Preview Tool

Cisco Bug: CSCvs61972 - Deleting a rules under FW policy when multiple rules are configured, fails

Last Modified

Jul 21, 2020

Products (68)

  • Cisco IOS
  • Cisco Catalyst 9300-48U-A Switch
  • Cisco Catalyst C9500-16X-E Switch
  • Cisco Catalyst 9300-48T-A Switch
  • Cisco 4221 Integrated Services Router
  • Cisco ASR 1000 Series IOS XE SD-WAN
  • Cisco Catalyst 9300-48UXM-A Switch
  • Cisco Catalyst 9400 Supervisor Engine-1XL-Y
  • Cisco Catalyst 9300-48UN-A Switch
  • Cisco Catalyst 9800-40 Wireless Controller
View all products in Bug Search Tool Login Required

Known Affected Releases

16.12.3 17.2 Gibraltar-16.12.2r

Description (partial)

can't update existing zone-based firewall policy with the following or similar error message from vManage (depends on the actual rules set, ports, protocols):

Device failed to process request. Error received from the device is : 
error-type - Application, error-tag - Invalid-value, error-severity - Error, error-message lang="en" - Inconsistent value: Device refused one or more commands:
% Invalid input detected at '^' marker."
 no tcp 1510
% Invalid input detected at '^' marker."
 no tcp range 28000 28020
% Invalid input detected at '^' marker.", 
severity xmlns="" - Error_cli, 

bad-command -  icmp, parser-context - No object-group network RULE_2020-seq-61-network-src-og_
bad-command -  no tcp 1510, parser-context - No object-group network RULE_2020-seq-61-network-src-og_
 no tcp 1510, 
bad-command -  no tcp range 28000 28020, parser-context - No object-group network RULE-seq-61-network-src-og_
 no tcp 1510
 no tcp range 28000 28020

zone-based firewall is being used and user trying to change some rules
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.