06-02-2024 09:29 PM
Hi,
Last week we upgraded from ASA 9.18.4.22 to 9.18.4.24 running on Firepower2120 because the firewall reboots occasionaly since we upgraded from 9.18.3.56 due to VPN DDoS attacks.
ASA 9.18.4.24 introduces a new bug that kept me up all night to fix it: At boot time it delete all object-groups plus the associated access-lists and nat rules.
According to Cisco TAC it is this bug from 2023 that came back to latest suggested releas.
However, in our case we have not enabled ACL optimization in any of our ASA contexts:
# show running-config object-group-search
no object-group-search access-control
Is it just me that gets the impression that ASA software qualitiy decreases from relase to release? Not even the suggested tag in download portal can be trusted anymore.
Regards,
Bernd
06-11-2024 02:53 PM
hi Marvin,
just updated the standby box to .29, unfortunately the problem is still there. the configuration is not complete on the standby box - objects, acl, nat rules are missing - checked with CLI and ASDM
regards
06-11-2024 10:36 PM
Maybe we should create a dedicated thread for every ASA minor and interim release where everybody could post their experience. Each release is like a surprise egg. On our ASA 5516-X it usually ran fine, but same ASA version on Firepower 2120 usually had a surprise. I have the impression that multicontext setup with active contexts on primary and secondary device for load sharing causes additional issues.
06-11-2024 11:51 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide