Have run into a few instances where newly-applied policies would become jumbled with other policies. I've seen this before when multiple admins were applying policies at or near the same time, but it occurred again recently and unable to tell if the policies were applied "simultaneously" or if the jumbled policies were applied at significantly different times.
Symptom: When a new policy is applied, portions of the policy are "jumbled" with another policy. For example, a policy applied this morning showed the correct port that was configured, but the configured destination address became the applied source address, and the applied destination address was the destination address of a different policy.
In a separate incident, I had applied a policy that appeared correctly upon application. Later another admin entered a new policy, and the "Description" from my policy moved from my policy to the new policy.
The only other time I've noticed this was during a time when multiple people were making changes simultaneously in a short period of time. This time it is unclear how far apart the changes were made, but believed the time span was significant enough to where the issue should not have been a stale configuration in one ASDM session. I cannot rule that out, however.
Currently looking for bugs in this ASA version and would appreciate any input if this is a known issue or can be reliably reproduced (so we understand the exact causal scenario).
Thanks, Jouni! Definitely heeding the advice - we're enabling the command preview and keeping an eye on pre-committed changes for anything odd.
I wish I had become more accustomed to the ASA CLI prior to now. I'm typically a "CLI-guy", but this new position allowed me to fondle many new devices. I put those ahead of getting up to speed on the ASA CLI and am slowly getting back to it. As I'm still using ASDM for many activities (and many one the team will still use it almost exclusively) we'll track it down. Of course any odd situation will need to be sniffed out, but I suspect this may be someone not refreshing their ASDM instance prior to applying configurations. We've seen that before but were able to definitively tie it down to an instance where someone applied a stale config.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...