Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
0
Helpful
4
Replies

ASA 5506-x loosing its rules

daddum61
Level 1
Level 1

‎08-03-2020 09:54 AM

Installed 2 5506-x on 2 separate networks but identical config

they work ok for approx 3 days and then stop passing anything,

i am unable to access the devices and when rebooted they seem fine except the firewall rules have gone, all other config is ok

there is also no crash info

any ideas ?

they are internal firewalls on an old network that uses public ip addresses as it is not connected to the internet

thanks

0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎08-03-2020 12:32 PM

What software version are you running on the ASA5506 ?  Are these in a HA pair? Also, are you using the Firepower module in the ASAs at all? 

Have you tried issuing a clear conn to see if there are stale connections that is causing this issue? Have your checked memory usage to see if there is a possible memory leak?

As for the configuration going missing, When you say firewall rules, I assume you mean the access lists?  Do all ACLs that are configured dissapear or just some of the newer added entries?

What is the confreg value configured on your ASA (should be 0x1)?  Can be seen in show version.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

daddum61
Level 1
Level 1
In response to Marius Gunnerud

‎08-03-2020 11:17 PM

These are stand alone firewalls, not part of a HA pair and i am not using firepower at all.

when they go wrong and i try to remotely connect to them, dome times i have to get someone to locally reboot them before i can access them.

It seems strange that the firewalls are on separate LAN's but typically they get the same problem within a few hours of each other.

it is the access list that goes and the guys locally have just been restoring from a backup to get the firewall working again and then it's ok for around 3 days.

i will check the confreg value and see what it is.

the only thing that is a little non-standard is that for the outside interface i have created a BVI and placed 4 of the switchports in the BVI. then 2 of these ports are connected (via media converters) to the end of a fibre ring that runs around 4 remote sites, the traffic is pretty light but the ring is running HiPER Ring for redundancy, however the ring is not yet complete.

I was going to try clear the BVI and put the 4 outside ports in an Etherchannel to see if that made any difference,.

 

0 Helpful

daddum61
Level 1
Level 1
In response to Marius Gunnerud

‎08-05-2020 04:07 AM

checked mem today, no leakage

and conf reg is 0x1

i did disable firepower as it was not disabled

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to daddum61

‎08-08-2020 06:59 PM

I am assuming you are saving the configuration after the rules have been added? You might want to upgrade your firewalls as this sounds like it is a bug.  If upgrading doesn't solve the issue I suggest opening a TAC case.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card