This article is more than 1 year old
Resistance is futile: Some Cisco security appliances are ticking time bombs of fail thanks to faulty resistors
After 18 months, they can just fall over. The fix is asking Borgzilla for a new one
Resistors, which cost a few cents apiece, are bricking pricey Cisco Adaptive Security Appliances (ASAs).
A Cisco field notice reveals that models ASA5508 and ASA5516 “might fail in operation, after 18 months or longer, due to a damaged component.”
“Due to a manufacturing process issue, some ASA5508 and ASA5516 security appliances might have a damaged resistor component,” the advisory added.
“Security appliances with a damaged resistor will function normally on installation and product failures are expected to increase over time beginning after the unit has been in operation for approximately 18 months. Once the security appliance has failed the unit will no longer function, will not boot, and is not recoverable.”
The firewalls’ power light will come on and shine green if everything's OK. If your box is borked, the status LED will go amber and blink. The 5508 unit costs about $700, and the 5516 around $3,000, so that’s a pretty pricey resistor failure.
Cisco UCS servers slugged by 'This SSD will self-destruct in 40,000 hours' firmware farragoREAD MORE
Cisco’s fix for the mess is sending you a new appliance. Administrators in Asia, Argentina, Mexico, Venezuela, Colombia, Brazil, Mexico, Russia, Turkey and the UAE have been warned they may need to wait up to three months for their new kit to arrive. Cisco blames “importation regulations” for that delay.
The field notice includes a form to apply for replacement kit, and a link to Cisco’s serial-number-checker so you can make sure your ASA is one of the problem units.
Cisco’s also added its 8856 series IP phones and model 190 and 191 analog telephone adapters to the list of products impacted by an expired certificate SNAFU. Owners of the devices need to install new certs to avoid symptoms that Cisco’s advisory describes as including a “loss of voice communications, intermittent call interruptions, or non-deterministic endpoint behaviour.” ®