Cisco Bug: CSCvs50137 - Same Security Zone used in ACP rule is Not pushed to NGFW rules
Jan 27, 2020
- Cisco Firepower Management Center
Known Affected Releases
Symptom: ++ FMC running 6.4 version. ++ When the same Security Zone is configured in an ACP rule, this is NOT pushed to the sensor when deploying. For example: Allow ICMP from Inside zone to Inside zone. ++ The rule not being pushed will generate traffic intended to match this to be matched for another rule which might disrupt the traffic. For example if it matches a default deny rule. ++ The Access Control Entry using the same Security Zone as source and destination will NOT be pushed to the sensor configuration. Not even after force deploying or deploying individually to one sensor in case of having multiple ones. Conditions: ++ The issue was initially seen in 220.127.116.11 when managing SFR modules. Also, it was reproduced in the same version and 18.104.22.168. The SFR modules were running 6.2.3.X, so the issue seems to appear as soon as the FMC is upgraded.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases