Guest

Preview Tool

Cisco Bug: CSCvt10942 - Unable to use all-interface role on access control policies

Last Modified

Apr 17, 2020

Products (1)

  • Cisco Security Manager

Known Affected Releases

4.20(0)

Description (partial)

Symptom:
After creating a new Access Control Policy in CSM  upon deployment, We get the following errors on all Firewalls:

Description:  FWSVC ACL Settings Errors ->  The interface value All-Interfaces specified in ACL Setting Table maps to more than one interface on device
Cause:  The interface value specified in ACL Setting Table maps to more than one interface on device
Action:  Please make sure that the interface value in ACL Setting Table maps to only one interface on device 

This indicated that I cannot use the All-Interfaces role in the ACL Setting Table.  However, the documentation about the Setting table states:

The table lists the interfaces for which you want to configure special processing. The interface name can be a specific interface or an interface role (which can apply settings to more than one interface at a time), or Global for global ACL settings on ASA 8.3+ devices..
 
Also from the guide, "All-Interfaces—Includes every interface defined on a device, Global rules are best used for rules that you want to apply to all traffic that enters a device regardless of which interface it enters. "For example, there might be a specific host or subnet that you always want to deny or permit. You can create these as global rules,
 so they are configured once on the device instead of configured again for each interface (although functionally the same as an interface-specific rule
 configured for the All-Interfaces role,((All-Interfaces rules are repeated for each interface rather than being configured once on the device))."

Conditions:
creating a new Access Control Policy in CSM  and apply it to all-interfaces
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.