05-02-2012 07:45 AM
I have a SSG-350m, and I think I may have caused an issue with the names I have given to address objects.
When I amend a policy in the GUI I get the following error in a dialog box:
"unset dst-address Internal Prod Network - 10.100.0.0/16"
"unknown keyword Prod"
When I hit ok on the dialog box it takes me back to the policy. I then hit cancel, and go back and the policy will be there, but if it was a multiple service policy there will have all gone bar one, and usually that one wasnt in the policy to begin with. I have seen other odd behaviour after this error, like the source objects change, seemingly randomly.
So I have a couple of questions here. Firstly are my address names the wrong format, is "Internal Prod Network - 10.100.0.0/16" not advisable? If so can you give me some guidlines on sensible object names that are suitable for the firewall.
Secondly, is this simply a software bug that is corrected in a later version, and if anyone else has seen this, what did they do to workaround it?
Version: 6.2.0r1.0 (Firewall+VPN)
05-02-2012 05:06 PM
05-03-2012 02:56 AM
Thanks for that. Yeah I looked through the cli output and saw that they are enclosed in quotes. I may upgrade to 6.3 and see if that sorts it out.
Im thinking about going back and renaming all objects to just the IP, and be verbose in the description instead. However, the idea of having a verbose object name makes it easier for others to quickly look at the policies in the gui and see what source / destination is without then having to click through to the adress objects themselves. I was trying to make support and troubleshooting easier for BAU guys.
05-03-2012 04:41 AM