Guest

Preview Tool

Cisco Bug: CSCut46545 - 5.2.x Application filter returns deleted apps

Last Modified

Jan 27, 2017

Products (31)

  • Cisco Firepower Management Center
  • Cisco FirePOWER Appliance 8120
  • Sourcefire 3D6500 Sensor
  • Sourcefire Defense Center 1000 Chassis
  • Cisco FirePOWER Appliance 8260
  • Cisco FirePOWER Appliance 8130
  • Cisco FirePOWER Appliance 8140
  • Cisco FirePOWER Appliance 8270
  • Cisco NGIPS Virtual Appliance
  • Sourcefire 3D2500 Sensor
View all products in Bug Search Tool Login Required

Known Affected Releases

5.2.0.8

Description (partial)

Symptom:
This is an issue we found during regression of VDB 7 Mary 3 (235.4 dev build on 5.2.0.8).

If you create an AC policy rule, then click the Applications tab and enter "Yahoo", it filters for all Yahoo! applications. One of these is "yahoo! file transfer". If you include those in a rule and apply it, you get the error "Policy has rules with missing detectors..."

This application detector was deprecated sometime around (or before) VDB 149, and it should not be returned in the UI as a possible application.

We've replicated this with various VDBs on 5.2.0.7 and 5.2.0.8. It's likely the problem has been around longer than that.

Cliff Judge investigated:

"The problem in a nutshell, is that appIds that are deleted are present in appIdInfo, where they should not be. This can prevent AC policy apply.

We haven't seen this with an "all risks" policy because the deleted appIds have no risk.

A weird aspect to this is that you don't see the deleted app show up in AC policy rules creation.

But if you try to create an AC rule with apps specified, and you use the search bar to create a filter of "yahoo" you won't be able to apply that policy."

In short, it appears to be a UI or AC Policy issue.

Per Costas:
"It shouldn't matter if the are in the appIDInfo table. In there, we have a field called "deleted" and if that's the case we should be using our queries to make sure that deleted != 0."

Conditions:
Search for the name of a deleted / deprecated app detector in an application name filter and apply it to an AC policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.