Personal computing discussed

Moderators: Steel, notfred

 
mushin26
Gerbil In Training
Topic Author
Posts: 2
Joined: Thu Sep 28, 2017 8:20 am

SNMP UPTIME and FWSM

Thu Sep 28, 2017 8:30 am

Hello,

We have a module FWSM Firewall Version 4.1(3) runing in a 6509-E switch.
It is in production enviroment. We start receiving a warning message related to the utptime counter:

##########################

Notification Type: PROBLEM

Service: Uptime cisco ASA
Address: 10.10.10.2
State: WARNING

Date/Time: 29-08-2017 Additional Info : SNMP WARNING - *2703369900*

##########################

Apparently the rollover of this counter should not impact the equipment service.
However, looking in the internet we found that for some switches/some versions the rollover of this counter force the reboot of the equipement.

So, I have some questions:

1- Is there any possibility that the FWSM module (Firewall Version 4.1(3)) reboots when the counter rollover?
2- Is there any possibility that we lost the access to the FWSM module when the counter rollover?
3- Is there any possibility that the show version command get affected and do not show the good information (Ex: FWSM up 312 days 21 hours) after counter 497 days?

What should we expect and how to protec us if there is an impact.

Do we need to reset the FW before the rollover?

Thanks in advance for your help
 
TheRazorsEdge
Gerbil First Class
Posts: 146
Joined: Tue Apr 03, 2007 1:10 pm

Re: SNMP UPTIME and FWSM

Thu Sep 28, 2017 9:32 am

mushin26 wrote:
1- Is there any possibility that the FWSM module (Firewall Version 4.1(3)) reboots when the counter rollover?
2- Is there any possibility that we lost the access to the FWSM module when the counter rollover?
3- Is there any possibility that the show version command get affected and do not show the good information (Ex: FWSM up 312 days 21 hours) after counter 497 days?

What should we expect and how to protec us if there is an impact.

Do we need to reset the FW before the rollover?

Thanks in advance for your help


1. You found information on the internet indicating that some hardware/firmware combinations will reboot. Now you need to perform due diligence. Either verify that your specific equipment is not affected, or plan to be available during the rollover in case there is an extended outage.

2. If the device reboots, it will be unavailable until it finishes rebooting. Cisco switches typically reboot faster than PCs, so I would expect a minimal outage---if there is one at all.

3. A counter rolling over usually means that it resets to zero. Your uptime metric will change---whether the switch reboots or not. In computers, an integer may rollover to something besides zero, so your uptime may reset to something other than zero.

Since you have about 6 months until it rolls over, see if you can reboot it before then. Then it won't be a problem again for a long time.
 
just brew it!
Gold subscriber
Administrator
Posts: 49671
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: SNMP UPTIME and FWSM

Thu Sep 28, 2017 10:03 am

I am a little surprised a major vendor like Cisco may have a service affecting bug like that. However, if you are concerned about a potential unscheduled outage, a planned reboot at a time when the network is least busy (maybe the middle of the night on a weekend?) would be a reasonable precaution.

As an aside, you should be careful when posting any information about your firewall version/configuration on web forums. I have no idea whether you posted your question from the network behind that firewall, but if you did, the operators of any web sites you posted this question on now know the exact model and version of your firewall and your public IP address. An unscrupulous web site operator could leverage that information to compromise your network, If the firewall has any known security vulnerabilities. This may seem excessively paranoid, but in these days of massive corporate and government network security breaches, erring on the side of caution would be wise.
Nostalgia isn't what it used to be.
 
mushin26
Gerbil In Training
Topic Author
Posts: 2
Joined: Thu Sep 28, 2017 8:20 am

Re: SNMP UPTIME and FWSM

Thu Sep 28, 2017 10:46 am

Thanks for your advice

Actually there is not bug reported for this equipement however in the past the rollover of this timer has cause problem to other equipements. So, it is just precaution.
However, I will planned a reboot in order to avoid surprises.

Note:
The information provide is not 100 % correct i modified it before post it.

Thanks for your help
 
TheRazorsEdge
Gerbil First Class
Posts: 146
Joined: Tue Apr 03, 2007 1:10 pm

Re: SNMP UPTIME and FWSM

Thu Sep 28, 2017 11:36 am

just brew it! wrote:
If the firewall has any known security vulnerabilities.


With Cisco releasing firmware updates regularly and the stated uptime being nearly a year, you can almost guarantee there are known vulnerabilities.

Our network guys typically only update in response to vulnerabilities (unless the update includes important bug fixes), and they still update several times a year.

Who is online

Users browsing this forum: No registered users and 11 guests