Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
0
Replies

FMC 6.2 Access Rule Empty Object Group

nevin.maurice1
Level 1
Level 1

‎11-30-2017 11:46 AM - edited ‎02-21-2020 06:52 AM

I am wondering how ASA/Firepower handles empty object groups in a rule.  For example, I have a rule with an object group for destination; all working fine.  I then have to make changes to the object group, and it turns out all IPs get removed from the object...so basically the object group is empty.  If I did not have a chance to update the rule or rules using that object group, how does the FW handle the processing of that "empty" object group.   Does it default to "any".  Does it treat the rule as a "no -match" when processing and move on to the next rule.

I understand, ideally, I should remove the empty object group, but sometimes when dealing with many firewalls at once, it can briefly get overlooked and I am just concerned how a FW may react to this situation.

 

Thanks

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card