Explore the latest product updates and best practices at our hybrid Checkmk Conference #12 from June 16-18, 2026 – Register here
back to website

Werk #18739: cisco_secure: Fix false CRIT alerts on Cisco Firepower virtual interfaces

Component Checks & agents
Title cisco_secure: Fix false CRIT alerts on Cisco Firepower virtual interfaces
Date Feb 17, 2026
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.6.0b1
Not yet released 		Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.5.0b1
Not yet released 		Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p22
Not yet released 		Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p43
Not yet released 		Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

The cisco_secure check plugin incorrectly reported CRITICAL "Port Security" violations on Cisco Firepower FX-OS appliances for virtual interfaces called Vethernet, even when no actual security violations occurred. It triggered a CRITICAL status whenever the port security status was "shutdown" (value 3), regardless of whether the violation_count was 0 and no violating MAC address was recorded.

This fix ensures that the check only reports CRITICAL alerts when there is clear evidence of a security violation—specifically, when the violation_count is greater than 0 or a violating MAC address is detected.

As a result, users will experience fewer false CRITICAL alerts on Cisco Firepower virtual interfaces, improving alert accuracy and reducing unnecessary investigations. To apply this fix, users should update the cisco_secure check plugin to the latest version; no additional configuration changes or restarts are required.

To the list of all Werks