless portal is not working as expected after the ASA upgrade

BBManager text based search - lucene

Unable to remove suppression from snort3 rule once added

FP 3100 MTU change on management interface is NOT persistent across reboots (returns to default MTU)

The secondary device reloaded while rebooting the primary device.

Cisco ASA and FTD Software Web Services Denial of Service Vulnerability

Web Contents files appear as text/plain when they should be application/octet-stream

Never expiring machine user not logged out at various places

Policy cache cleanup thread should cleanup any cache that is left open for a logged out session

Crypto IPSEC SA Output Showing NO SA ERROR With IPSEC Offload Enabled

FMC-SSE Cloud Configuration SSE Enrollment Failure alert due to empty connector.toml file on the FTD

Backup exits with memory allocation error on 4115

TSS_Daemon process is exiting every minute

SAML: Single sign-on AnyConnect token verification failure is seen after successful authentication