THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|^^^ASA 5506-X with Firepower Threat Defense, 8GE, AC
|ASA 5506-X with FirePOWER services, 8GE, AC, DES
|ASA 5506-X with FirePOWER services, 8GE, AC, 3DES/AES
|^^^^^ASA 5506-X A Domain Firepower Threat Defense, WiFi, 8GE, AC
|^^^^^^ASA 5506-X with FirePOWER services, WiFi, 8GE, AC, 3DES/AES
|ASA 5508-X with Firepower Threat Defense, 8GE, AC
|ASA 5508-X with FirePOWER services, 8GE, AC, DES
|ASA 5508-X with FirePOWER services, 8GE, AC, 3DES/AES
|ASA 5516-X with FirePOWER services, 8GE, AC, DES
|ASA 5516-X with FirePOWER services, 8GE, AC, 3DES/AES
|ASA 5516-X with Firepower Threat Defense, 8GE, AC
|ASA5506/5508/5516 Rework Process Issue
Some Adaptive Security Appliances (ASAs) provided as Return Material Authorization (RMA) replacements might fail in operation due to a rework process error that resulted in the omission of a proactive fix.
Due to a rework process error, some ASA5506, ASA5508, and ASA5516 security appliances that were provided as RMA replacements might be missing a proactive fix. The affected RMA replacements were shipped from spare depots to customers between April 2018 and July 2019. Manufacturing new units that shipped from spare depots or shipped by direct order fulfillment are not affected by this issue.
Affected security appliances will function normally on installation, but product failures are expected to increase over time. After the security appliance has failed, the unit will no longer function, will not boot, and is not recoverable.
The security appliance no longer functions and the system fails to boot. There will be no output from the console port.
In addition, the LED status indicators on the security appliance illuminate as follows:
- Power LED is green.
- Status LED is amber and blinking.
Cisco recommends replacement of affected ASA security appliances. There is no workaround for this issue.
Customers should request replacements for affected products with the link provided in the Upgrade Program Information section of this field notice.
For customers who request replacements, note that the license activation key is tied to the ASA chassis serial number. Contact the Cisco Licensing Team in order to have your current license transferred to the replacement chassis serial number. The Cisco Licensing Team will ask for the Product Authorization Key reference number and current serial number. For more information about ASA licensing, see Cisco ASA Series General Operations CLI Configuration Guide, 9.6.
How to Identify Affected Products
In order to determine whether your product might be affected by this issue, examine the chassis serial number of the security appliance.
The chassis serial number can be obtained from the CLI or through visual inspection of the security appliance. For units that have already failed due to this issue, a visual inspection of the security appliance or review of the Sales Order documentation is required.
show inventory command to obtain the chassis serial number (SN) of the appliance:
asa> show inventory
Name: "Chassis", DESCR: "ASA 5508-X with FirePOWER services, 8GE, AC, DES"
PID: ASA5508 , VID: V01 , SN: JMX1234ABCD
Note: In order to avoid Cisco bug ID CSCtz56314 (ASA5500-X Chassis Serial Number Not Visible from CLI), do not use the
show version command.
Visual Inspection of the ASA Security Appliance
The serial number information is located on the bottom surface of the appliance.
In order to verify your serial number(s), enter it in the Serial Number Validation Tool.
Serial Number Validation
Cisco provides a tool to verify whether a device is impacted by this issue. In order to check the device, enter the device's serial number in the Serial Number Validation Tool.
Note: For security reasons, you must click on the Serial Number Validation Tool link provided in this section to check the serial number for the device. Use of the Serial Number Validation Tool URL external to this field notice will fail.
Upgrade Program Information
Support Case Manager must
be used for ordering replacement parts for this Field Notice.
Click on the following link to open Support Case Manager in a new tab:
- Serial Numbers (SNs) must be provided and be affected.
- SN Entitlement Check will be performed.
- Order entry supports up to 50 SNs per request. If you have more than 50, you will need to submit more than 1 request.
- One ship to address per request.
- Service Request number (SR#) is not required, but if you have an Existing SR# please enter it for better tracking purposes.
|Updated the Upgrade Program Information to use Support Case Manager (SCM).
|Upgrade Program Information
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.