ASDM service policy and SFR inspection issue

niko · ‎09-28-2017

5525-X, 9.6(3)14 & ASDM 7.8(2)

Trying to understand if I've missed up the configuration ir there's something wrong.

Basically, I cannot change SFR redirection status via ASDM for that class-map within service policy. Configuration seems pretty basic:

policy-map global_policy
class inspection_default
<default-inspections>
class CLASS-SFR
sfr fail-open monitor-only

#

class-map CLASS-SFR
match access-list ACL-SFR

... and ACL contains some permit rules to forward traffic for SFR.

That stuff works and I can, for example, enable/disable monitor-only via CLI.

When trying to do it via ASDM I get the following message and I'm not able to change anything:

But I DON'T have default inspection enabled that policy rule.

But I've seen this on two devices, so is there really something wrong with the configuration?

Marvin Rhoads · ‎09-29-2017

I believe you may have double clicked to edit the global service policy.

If so, instead try using "Add, Insert" under your global service policy.

niko · ‎09-29-2017

Class-map with ACL has been created and that's the one I'm clicking on.

Anyway, that's a bug. When trying it on 7.8(2) - failing. When trying on 7.6(2) - showing properly. Nothing changed in configuration, just ASDM version.

Marvin Rhoads · ‎09-29-2017

OK. In that case I'd recommending raising a TAC case to help ensure its resolution. The more cases opened, the more weight given to prioritizing the fix.