02-01-2018 01:21 AM - edited 02-21-2020 07:15 AM
Hello!
I have an ASA5506X with FirePower: ASA version 9.8.2.15, ASDM version 7.8.2.151, FirePower version 6.2.2.1 (Build 73).The Default system policy does exist, but I can't change it ( please see attached screenshots). I have got the Invalid object type error. Tried another client OS, another ASDM version - still have no luck. I believe this error is not tied to the client management software. It's must be somewhat under the hood. Maybe in the MySQL database or elsewhere. Unfortunately, opening a TAC case is not an option this time.
Does anybody have an idea what causes of this error ?
P.S. previously asked there: https://supportforums.cisco.com/t5/network-management/asa-5506-x-firepower-can-t-change-system-policy/m-p/3322440
04-01-2018 10:36 PM
Hi! I don't have a service contract for that ASA, so I can't open a case. Maybe John (see posts above) have some updated information.
04-02-2018 08:41 AM
04-02-2018 08:45 AM
Thank you for sharing the bug number. I have set up notifications to see when they have more info.
04-16-2018 11:20 AM
An additional note from TAC regarding the re-image/restore process:
"As for the re-image and restore. You are correct. A backup will not work in this instance as it would pull the bad object with it. I did test this in the lab. Since a backup would not work here, I tested another option of exporting policies and importing them into a re-imaged ASA configuration. I was able to import all policies back into the re-imaged SFR module without the object error."
I'm now in the process of planning the re-image procedure which is challenging since my unit is in a Security Management zone at a remote DC without access to an internal ftp or http server to host the package.
04-16-2018 10:34 PM
I wish you luck!
04-20-2018 12:57 AM
Hi All,
I have same issue but I'm on 6.2.3 upgraded from 6.2.2.2-81. However my url filtering is broken too. Everything is seen but just as 'uncategorized', but firepower can reach and resolve to brightcloud correctly.
jon you say 'URL Filtering lookups to the cloud also broke in the upgrade, but I'll detail that in a separate post once I get some answers.' Could you shed some light please?
Thanks,
H
04-20-2018 08:06 AM
hht,
Turns out the URL filtering is separate bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi45989/?rfs=iqvred
It is not related to upgrading, I was going through the re-image process on my lab 5506-x and the URL issue occurs when managing it from ASDM.
Workaround is to toggle "Lookup Uncategorized domains" off/on under Configuration > Integration > Cisco CSI
You will need to do this every time the module or ASA is rebooted.
I opened a case and there is no ETA on a fix, if Firepower is managed by an FMC and not ASDM the issue doesn't occur.
John
04-20-2018 08:43 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: