Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

can't remove an object group via CSM

Hi all

Can anybody help to solve the following problem;

When I want to remove an object-group via CSM I have to create an activity --- policy object manager--- network/hosts-- object xxx  --> delete . When I want to deploy CSM says there is nothing to deploy !! In my virtul firewalls the objectgroups are already deleted in CSM but on the running config they are still configured. What must I do to delete de objectgroup from the CSM databse aswell as removing it in the running config on my virtual firewalls ?????


Cisco Employee

can't remove an object group via CSM

Hi Eric,

If you don't see the object-groups configured in the CSM policy but you still see them in the running-config then it sounds like the CSM database is out-of-sync with what is in the device's running config.

If you are not using any ACL rule sections or shared policies, the easiest way to resolve this is to right-click on the device and select "Discover Polices on Device". This will remove the full config from the CSM database and re-populate it with what is in the device's running config.

Otherwise, you should manually create/delete rules in CSM so that they match what is currently configured on the device. Then, submit and deploy the changes. Finally, remove the object-groups after CSM and the device are back in sync.


CreatePlease to create content