Symptom
In the FMC, there is nothing selected under Original Client field under Source Network, however the rules deployed on FTD are still showing xff value. For example following can be seen in the ngfw.rules file on sensor:
allow any y.y.y.y 32 any any any any any any (ipspolicy 6) (xff x.x.x.0/20)
x.x.x.x on FMC is selected in source network but appears as xff value in rule. As a result traffic will not match this rule as desired.
Conditions
This issue is seen with FMC running 6.4.0.9 and FTD deployed wth 6.3.0.x so far in lab and customer environment.
Workaround
Delete the rule>>deploy>>>recreate>>>deploy, Then the rules are appearing without xff parameter.
Further Problem Description
none.
