*URGENT*NEW* Managed Releases for all Cisco Firepower Codes!* “SI & Smart License Issues are Symptoms to look for -March 5th brings Failed Cert”

*URGENT*NEW* Managed Releases for all Cisco Firepower Codes!*  Have you seen an error similar to this on Firepower yesterday or today? It’s not you, there is a cert error for all of Cisco’s Security Intelligence, and Smart Licensing, along with other defects, however, this is ONLY the symptom of a larger issue to come!

Cisco released the bug info here: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa70008

Symptom: The self-signed Sourcefire VRT certificate used for Talos Security Intelligence updates and ClamAV updates is being decommissioned and will not be renewed. Due to this change, Cisco Talos Security Intelligence and ClamAV signature updates will fail after March 5, 2022.

If you’re see the symptoms of Smart Licensing and/or Security intelligence issues, you need to install the new code before 3/5.

Symptoms: “SI and Smart Licensing errors” Worse problems in background you can’t see yet

Fix: “Install new Managed Release” When though? Over the next week or two.

Here is the Bug ID with the big problems that is now customer visible: CSCwa70008

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa70008

Release Version Fixed Version
Firepower 6.1.x Migrate to a fixed release (why are you on 6.1? go to 7.1)
Firepower 6.2.x Firepower 6.2.3.18 or later (go to 7.1 if you have FTD)
Firepower 6.3.x Migrate to a fixed release (go to 7.1)
Firepower 6.4.x Firepower 6.4.0.13 or later (go to 7.1)
Firepower 6.5.x Migrate to a fixed release (go to 7.1)
Firepower 6.6.x Firepower 6.6.5 or later (6.6 must have two patches installed!) (go to 7.1 if possible)
Firepower 6.7.x Firepower 6.7.0.3 or later  (go to 7.1)

Download and install the new released codes to solve these issue before 3/5.

7 Comments

  1. I’m in a Firepower Webex group that opened a tac case and TAC said 6.6.5 is actually affected and the fix is in 6.6.5.2 which is slated for March 9th…. 4 days after the expiration?

    1. The TAC engineer doesn’t have all the info. There will be a hotfix for 6.6.5 to address the SI issue because the patch won’t be out in time, so just look for that hot fix coming out soon

    1. Yes, but I need to stop short of telling you to do it incase your upgrade fails, etc :)
      assuming all goes well, which is usually does, 7.1 is superior to all previous codes by far
      Good luck!
      Todd Lammle

Leave a Reply

Your email address will not be published.