Cisco Field Notice: FN - 72077 - FPR9300 and FPR4100 Series Security Appliances

Firepower 9300 Series appliance

Revision History

Revision	Publish Date	Comments
1.0	18-May-21	Initial Release

Products Affected

Affected Product ID	Comments
FPR9K-SUP
FPR-C9300-AC
FPR-C9300-DC
FPR-C9300-HVDC
FPR-CH-9300-AC
FPR-CH-9300-DC
FPR-CH-9300-HVDC
FPR4110-ASA-K9
FPR4110-NGIPS-K9
FPR4110-NGFW-K9
FPR4110-AMP-K9
FPR4112-NGFW-K9
FPR4112-ASA-K9
FPR4112-NGIPS-K9
FPR4115-ASA-K9
FPR4115-NGFW-K9
FPR4115-NGIPS-K9
FPR4120-ASA-K9
FPR4120-NGFW-K9
FPR4120-NGIPS-K9
FPR4120-AMP-K9
FPR4125-NGIPS-K9
FPR4125-ASA-K9
FPR4125-NGFW-K9
FPR4140-ASA-K9
FPR4140-NGFW-K9
FPR4140-NGIPS-K9
FPR4140-AMP-K9
FPR4145-ASA-K9
FPR4145-NGFW-K9
FPR4145-NGIPS-K9
FPR4150-AMP-K9
FPR4150-NGIPS-K9
FPR4150-ASA-K9
FPR4150-NGFW-K9
FPR-4110-K9
FPR-4112-K9
FPR-4115-K9
FPR-4120-K9
FPR-4125-K9
FPR-4140-K9
FPR-4145-K9
FPR-4150-K9

Defect Information

Defect ID	Headline
CSCvx99172	M500IT Model Solid State Drives on 4100/9300 may go unresponsive after 3.2 Years in service

Problem Description
Due to a flaw in SSD firmware, the SSD that is internal to the FPR9300 Supervisor module and FPR4100 Series security appliances will no longer respond after approximately 3.2 years of cumulative operation. After the first unresponsive event occurs, every subsequent power-cycle allows the SSD to operate for approximately 6 weeks of cumulative operation before the SSD will no longer respond again.

Background
After 28,224 hours (approximately 3.2 years) of accumulated Power On Hours (POH), a memory buffer overrun condition occurs which triggers the firmware event in the SSD. This event causes the drive to become unresponsive until it is power-cycled. No data loss will occur when the memory buffer overrun firmware event occurs. A power-cycle of the FPR9300 Supervisor module and FPR4100 Series security appliances restores normal operation of the drive. The drive continues to operate normally for 1,008 additional accumulated POH (6 weeks), at which time the drive becomes unresponsive again. Power-cycling the FPR9300 Supervisor module and FPR4100 Series security appliance again will re-initiate the 1,008-hour window.

Note: This issue affects an internal SSD component that is not field-replaceable. The field-replaceable SSDs are not affected by this issue.

Problem symptom
The FPR9300 and FPR4100 Series security appliances no longer pass network traffic. Users with valid credentials might not be able to log in to the management console.

Workaround/solution:

Workaround
A power-cycle of the FPR9300 Supervisor module or FPR4100 Series security appliance is required in order to temporarily recover from this issue. However, this failure will reappear after 1,008 hours of operation.

Solution
In order to prevent occurrence of this issue and disruption to the network and operations, Cisco recommends to proactively upgrade the SSD firmware before the accumulated uptime reaches 28,224 hours.

Refer to the Serial Number Validation section to determine if your security appliance is affected. Use the FPR9300 supervisor module serial number or the FPR4100 series chassis serial number for validation.

If the system is already impacted, the SSD firmware upgrade will permanently resolve this defect.

A product return and replacement (RMA) is not recommended because the firmware upgrade process will resolve the issue.

A service contract is not required to download the referenced software images.

Note: Both Step 1 and Step 2 must be performed in this sequence to complete the SSD firmware update.

Step 1: Upgrade the FXOS chassis software to one of the following versions. This software is available from the Cisco Software Download Center:

FXOS 2.2.2.148 or later
FXOS 2.3.1.215 or later
FXOS 2.4.1.273 or later
FXOS 2.6.1.229 or later
FXOS 2.7.1.143 or later
FXOS 2.8.1.152 or later
FXOS 2.9.1.143 or later
FXOS 2.10 or later

See the Cisco Firepower 4100/9300 Upgrade Guide for instructions on how to upgrade the FXOS software.

Step 2: After upgrading the FXOS software, apply the Firepower 4100/9300 Firmware Upgrade Package version 1.0.19 or later to update the SSD firmware revision.

After Firmware Upgrade Package 1.0.19 or later has completed installation, you can enter the following commands to view the SSD firmware revision.

firepower-chassis /firmware/firmware-install # top

firepower-chassis# scope chassis 1

firepower-chassis /chassis # show sup version

SUP FIRMWARE:

    ROMMON:

        Running-Vers: 1.0.15

        Package-Vers: 1.0.19

        Activate-Status: Ready

    FPGA:

        Running-Vers: 2.00

        Package-Vers: 1.0.19

        Activate-Status: Ready

    SSD:

        Running-Vers: MU03

        Model: Micron_M500IT_MTFDDAT128MBD

If the SSD Model is Micron_M500IT_* and the Running-Vers is MU03 or later, then the SSD firmware update was successful. Other SSD Models are not affected by the issue.

Note: Reimaging the security appliance will not downgrade the SSD firmware revision after it has been updated.

Serial Number Validation
This field notice provides the ability to determine if the serial number(s) of a device is impacted by this issue. In order to verify your serial number(s), enter it in the Serial Number Validation tool at https://snvui.cisco.com/snv/FN72077.

For more information:
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive email notification for new field notices
My Notifications – Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.