This is a quick article to highlight the potential interruption on Firepower devices caused by inspection interruption when updated are deployed to Firepower Threat Defense (FTD) devices.
I will continue to update this article if/when more tests are carried out.
Note: The following results may slightly differ in your environment.
Deploying a new policy to an FTD when a new SRU has been made available
The following test was conducted when a new Snort Rule Update (SRU) was downloaded to the FMC and the changes were then deployed to an FTD appliance. The following observation was made while using a single FMCv and FTDv.
While pinging ‘google.com’ 490 packets were transmitted and 456 of those packets were received. The remaining 6.9% (34 packets) were dropped as policy changes were being deployed.