I have just built a new server running csm 4.2 and migrated my database over to it.
I then did a change to one of our firewalls.
It promptly errored on the deployment of custom services so I had to swap them out for just port numbers.
The next problem was it took a lot of the rules on the external interfaces of the firewalls out.
We have access groups structured as follows.
Second level (about 50 of these)
Each of these Objects can contain anything from 1 to 100 ip addresses i.e.
It appears that CSM 4.2 has a problem with deploying this sort of stacked object - I am just glad I didn't do this on the production firewalls as they contain thousands of these rules.
I have now switched 4.0.1 back on and reployed the same config from there without any issues.
Can anyone shed any light on this?