Guest

Preview Tool

Cisco Bug: CSCvs50137 - Same Security Zone used in ACP rule is Not pushed to NGFW rules

Last Modified

Jan 27, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.4.0.5

Description (partial)

Symptom:
++ FMC running 6.4 version.

++ When the same Security Zone is configured in an ACP rule, this is NOT pushed to the sensor when deploying.  For example: Allow ICMP from Inside zone to Inside zone.

++ The rule not being pushed will generate traffic intended to match this to be matched for another rule which might disrupt the traffic. For example if it matches a default deny rule.

++ The Access Control Entry using the same Security Zone as source and destination will NOT be pushed to the sensor configuration. Not even after force deploying or deploying individually to one sensor in case of having multiple ones.

Conditions:
++ The issue was initially seen in 6.4.0.5 when managing SFR modules. Also, it was reproduced in the same version and 6.4.0.6. The SFR modules were running 6.2.3.X, so the issue seems to appear as soon as the FMC is upgraded.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.