Flex Config help

tahscolony · ‎10-11-2024

While trying to insert WCCP into the FTD, the configuration was wrong, TAC gave me the wrong type of ACL which broke the configuration of our running FTD.

I have very limited knowledge of what or how flex config is. I need to remove the wccp part of the configuration so that I can remove the objects tied to it, otherwise it will continue to fail on deployment.

These are the errors

FMC >> clear config access-list Iport-01
3120-FTD >> info : Access-list Iport-01 is attached to class-map, route-map,
username, group-policy, route-inject, distribute-list, multicast, wccp,
dynamic-filter or dynamic-access-policy subsystem.
Please remove the relevant configuration before removing the access-list.

FMC >> clear config access-list HTTPS-Allowed
3120-FTD >> info : Access-list HTTPS-Allowed is attached to class-map, route-map,
username, group-policy, route-inject, distribute-list, multicast, wccp,
dynamic-filter or dynamic-access-policy subsystem.
Please remove the relevant configuration before removing the access-list.

FMC >> no object-group service ProxySG_ExtendedACL_123759482635793
3120-FTD >> info : Removing object-group (ProxySG_ExtendedACL_123759482635793) not allowed, it is being used.

FMC >> no object network Iport-01
3120-FTD >> error : ERROR: unable to delete object (Iport-01). object is being used.
Config Error -- no object network Iport-01

balaji.bandi · ‎10-11-2024

we are not sure what configuration provided by TAC, can you go back to cisco TAC case and esclate if this is broken for better support.

make sure you have correect variables : (check below documents) - what version of FTD ?

https://packetjourney.wordpress.com/2019/05/26/firepower-wccp-configuration/

https://community.cisco.com/t5/network-security/wccp-redirection-on-firepower-ftd-4110/td-p/3693642

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help