Re: CSCwh64784 - FTD is not matching ACP rules with multiple FQDN obje

atsukane · ‎11-21-2024

Hi, any update with this bug? suppose there has not been any fix yet?

The suggested workaround isn't really feasible in reality when there are dependencies on FQDNs in a hybrid environment with many AWS/Azure based VMs.

Symptom: Traffic does not match an ACP rule which has more than one FQDN object specified as source or destination networks. Instead, another rule below will be matched.

Conditions: 1) An ACP rule is configured with more than one FQDN object as a matching condition. 2) There are no IP-based objects in source or destination networks.

Workaround: For FQDN-based rules specify only one FQDN object. If needed, create a separate rule for every FQDN that should be matched.

marce1000 · ‎11-21-2024

- The bug report refers to https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj24828
which has fixed versions ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

atsukane · ‎11-21-2024

Thanks, I've looked at that earlier but that's for a similar bug and not the one we are after. And fixed versions don't include FTD software.

MHM Cisco World · ‎11-21-2024

Workaround is not work for you??

Also did you try DNS SI ?

In DNS SI you can specify all domain

MHM

atsukane · ‎11-21-2024

we've got a loads of hosts in AWS and Azure, so not realistic approach for us.

CSCwh64784 - FTD is not matching ACP rules with multiple FQDN objects