Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
678
Views
0
Helpful
1
Comments

Serious problem with Object Groups + Access Policies in FMC

mhmservice
Level 1
Level 1
‎01-15-2021 04:31 AM

Hi all

I've been having a major problem with Object Groups in FMC access policies

If I have a pre-existing line in a policy with an Object Group which contains a list of IPs, if I add an additional IP to that object group, then deploy, the traffic is still blocked

In order to fix the issue I have to copy and paste the lien in the policy, delete the old one, and then deploy again (basically create the policy entry in a faster way)

Does anyone have any ideas on why this might happen?

FMC is on version  6.6.1 (build 91) and it seems to affect all our FTD devices but the majority are ASA5506x running 6.2.3.12

Any advice greatly appreciated

0 Helpful
1 Comment
mhmservice
Level 1
Level 1
‎04-21-2021 05:34 AM
‎04-21-2021 05:34 AM

After struggling with this problem for a long time, finally saw this bug logged:

 

URL is not updated in the access policy URL filtering rule
CSCvw85377
Bug Search (cisco.com)
 
Updated FMC to 6.6.3 and our issue is solved
 
Better late than never...
 
 
 
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents