Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
0
Helpful
4
Replies

Access Control Policies are not deploying correctly.

kashifglobal12
Level 1
Level 1

‎10-08-2018 11:52 PM - edited ‎03-12-2019 07:01 AM

Dear all,

 

I had a very unusual situation. I have two firewalls 5516-x in active-standby mode. I have configured NTP server locally and synchronize the fmc and sourcefire with that but after that suddenly my firewalls condition shifted reverse i.e the active one become the standby and vise versa. so after resolving this issue molicies are not deploying correctly in sourcefire  i.e user based access rules are not working. 

 

 

 

Labels:
0 Helpful
4 Replies 4

Ajay Saini
Level 7
Level 7

‎10-09-2018 03:30 AM

Hello,

 

Can you please clarify what error message is seen when deploying the policies through FMC. Or is that the policy is being pushed but not working. Please clarify and attach any screenshot etc.

 

Usually, if the deployment is stuck, you would have to engage Cisco TAC who can clear the stuck process using script in shell and fix it.

 

HTH
AJ

0 Helpful

kashifglobal12
Level 1
Level 1
In response to Ajay Saini

‎10-09-2018 11:59 PM

Thanks for your reply.

Policies are successfully deploying but not working correctly i.e when I
apply user policy on some user policy is working correctly but on some user
the internet is blocked and I have applied only one policy.
0 Helpful

babiojd01
Level 1
Level 1
In response to kashifglobal12

‎10-11-2018 10:33 AM

Here is a question, when you deploy the policy and it displays successful but does it take a while to finish? If you go back to the deploy button does the particular firepower module show up in the list as a device you can deploy to right after a successful deployment?

0 Helpful

Ajay Saini
Level 7
Level 7
In response to kashifglobal12

‎10-13-2018 08:00 PM

To be very frank, this is a vague info and not helpful in identifying the root cause.

To move further, I would encourage to look at what you require and what is not working. If you are saying that the rule is deployed correctly and not working for some hosts, then we need to run a packet-tracer on CLI and see where this is failing. Please run a pack-tracer and see which rule the non-working traffic actually hits.

 

HTH
AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card