Preview Tool

Cisco Bug: CSCvt74385 - Delay in macOS/pfctl when adding dynamic split exclusions

Last Modified

Aug 17, 2020

Products (1)

  • Cisco AnyConnect Secure Mobility Client

Known Affected Releases

4.7(4056) 4.8(3036)

Description (partial)

Potentially an Apple macOS/pfctl issue.

A delay is macOS/pfctl in adding dynamic split exclusions is seen when the macOS endpoint(s) are joined to an Active Directory.

This pftcl behavior results in AnyConnect taking an unexpectedly longer time (in seconds) to add the dynamic split exclusions, which also causes a delay in passing traffic over the tunnel; potentially interrupting certain applications (VoIP, Streaming Applications, etc)

- AnyConnect (reported and seen when using 4.7.x and 4.8.x)
- macOS (seen on both 10.14.x and 1015.x)
-macOS endpoint is joined to Active Directory (has an AD binding)
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.