Cisco seems to be having a rough go of it lately with bugs that have a time bomb for certain hardware and software. Following up on the Signal Component issues – that plagued a large number of product lines (And in Cisco’s defense affected more than just Cisco – other vendors are affetected). I’m still waiting to find out when my Meraki MX84 will be replaced on that one 🙂
Yesterday, Cisco released another Field Notice as well as a blog post, this time affecting a good number of ASA code versions dating back to 9.1.x, and certain FirePower versions. The Field Notice states that all appliances are affected, so this is not a hardware issue like the Signal Component, but a software bug. After around ~ +213 days, the appliance will just start to stop passing network traffic.
No workarounds listed (Cisco has stated updated versions will be available in the coming weeks), other than to perform a planned reload of the ASA or FTD appliance. So plan accordingly for a reboot so you don’t get stuck in a unexpected outage situation.
To find out how long your appliance has been online, run the command show version | grep up.
Here’s the table that lists the affected ASA code versions. The Field Notice is also assocated to Bug CSCvd78303 from Cisco.
| Products Affected |
|---|
|
CISCO FIREPOWER 6.1.0.1
|
|
CISCO FIREPOWER 6.1.0.2
|
|
CISCO FIREPOWER 6.2.0
|
|
ASA 9.1.7.11
|
|
ASA 9.1.7.12
|
|
ASA 9.1.7.13
|
|
ASA 9.1.7.15
|
|
ASA 9.1.7.9
|
|
ASA 9.2.4.15
|
|
ASA 9.2.4.17
|
|
ASA 9.2.4.18
|
|
ASA 9.4.3.11
|
|
ASA 9.4.3.12
|
|
ASA 9.4.3.6
|
|
ASA 9.4.3.8
|
|
ASA 9.4.4
|
|
ASA 9.4.4.2
|
|
ASA 9.5.3
|
|
ASA 9.5.3.1
|
|
ASA 9.5.3.2
|
|
ASA 9.5.3.6
|
|
ASA 9.6.2.1
|
|
ASA 9.6.2.11
|
|
ASA 9.6.2.13
|
|
ASA 9.6.2.2
|
|
ASA 9.6.2.3
|
|
ASA 9.6.2.4
|
|
ASA 9.6.2.7
|
|
ASA 9.6.3
|
|
ASA 9.7.1
|
|
ASA 9.7.1.2
|