Bug: ASA REST-API bulk operation fail leaves API in inconsistent state
using the bulk API functionality ("/api") on my test ASAv, I tried to add the same rule twice to a new ACL.
The API call failed, as expected, with HTTP 400 and this message:
So far, as expected. But after this fail, the API and the ASA itself were no longer in a consistent state.
A "show access-list" on the ASA did not show any of the rules created, neither the unique one nor the duplicate.
A call to "/api/objects/extendedacls/TEST/aces/" however shows all rule as existing that were processed before the duplicate rule.
At this point, only three ways I found to "fix" it:
1. Reboot the ASA. It will then start with neither of the rules existent in the CLI nor the API
2. Manually creating a valid rule via the CLI. All the said-to-be succesfully created rules from the API will disappear, and only the new rule will exist. It seems that here the CLI will overwrite the state in the API.
3. Successfully(!) creating another rule via the API. This will cause the new API rule to exist in the ASA config, as well as those rules from bulk creation, that before only existed in the API. It seems that here the API try to match all of the rules it thinks should exist with the config, late-creating even those it failed to create in the bulk call before.
However, this behaviour does not seem to be expected.
Cisco Adaptive Security Appliance Software Version 9.6(2)
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult...
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a dev...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?