The audit message you pasted means you unplugged the dedicated management port of this firewall, that's all.
"LAN Leash Lost asserted" means you unplugged the cable from that port.
"LAN Leash Lost deasserted" means you plugged the cable back into that port.
Make sure you are not trying to use the mgr1 port for regular traffic (like this LAGG interface).
I find this strange as I never removed the management interface cable.
What would cause the LAG ports to not work one a reboot unless I remove all the cables and plug them in one at a time about a minute apart?
If the port simply loses link it may trigger that audit also.
I don't have any guesses for your second question. I suggest looking at tcpdumps and the audit and investigating the switch you are plugging the firewall into for any errors also.
This is a new Cisco switch setup for LAG and not using LACP, so it is a static LAG. This switch is doing the same thing with connections to servers utilizing multiple ports and works just fine. The firewall is the only one having an issue with using LAG. From the administration console it will show all ports that make up the LAG interface as down when on the switch they are up and forwarding. Physically on the firewall the port lights are on and blinking but the firewall sees them as down. I am wondering how solid McAfee's use of Link Aggregation is all together. If I unplug all the cables for the LAG ports and add them one at a time each time I add a new one the interface stops communicating for about 10 seconds. I have never seen this on any other network equipment that utilizes LAG. Just curious how many others are using this on the McAfee firewall without any issues.
LAG on the McAfee firewall uses LACP and the Marker protocols defined by IEEE 802.1AX (formerly known as IEEE 802.3ad). The peer can be a switch that supports LACP or another system that supports LACP when directly connected to the firewall using crossover cables.
I stated it wrong. The switch is using static LACP. This was done because of what was stated in the firewall manual.
"Before you enable an Aggregate group on the firewall, make sure your connected switches are properly
configured and segmented. Switches with dynamic LACP enabled might place all LACP traffic in the
default VLAN. This can create a traffic loop in your network. To avoid this problem, configure your
switch for static LACP (Aggregate) groups that are assigned to different segmented VLANs."
We receive almost no calls on LAGG interfaces in Support. I do not see any recent bugs on LAGG interfaces either. Customers do not ever call us to say "Everything works great," so the fact that we take little to no calls on LAGG interfaces means either no customers use it at all or that customers do use it and it works just fine.
I would troubleshoot your issue using the audit and tcpdumps. Perhaps the audit filter 'acat -e "area Lagg"' would show you some helpful errors. You can also roll the audit (rollaudit -R d -w) and then reboot the firewall. Then check the firewall audit for errors related to the interfaces.