Friday, July 23, 2021

FMC removes configuration on deploy to FTD

Anyone hitting this issue right now? We did an upgrade to 6.6 a few weeks back and it was fine until recently. Now we're hitting a behavior where FMC is removing configuration on the managed FTD, even though the relevant policy / object / config still exists.

For example, if you have an access control policy referencing some object named "Mail-Server-10.135.200.100", FMC may randomly decide that the rule and object no longer exists, and send commands to remove the rule entry and object.

The workaround? You change the thing referencing the object or rule and change it back, then re-deploy and cross your fingers hoping it doesn't remove something else.

We're hitting this on 6.6.1 and 7.0.0. We were specifically instructed by TAC to upgrade to 7.0.0 to fix this bug.

Jokes on us because we're still hitting it. We literally cannot make changes because it might remove something.



No comments:

Post a Comment