Duplicated objects after push to firewall

Yasm · ‎10-03-2013

Hello, we recently updgrade CSM to 4.3.0 service pack2 and we figure out that objet are duplicated with _xx when push are perform to FW asa version 8.4.How i can resolve the problem in order to avoid this duplicated objets.

4nt0n_Zamaraev · ‎10-03-2013

Hi Meda,

I mentioned that the duplication happens in case You're doin the discovery from the real device. At the time of discovery procedure CSM creates objects in its database with the _x suffix and the same values as in an "old" objects (without _x).

And at the next deploy CSM replaces old objects with a new ones. What I'm doing:

1) copying access-rules policy somewhere

2) discovery from the device device

3) clearing parsed config in Access Rules (deleting rules)

4) pasting rules that were copied earlier.

Result: the config is synchronized between CSM DB and the FW. No new objects are used.

This is a workaround, not a normal situation (otherwords - bug). Do not understand why it's needed to create new objects instead of using existed ones.

P.S. Just opened a case in Cisco TAC: changed the Global ACL (inheritance) for the FW. After that some of rules were missed in real device but existed in CSM DB. Branch was down for 2 hours.. Be aware and do preview config each time making deploy.

My CSM version is 4.4 SP2

Regards,

Anton

Yasm · ‎10-04-2013

Hi Anton,

CSM is nightmare , i will test your solution and i send you back a mail to give the result so thank you very much for our help .

regards

Meda

Yasm · ‎10-16-2013

Hi Anton,

Copying access-rules policy from FW or CSM ?

regards,

Meda