Guest

Preview Tool

Cisco Bug: CSCvu98780 - FTD-API: CDO template apply is triggering rule delete bug

Last Modified

Oct 07, 2020

Products (1)

  • Cisco Firepower NGFW

Known Affected Releases

6.5.0.4 6.6.0 6.7.0

Description (partial)

Symptom:
Rule delete could fail in the middle

/ngfw/var/log/cisco/ngfw-onbox.log will exhibit an error looking as follows:

2020-07-07 23:39:56 ajp-nio-8009-exec-2: ERROR ExceptionHandlerAspect:51 - Managed ApplicationException:null-ContainerEntityService.deleteContained(..)

2020-07-07 23:39:56 ajp-nio-8009-exec-2: INFO  LogService:171 - 2020-07-07  23:39:56    127.0.0.1   -   localhost   443 DELETE  /api/fdm/latest/policy/accesspolicies/default/accessrules/d0f8df16-ba67-11ea-9c0a-45653be93400  -   422 -   0   103  Go-http-client/1.1  -

Specifically the deleteContained error is indicative of this error.

Conditions:
Firepower Threat Defense device managed by Firepower Device Manager. Configured a lot of access rules and then delete them together, either through CDO empty template or API script
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.