https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302304#M1121450 <P>Yes, those conflict errors can still happen even on a blank FMC. Here's why:</P><H3>Why You’re Seeing Conflicts</H3><UL><LI><P>The ACP you're importing likely has objects (like network, service, or zone objects) that are <STRONG>referencing things that don't exist</STRONG> yet on the new FMC.</P></LI><LI><P>Some objects might have <STRONG>duplicate names</STRONG> or <STRONG>missing dependencies</STRONG> from the export.</P></LI><LI><P>Even though the FMC is clean, the ACP still depends on certain settings or objects it used before.</P></LI></UL><H3>What You Should Do</H3><OL><LI><P><STRONG>Check the conflict details</STRONG> on the FMC. It should tell you what objects are causing the problem.</P></LI><LI><P>If the object is unused, delete it.</P></LI><LI><P>If it’s needed, check if:</P><UL><LI><P>The name is already in use</P></LI><LI><P>It’s missing a reference</P></LI><LI><P>It can be renamed</P></LI></UL></LI><LI><P>Try resolving the conflict by either:</P><UL><LI><P>Renaming the object</P></LI><LI><P>Creating the missing item manually</P></LI></UL></LI><LI><P>Make sure you can deploy the policy on the test FMCv without errors <STRONG>before exporting it to the production FMC.</STRONG></P></LI></OL><H3>Final Tip</H3><P>If you’re unsure, try importing the same ACP into another test FMCv running the same version as production. That way you can catch errors before pushing it live.</P> Wed, 25 Jun 2025 09:34:51 GMT rovianjaxiel 2025-06-25T09:34:51Z https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302259#M1121447 <P>Hi,</P><P>I have exported an ACP from on FMC 2500 onto a blank new FMCv. I have then upgraded the FMCv and plan on migrating that ACP to a newer FMC already in production and migrating two firewalls.&nbsp;</P><P>My issue is when I imported the ACP onto the blank FMCv I have conflict errors. I am unsure what these are and how to resolve them or if they need resolving before exporting and importing again onto the final destination FMC.</P><P>&nbsp;</P><P>Are these naming conflicts or something else? As it is a blank FMC i wouldn't of thought that was the case.</P><P>How do I resolve?</P> Thu, 24 Jul 2025 05:24:30 GMT https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302259#M1121447 NetworkMonkey101 2025-07-24T05:24:30Z https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302286#M1121448 <P>&nbsp;</P> <P>&nbsp; -&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1495947">@NetworkMonkey101</a>&nbsp; &nbsp;<FONT color="#FF6600"><EM> &nbsp; &nbsp; &nbsp;FYI :</EM></FONT>&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp29808" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp29808</A></P> <P>&nbsp; M.</P> Wed, 25 Jun 2025 08:26:18 GMT https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302286#M1121448 Mark Elsen 2025-06-25T08:26:18Z https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302295#M1121449 <P>The policy analysis conflicts are just highlighting that some of your objects and/or rules have overlaps and are thus not entirely internally consistent. You have the opportunity to analyze them and potentially combine some unless you prefer to keep them as separately defined names for reasons external to the firewall (e.g., to better follow the business logic from a human-readable point of view).</P> Wed, 25 Jun 2025 09:03:54 GMT https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302295#M1121449 Marvin Rhoads 2025-06-25T09:03:54Z https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302304#M1121450 <P>Yes, those conflict errors can still happen even on a blank FMC. Here's why:</P><H3>Why You’re Seeing Conflicts</H3><UL><LI><P>The ACP you're importing likely has objects (like network, service, or zone objects) that are <STRONG>referencing things that don't exist</STRONG> yet on the new FMC.</P></LI><LI><P>Some objects might have <STRONG>duplicate names</STRONG> or <STRONG>missing dependencies</STRONG> from the export.</P></LI><LI><P>Even though the FMC is clean, the ACP still depends on certain settings or objects it used before.</P></LI></UL><H3>What You Should Do</H3><OL><LI><P><STRONG>Check the conflict details</STRONG> on the FMC. It should tell you what objects are causing the problem.</P></LI><LI><P>If the object is unused, delete it.</P></LI><LI><P>If it’s needed, check if:</P><UL><LI><P>The name is already in use</P></LI><LI><P>It’s missing a reference</P></LI><LI><P>It can be renamed</P></LI></UL></LI><LI><P>Try resolving the conflict by either:</P><UL><LI><P>Renaming the object</P></LI><LI><P>Creating the missing item manually</P></LI></UL></LI><LI><P>Make sure you can deploy the policy on the test FMCv without errors <STRONG>before exporting it to the production FMC.</STRONG></P></LI></OL><H3>Final Tip</H3><P>If you’re unsure, try importing the same ACP into another test FMCv running the same version as production. That way you can catch errors before pushing it live.</P> Wed, 25 Jun 2025 09:34:51 GMT https://community.cisco.com/t5/network-security/fmc-conflicts-and-overlaps/m-p/5302304#M1121450 rovianjaxiel 2025-06-25T09:34:51Z