cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1015
Views
5
Helpful
5
Replies
Engager

Can't remove port-object from service group.

Running 9.7.1.

Current config looks like this:

object-group service Guest-Wirelss-TCP tcp
 group-object ApplePush
 port-object range 5228 5230
 port-object eq 993
 port-object eq ftp
 port-object eq www
 port-object eq https
 port-object eq pcanywhere-data
 port-object eq smtp
 port-object eq 15000
 port-object range 30000 64000
 port-object eq 12000

When I try to remove an entry, I get this:

OPUSFW1# config t
OPUSFW1(config)# object-group service Guest-Wireless-TCP tcp
OPUSFW1(config-service-object-group)# no port-object eq 12000
Removing obj from object-group (Guest-Wireless-TCP) failed;
obj does not exist in this group
OPUSFW1(config-service-object-group)#

What am I mssing?

5 REPLIES 5
Highlighted
Beginner

Weird, tried on 9.6.2 with

Weird, tried on 9.6.2 with your config, removing port-object works just fine. Maybe something 9.7.1 related.


asa(config)# object-group service Guest-Wirelss-TCP tcp
asa(config-service-object-group)# group-object ApplePush
Specified group object (ApplePush) does not exist
asa(config-service-object-group)# port-object range 5228 5230
asa(config-service-object-group)# port-object eq 993
asa(config-service-object-group)# port-object eq ftp
asa(config-service-object-group)# port-object eq www
asa(config-service-object-group)# port-object eq https
asa(config-service-object-group)# port-object eq pcanywhere-data
asa(config-service-object-group)# port-object eq smtp
asa(config-service-object-group)# port-object eq 15000
asa(config-service-object-group)# port-object range 30000 64000
asa(config-service-object-group)# port-object eq 12000
asa(config-service-object-group)#
asa(config-service-object-group)# no port-object eq 12000
asa(config-service-object-group)#
asa(config-service-object-group)#
asa(config-service-object-group)#
asa(config-service-object-group)# end


asa# sh run object-group
object-group service Guest-Wirelss-TCP tcp
port-object range 5228 5230
port-object eq 993
port-object eq ftp
port-object eq www
port-object eq https
port-object eq pcanywhere-data
port-object eq smtp
port-object eq 15000
port-object range 30000 64000

Engager

For anyone looking closely

For anyone looking closely there is a typo in my original post...

Here's a simplified version:

OPUSFW1# config t
OPUSFW1(config)# object-group service TEST tcp
OPUSFW1(config-service-object-group)#  port-object eq 993
OPUSFW1(config-service-object-group)#  port-object eq ftp
OPUSFW1(config-service-object-group)#  port-object eq www
OPUSFW1(config-service-object-group)#  port-object eq https
OPUSFW1(config-service-object-group)# no port-obj eq https
Removing obj from object-group (TEST) failed;
obj does not exist in this group

I get that 7.7.1 is leading edge, but who'd have thought they'd break something so fundamental?

VIP Advocate

Is the port-object present

Is the port-object present when you issue the command show object-group id Guest-Wirelss-TCP ?

What about if you issue the command show run object-group id Guest-Wirelss-TCP ?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Engager

Yep, its there...

Yep, its there...

here's a create, show run, try to delete.  I'm pretty sure its either a bug or a hidden setting that I missed...

OPUSFW1(config)# object-group service TEST tcp
OPUSFW1(config-service-object-group)# port-object eq 993
OPUSFW1(config-service-object-group)#  port-object eq ftp
OPUSFW1(config-service-object-group)#  port-object eq www
OPUSFW1(config-service-object-group)#  port-object eq https
OPUSFW1(config-service-object-group)# exit
OPUSFW1(config)# exit
OPUSFW1#  show run object-group id TEST
object-group service TEST tcp
 port-object eq 993
 port-object eq ftp
 port-object eq www
 port-object eq https
OPUSFW1# config t
OPUSFW1(config)# object-group service TEST tcp
OPUSFW1(config-service-object-group)# no port-object eq https
Removing obj from object-group (TEST) failed;
obj does not exist in this group
OPUSFW1(config-service-object-group)#

Engager

Its a bug, CSCvd21541

Its a bug, CSCvd21541

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here