Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
have attempted to configure this in multiple ways without success - PBR in GUI ( Fails ) - Create ACL and then attempt to add to PBR (Fails) - Attempt to add through flexconfig (ACL addition fails)
To assist in the review of this. Here is a lab with FMC running 7.2.4 containing minimal configuration. To encounter the problem you will need to do the following: Through PBR Tool: - Navigate to Devices > Device Management - Edit the available FTD - Navigate to the "Routing" Tab > Then select "Policy Based Routing" from the left - Select "Add" - Choose inside for the "Ingress Interface" - Select "Add" again - for "Match ACL" click the plus sign "+" - Select "Add" again - Here is where you will encounter the issue. The desire is to create/use a FQDN Network Object in this Extended ACL to be used for PBR. I have multiple objects (cisco.com, dummies.com) However, Please test this by: - Select the plus sign "+" next to Available Networks - select "Add Object" - "Name" and describe as desired - Select FQDN for the Network Type - Enter an FQDN in the blank field (Ex: water.com )| - Save this object - Notice on the left that the Object is not available to be used in the list of Available Network Objects. Even if you search. - This Network Object can be found in Objects > Object Management. In the Network section As you see the configuration is unable to be utilized and if attempted through flexconfig an Extended ACL using FQDN is rejected as well.
No Workaround as of now
To assist in the review of this. Here is a lab with FMC running 7.2.4 containing minimal configuration. To encounter the problem you will need to do the following: Through PBR Tool: - Navigate to Devices > Device Management - Edit the available FTD - Navigate to the "Routing" Tab > Then select "Policy Based Routing" from the left - Select "Add" - Choose inside for the "Ingress Interface" - Select "Add" again - for "Match ACL" click the plus sign "+" - Select "Add" again - Here is where you will encounter the issue. The desire is to create/use a FQDN Network Object in this Extended ACL to be used for PBR. I have multiple objects (cisco.com, dummies.com) However, Please test this by: - Select the plus sign "+" next to Available Networks - select "Add Object" - "Name" and describe as desired - Select FQDN for the Network Type - Enter an FQDN in the blank field (Ex: water.com )| - Save this object - Notice on the left that the Object is not available to be used in the list of Available Network Objects. Even if you search. - This Network Object can be found in Objects > Object Management. In the Network section As you see the configuration is unable to be utilized and if attempted through flexconfig an Extended ACL using FQDN is rejected aswell.