THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Migration to new field notice system
|Affected Product ID
||WSA: mfi0 command timeout after hard reboot|
The security appliance might lock up while it boots after a hard power reset, an unexpected power reset, and/or an unexpected reboot.
The affected security appliances are vulnerable if the Redundant Array of Independent Disks (RAID) Controller state information is not updated before the unit executes a power reset.
Reset conditions that might cause the unit to lock up include:
- AC power loss
- ATX power reset (for example, if you press/hold the power button)
- Hardware watchdog initiated power-reset (initiated by the baseboard firmware)
- Kernel panics
- Customer intervention (for example, if the customer is forced to press/hold the power button)
- A soft reboot (if the security appliance is not able to complete a graceful reboot for any particular reason)
Any of these conditions might cause the device driver to wait indefinitely for a response from the RAID Controller Firmware, which prevents the appliance from executing a successful reboot.
If a system lockup should occur, the appliance is completely non-responsive and the interfaces are inaccessible. Once an appliance enters the lockup state, the condition is non-recoverable and the unit must be returned through the Return Material Authorization (RMA) process.
In order to prevent the lockup issue, it is necessary to upgrade the AsyncOS version of your appliance AND the RAID Controller Firmware of the appliance.
These AsyncOS for Web versions contain the new device driver:
- Version 7.7.0 build 760 (7.7.0-760)
- Version 8.0.6 build 101 (8.0.6-101)
- Version 8.1.0 build 235 (8.1.0-235)
In order to verify the AsyncOS software version that your Web Security Appliance (WSA) runs via the CLI, enter the version
Upgrade the AsyncOS of your security appliances and the RAID Controller Firmware.
Upgrade AsyncOS for Web to Version 7.7.0 build 760, Version 8.0.6 build 101, or Version 8.1.0 build 235. Later builds of Versions 7.7.0, 8.0.6, and 8.1.0, or versions later than Version 8.1.0 also fix the issues.
upgrades listed here in any order to prevent the issue:
- Upgrade the software version of your appliance to 7.7.0-760, 8.0.6-101, or 8.1.0-235, which includes the new device driver.
- Upgrade the RAID Controller Firmware.
Before you install the update for RAID Controller Firmware, save the configuration file to a location off of the appliance:
- In the graphical user interface, navigate to System Administration > Configuration File.
- Select Download file to local computer to view or save.
- Click Submit.
Upgrade the Software Version
Complete these steps in order to upgrade your appliance from the Web Interface:
- On the System Administration > System Upgrade page, click Available Upgrades.
The page refreshes with a list of available AsyncOS upgrade versions.
- Click Begin Upgrade in order to start the upgrade process. Answer the questions as they appear.
- When the upgrade is complete, click Reboot Now in order to reboot the security appliance.
Upgrade the RAID Controller Firmware
- Access the CLI interface.
Note: For the upgrade to run, you must run it from the CLI.
- From the CLI, enter upgrade. A list of available upgrades displays.
- Select the package Update for RAID Controller Firmware (For S380/S680, reboot required).
The update for RAID Controller Firmware package is provisioned only for appliances that require the upgrade. If you do not see the RAID Controller Firmware package in the list of available upgrades, you can assume that your appliance does not require the upgrade and you can skip any further upgrade steps.
- When prompted to reboot your machine, click Yes.
- Wait approximately fifteen minutes. Your machine should automatically reboot after approximately fifteen minutes.
Warning: If your machine does not automatically reboot in fifteen minutes, contact customer support. Do not attempt to reboot your machine again.
Note: After you run the firmware upgrade, the firmware upgrade package displays in the list of available upgrades even after a successful installation. The presence of this package does not indicate a failed upgrade.
- In order to verify that the upgrade has run successfully, you can run the upgrade script again after the machine has rebooted. If the upgrade was successful, the upgrade script indicates that the appliance does not require an upgrade.
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.