Cisco boxen hang after 213-and-a-half days
ASA and Firepower kit have death clock. Fix it by rebooting
If you're the lucky owner of Cisco Firepower or Adaptive Security Appliance devices, check the version number and see if you need to reboot your kit.
Switchzilla has discovered an operational (that is, not security) bug that makes the devices hang after continuous operation for around 18,446,400 seconds (213-and-a-half days).
The issue affects three Cisco FirePower software versions – 220.127.116.11, 18.104.22.168, and 6.2.0 – and 28 ASA (from 22.214.171.124 to 126.96.36.199).
“On March 29, 2017 Cisco became aware of an issue that affects all Cisco ASA and Cisco FTD security appliances that run certain versions of software. The affected versions of software cause the security appliance to stop passing network traffic after approximately 213 days 12 hours (~ 5,124 hours) of uptime”, Cisco's field notice says.
If you're working a failover config, the advisory suggests you restart the standby devices first, and in cluster setups, reboot slaves one at a time off-cluster, and when you've done the slaves, “move the master to one of the rebooted devices and then remove that device from the cluster, reboot it, and then have it rejoin.”
Keep an eye on Cisco's software download centre for coming updates that should fix the flaw. ®