Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2244
Views
10
Helpful
5
Replies

FirePOWER 6.4 Inline Set Modification

reheindel
Level 1
Level 1

‎04-02-2020 03:33 PM - edited ‎04-02-2020 03:34 PM

Due to a bug (CSCvq71351) in 6.4.0.7 - inline sets must be deleted/recreated if they need to be edited

 

Is there any potential traffic impact in deleting/recreating an inline set - as long as you don't push policy until after the inline set is rebuilt?

 

Seems to me you should not be affecting what the sensor knows about the configuration until the policy is pushed.

 

It was recommended by TAC to make changes off hours/maintenance window - was this just CYA?

 

Thanks,

B

0 Helpful
5 Replies 5

Cristian Matei
VIP Alumni
VIP Alumni

‎04-04-2020 09:13 AM

Hi,

 

    Never tried it, but your logic is correct. TAC recommends pretty much any changes to be done in a maintenance, in my experience, cause you never know in reality. If everything would behave the way it should, there would be no more bugs; you get the point.

 

Regards,

Cristian Matei.

reheindel
Level 1
Level 1
In response to Cristian Matei

‎04-06-2020 07:52 AM

Thanks Christian, I appreciate the reply and wholeheartedly agree - they are called bugs for a reason.

I have 12 inline sets to recreate - just to be safe I guess I'll just break them down into smaller change windows and do a few at a time - rather than edit/delete/recreate them all at once and push the updated policy a single time.

 

Bob

0 Helpful

Sheraz.Salim
VIP
VIP

‎04-04-2020 12:27 PM

similar bug hit us in our testing production environment we on version 6.5. TAC suggest the same advise. however we was in testing. in your case better raise a change control. this change is not production impact if you follow the TAC instruction but jsut in case to be safe.

please do not forget to rate.

reheindel
Level 1
Level 1
In response to Sheraz.Salim

‎04-06-2020 07:55 AM

Thank you Sheraz for the reply, we do submit change requests but best to do the entire change in a weekend change window.

 

I was hoping to edit the configuration on all 12 inline sets (across 4 sensors) at one - and push the policy a single time - but I'll be safe and break the changes into multiple smaller change windows

 

Bob

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to reheindel

‎04-06-2020 08:24 AM

Hi,

 

   You can still do all within the same maintenance window; just do one at a time, verify functionality, move to next one.

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card