cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2187
Views
0
Helpful
5
Replies

Reboot ASA firewall

HI Team,

 

We have managed Cisco ASA 5585X firewall which is active passive cluster node so when we are add a new port on a single existing rule and push the policy then firewall's both node's was reboot. This issue is only presets on a single particular rule .

Those Firewall rule has a 6 object in source and 7 object in destination and already 50 ports/services are added in existing rule.

We are facing this issue since last 3 time on same rule but whenever we add a port on other rule then firewall was working fine.

Please provide the resolution.

 

Regards,

Abhishek

 

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

I should not belive pushing rule caused a reboot of FW.

 

if possible can you post the version of FW running and full config, explain what rule it was causing this issue.

 

have you captured any logs while you installing policy on a background see what is happening on the console?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

I should not belive pushing rule caused a reboot of FW.

 

if possible can you post the version of FW running and full config, explain what rule it was causing this issue.

 

have you captured any logs while you installing policy on a background see what is happening on the console?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Sir,


ASA Firewall version is 9.1 and hardware model is Cisco ASA 5585X.


This issue occur only one specific rule. When we are open RPC dynamic replication ports between two Exchange servers.


When we are add a single port on existing rule in GUI console and press OK and save, So console has showing processing wizard. Then firewall is showing standby mode and then reboot a active node and after few minutes firewall was working fine. But exchange port was not added on a rule.

Console has not showing and error/warning etc.


Please suggest if any limitation on adding ports/services on single rule.

 

Regards,

Abhishek

To be honest I have not clearly understood the problem still here. but you always required to push or publish policies on the Active FW., not from Standby.

 

i have ever seen the problem you described here. further assistance required you need to provide the config again.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Sir,

 

Sorry!!

We can't provide any internal ASA firewall configuration details of client.

 

 

 

 

Regards,

Abhishek

Recommend opening a TAC case if you cannot share details here.

Review Cisco Networking for a $25 gift card