Experts,

Not sure what has happened here but after upgrading my ASA to 9.9.1 from 9.6.3, a global MPF policy I had applied was removed from the configuration. This policy was doing default traffic inspection as well as DNS inspection for use with DNS doctoring. I tried re-applying the policy to the device. The device would take the command but not actually add the command to the configuration. I also use an interface policy for traffic policing and DDOS protection so at first I thought the device was no longer allowing the use of both an interface policy and a global policy together. I tried to shift some of the inspection configurations to the interface policy. I got that to work but noticed that one of the commands I added there would not take. Here is what I had in the global policy:

policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ipv6
inspect icmp

user-statistics scanning

So after moving this inspection config to the interface policy, I noticed that all commands showed in the configuration except for the 'user-statistics scanning' part. So I removed that from the global policy and re-added the service-policy command to add the global policy to the configuration. This time the device took the command and added it to the configuration. So it seems somewhere between 9.6.3 and 9.9.1, the user-statistics scanning command has been removed or no longer works. With that command as part of the policy-map, I cannot apply the policy and have it stick in the config. The device takes the command and gives no errors but the command does not show in the configuration. Does anyone know if the 'user-statistics scanning' command has been deprecated? Whats the deal here? Thanks in advance for any help.