When I try to deploy ZBFW rules to my router, CSM gives me the following error:
%No specific protocol or access-group configured in class CSM_ZBF_CLASS_MAP_6 for inspection. All packets will be dropped
It is also deploying strange commands like:
class-map type inspect match-all CSM_ZBF_CLASS_MAP_4
match access-group name ###CMAP_ACLNAME6
no match access-group name CSM_ZBF_CMAP_ACL_4
Have you ever seen it before? Why is it asking about and ACL that does not exist? Why is it issuing strange commands?
I may provide you with further information, if you wish.
I will never recommend to do any Firewall Configuration via SDM, CCP or SDM. Things will just not work as they should (All of this based on my experience).
I have seen both of them in the past.
I would recommend to provide us the config and then we will tell you if we see something strange but try to do this via CLI (Trust me, U need this)