Field Notice: FN74175 - Cisco Secure Web Appliance Running Out of Disk Space Due to Cisco Cognitive Threat Analytics Reaching End of Service - Configuration Change Recommended

Available Languages

Updated:August 1, 2024
Document ID:FN74175

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

High
Impact Rating:
High
First Published:
2024-Aug-01
Last Published:
2024-Aug-01
Revision:
1.0
Cisco Bug IDs:

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected


Affected Software Product Affected Release Affected Release Number Comments
AsyncOS for WSA 11 11.8.0, 11.8.1, 11.8.1-023, 11.8.3, 11.8.4, 11.8.4-004  
AsyncOS for WSA 12 12.0.1, 12.0.1 GD, 12.0.1 GD-334, 12.0.1-268, 12.0.3, 12.0.3-005, 12.0.3-007, 12.0.4, 12.0.4-002, 12.0.5-011, 12.5.1, 12.5.1 GD, 12.5.1 GD-043, 12.5.1-011, 12.5.2, 12.5.2-007, 12.5.2-011, 12.5.3, 12.5.3-002, 12.5.4-005, 12.5.4-011, 12.5.5-004, 12.5.5-005, 12.5.5-008, 12.5.6-008  
AsyncOS for WSA 14 14.0.1 GD, 14.0.1 GD-053, 14.0.1 GD-503, 14.0.2, 14.0.3-014, 14.5.0(GD)-537, 14.5.0(GD)-673, 14.5.0-498, 14.5.1 MD-008, 14.5.1-008, 14.5.1MD-016, 14.5.2-011  
AsyncOS for WSA 15 15.0.0-322, 15.0.0-355, 15.1.0-287, 15.2.0-116  

Defect Information


Defect IDHeadline
CSCwk66804Impact on SWA (disk space) if GTA/CTA configuration enabled after GTA/CTA EoS

Problem Description


Cisco Cognitive Threat Analytics will reach end of service on August 1, 2024. As a result, Cisco Secure Web Appliances with a Cisco Cognitive Threat Analytics subscription that has a W3C Logs subscription with the SCP on Remote Server option enabled  will no longer be able to push SCP logs to etr.cloudsec.sco.cisco.com.

When an SCP log push is not successful from the Cisco Secure Web Appliance to the target server, the log files will be stored locally on the Cisco Secure Web Appliance until the SCP host is accessible and the Cisco Secure Web Appliance can push the logs successfully. If the feature/log subscription is not disabled, logs stored locally in the Cisco Secure Web Appliance because of an unsuccessful SCP push will fill up the disk space in the Cisco Secure Web Appliance, resulting in performance degradation.


Background


As of  July 31, 2024, Cisco Cognitive Threat Analytics services will no longer work because the product will reach end of service. For more information, see End-of-Service Announcement or the Cisco’s Global Threat Alerts (GTA) Service.


Problem Symptom


After July 31, 2024, Cisco Security Web Appliances with Cisco Cognitive Threat Analytics settings enabled with a Cisco Cognitive Threat Analytics Subscription will be at risk of filling the disk space.

When the disk space of the data directory exceeds the threshold of 90 percent, the following will happen:

  • An alert message will display in the Top Alerts section of the web UI. To see the alert, choose System Administration > Alerts > View Top Alerts.
  • A critical alert email will be sent to any configured alert recipients in System Administration > Alerts > Alert Recipients.
  • A warning message will be shown when a user with administrator privileges logs in to the CLI.

If the issue is not resolved, the following may be observed:

  • High latency while accessing the internet through Cisco Security Web Appliances
  • Security services update fails
  • Unable to commit configuration changes

This list is not an exhaustive list of possible impacts.


Workaround/Solution


Solution

To avoid running into disk space issues, do the following from the Cisco Secure Web Appliance web UI:

  1. Choose Security Services > Cisco Cognitive Threat Analytics > Cisco Cognitive Threat Analytics Settings.
  2. Choose Disable.

If issues with disk space continue, open a case with the Cisco Technical Assistance Center (TAC).


Revision History


VersionDescriptionSectionDate
1.0Initial Release2024-AUG-01

For More Information

For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:

Receive Email Notification About New Field Notices

To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products