Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
- FMC has DHCP relay configured for the affected interface. - FTD will not have the dhcprelay (dhcp relay) configuration applied to the device. - FMC has no deployment error and shows the configuration.
- FMC on 7.2 - The FTD interface will have the "+" character in it.
- Remove the "+" from the interface name. - Re-deploy
Note: "..." indicates that there is more information but it is omitted for the sake of clarity. - According to the GUI the allowed characters are as follows: - "Interface name contains invalid characters. Name should follow the pattern: [ a..z, A..Z, _ ][ a..z, A..Z, 0..9, -, _ ,+,.]*" - The DHCP relay will be configured if the "+" character is not utilized. > show dhcprelay state ... Interface inside., Configured for DHCP RELAY SERVER ... - Change the interface name to have a "+" at the end rather than "." > show dhcprelay state ... Interface inside+, Not Configured for DHCP ... > - On the FMC we see the following in the respective DeltaFiles: root@fmclab3:/var/cisco/umpd# cat 141733923223/DeltaFile_1071b542-a7cc-11ed-bbf0-bd78db5a7725.txt no strong-encryption-disable policy-map policy_map_inside+ no match flow-rule qos 268434436 exit policy-map policy_map_inside match flow-rule qos 268434436 police output 10000000 312500 exit policy-map global_policy class class-default exit no service-policy policy_map_inside+ interface inside service-policy policy_map_inside interface inside no policy-map policy_map_inside+ vpn-addr-assign local no dp-tcp-proxy interface GigabitEthernet0/0 nameif inside. exit - Changing the name to include a "+" root@fmclab3:/var/cisco/umpd# cat 141733923342/DeltaFile_1071b542-a7cc-11ed-bbf0-bd78db5a7725.txt no strong-encryption-disable policy-map policy_map_inside no match flow-rule qos 268434436 exit policy-map policy_map_inside. match flow-rule qos 268434436 police output 10000000 312500 exit policy-map global_policy class class-default exit no service-policy policy_map_inside interface inside. service-policy policy_map_inside. interface inside. no policy-map policy_map_inside no dhcprelay enable inside. <<< This is "automatically" generated by the FMC. Configuration is still present in GUI. vpn-addr-assign local no dhcprelay timeout 60 no dp-tcp-proxy interface GigabitEthernet0/0 nameif inside+ exit root@fmclab3:/var/cisco/umpd#