Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
150
Views
0
Helpful
2
Replies

time range fmc

sedaghati
Level 1
Level 1

‎07-09-2025 10:01 PM

Hi,
I have two Firepower 2100 series devices clustered and managed by FMC version 7.4.2. Previously, when I was using FMC 7.2, I had configured time ranges on some rules, and they were working correctly. However, after upgrading to version 7.4, the time ranges stopped functioning. Whether I apply a time range or not, the traffic still matches the rule. Even on days when the time range should not be active, the rule is still active and matches traffic.

The system time and time zone on the FMC are both set correctly. I also applied the latest patch (7.4.2.3), but it didn’t make any difference.

0 Helpful
2 Replies 2

wajidhassan
Level 4
Level 4

‎07-10-2025 09:45 AM

Recommended Actions
1. Verify Time Zone Configuration
Platform Settings → Time Zone: make sure your devices have the correct timezone assigned. If no timezone or set to UTC, time-range will evaluate incorrectly.

Confirm actual device time (show clock localtime on FTD CLI) matches your expectations.

2. Redeploy a Clean Copy
Sometimes removing and then re-adding the time-range object and its associated rule can help.

Ensure the object is directly referenced in the policy (Access Control, Prefilter, or VPN Group). Then deploy again.

3. Upgrade or Patch
Check for fixes in patch releases. Notably FMC 7.4.x Patch 3 and beyond may address some deployment errs (no documented fix, but user feedback suggests behavior improves).

If possible, consider upgrading to FMC 7.5+, as newer builds often resolve these edge-case bugs.

4. Limit FlexConfig Use
Users in similar situations noted that having FlexConfig or custom configurations can exacerbate object removal during deploys.

If using FlexConfig for this policy, try temporarily disabling it to see if the time-range consistently sticks.

5. Open or Escalate a TAC Case
This behavior is widely reported. Provide TAC with a deploy transcript showing the time-range commands being undone.

Ask for a bug ID (CSC?) if one exists, or request priority handling.

Summary
Issue Why it Happens What to Do
Time-range gets removed FMC “undefines” unused objects during deploy Re-add and redeploy policy referencing it
Devices ignore time-range Possibly due to timezone misconfig or object removal Verify timezone in platform settings and deployment logs
Bug in FMC 7.4 Known funky behavior in object handling Apply latest patches or upgrade to FMC 7.5+

Quick Checklist
Check timezone on devices and FMC platform settings.

Recreate the time-range object, reference it in rule/policy.

Deploy cleanly and watch logs for no time-range entries.

Disable FlexConfig temporarily if used.

Patch or upgrade FMC; target latest 7.4.x or 7.5+ builds.

Log TAC case with deployment transcripts.

0 Helpful

MHM Cisco World
VIP
VIP

‎07-10-2025 12:21 PM

show access-control-config <<- from ftd cli share output of this command 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card