Region Object Not Working in Security Policy
38906
Created On 09/25/18 20:36 PM - Last Modified 06/01/23 08:45 AM
Symptom
Policy is configured to block traffic with source address 'CN,' yet policy never matches for traffic sourcing from CN region.
Cause
A custom object named 'CN' under Objects > Regions was created.
This causes the idmanager mapping to associate 'CN' with the custom region object instead of the predefined CN country address block.
To confirm association with custom region object, run the following command:
>debug device-server dump idmgr type vsys-region all
ID Name
---------- --------------------
1024 vsys1+CN
Type: 35 Last id: 1025