Have run into a few instances where newly-applied policies would become jumbled with other policies. I've seen this before when multiple admins were applying policies at or near the same time, but it occurred again recently and unable to tell if the policies were applied "simultaneously" or if the jumbled policies were applied at significantly different times.
Symptom: When a new policy is applied, portions of the policy are "jumbled" with another policy. For example, a policy applied this morning showed the correct port that was configured, but the configured destination address became the applied source address, and the applied destination address was the destination address of a different policy.
In a separate incident, I had applied a policy that appeared correctly upon application. Later another admin entered a new policy, and the "Description" from my policy moved from my policy to the new policy.
The only other time I've noticed this was during a time when multiple people were making changes simultaneously in a short period of time. This time it is unclear how far apart the changes were made, but believed the time span was significant enough to where the issue should not have been a stale configuration in one ASDM session. I cannot rule that out, however.
Currently looking for bugs in this ASA version and would appreciate any input if this is a known issue or can be reliably reproduced (so we understand the exact causal scenario).
Thanks, Jouni! Definitely heeding the advice - we're enabling the command preview and keeping an eye on pre-committed changes for anything odd.
I wish I had become more accustomed to the ASA CLI prior to now. I'm typically a "CLI-guy", but this new position allowed me to fondle many new devices. I put those ahead of getting up to speed on the ASA CLI and am slowly getting back to it. As I'm still using ASDM for many activities (and many one the team will still use it almost exclusively) we'll track it down. Of course any odd situation will need to be sniffed out, but I suspect this may be someone not refreshing their ASDM instance prior to applying configurations. We've seen that before but were able to definitively tie it down to an instance where someone applied a stale config.
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...