Security policy doesn't match custom device in custom device group

Forum|Forum|7 years ago
September 17, 2018
1 reply
2527 views

Hi All,

With FGT 5.6.5 a security policy that includes a custom group (which includes custom device objects) is not matching to the last custom device I added to the custom group. When I add that same custom device to the same security policy directly along with the custom group it correctly matches to the device.

I thought I had seen something about not matching some items in custom groups a while back, but I haven't been able to find the mention of it in the forum or release notes. Anybody else seen anything similar to this?

tanrAuthor

New Member

Figured out what was causing this, which looks like a minor bug. The particular device in the custom group had had an additional MAC address (dual NIC) added to its definition after the device was already part of the custom group. This caused the custom group to automatically update itself to include both the device AND the device restricted to the (unused) other NIC. It looks like this somehow overrode the device entry in the custom group that referred to both NICs and thus didn't match. Removing the entry with the single NIC fixed it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded