Guest

Preview Tool

Cisco Bug: CSCvv12127 - Series 3 policy deploy can fail when adding a large number of IPV4 source and destination AC rules.

Last Modified

Oct 13, 2020

Products (1)

  • Cisco Firepower Management Center Virtual Appliance

Known Affected Releases

5.4.0 6.0.0 6.1.0 6.2.0 6.2.1 6.2.2 6.2.3 6.3.0 6.4.0

Description (partial)

Symptom:
Policy deploy is failing with the following logs:
SF-IMS[16901]: [16901] pm:blkbirdconfig [ERROR] Could not add NFM rule #
'fwrule-1-8894-26680' (Pri 26680) to the rules database: (993281) Failure
nl-asmr-hmr-idps-ss01 SF-IMS[16901]: [16901] pm:blkbirdconfig [ERROR] Validation failed to repopulate NFM rules for NFE0!: Invalid Argument
rulesd0: too many unique ipv4_da values
rulesd0: Device #0: could not add rule 'fwrule-1-9573-28732'
 SF-IMS[16901]: [16901] pm:blkbirdconfig [ERROR] Could not add NFM rule #

Conditions:
Large number 5120+  of ipv4 destination and source AC rules.
Series 3 device ex 8350
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.