Service cannot be updated. It is currently being used in Business Application Rule(s)

Hallo,

wenn I try to edit or change a service in a existing firewall Rule I got the massage "Service cannot be updated. It is currently being used in Business Application Rule(s)"

So everytime I have to remove the service, safe the rule an now I can edit the service. This workaround is very annoying.

My Customers appliances are on Version SFOS 17.0.5 MR-5 and I think the problem exists since version 17.x.x

 

Kind regrets

  • Yes, since static Ports it was converted to Services Objects the management it is terrible.

    - To upgrade a service objects, it is needed remove from Business Application Rule, upgrade Service Object and after this add again on Business Application Rule

    - On Business Application Rule list, it is impossible to know (when you move mouse over rule) which ports are being used in rule. (it is needed check Service Objects to check the ports)

     

    IMHO the old method (fill the ports in usiness Application Rule) it was more more easy and less complex. THis current way require a lot of effor to a simple acction.

     

    Best regards

  • In reply to Carlos Cesario:

    Wow, this is terrible. Wenn I have a Service Object which is part of 10 or more Objects I have to remove it from all the Rules.

    This can't we the way!!!

  • In reply to Christian Braunisch:

    Ran into this bad behavior in SFOS 17.0.8 MR-8.  Anyone know if it's on the roadmap yet to be improved in newer versions?

  • In reply to momentum:

    I'm bumping this as well. There is no way that you should have to disable every single rule to make a simple service rule change. Why was this considered acceptable in development?

     

    The other question is, why does it allow you to edit the service if it knows you are using it elsewhere and it's not allowed, not even from the rule you are using it with?

  • I have the same issue. I have a lot of rules that I would like to make port changes to and it is very inconvenient to have to change each one, one by one. It would be way easier to just edit the service port since it is the same for all the rules.

    I think there is still a lot that needs fixed so it is easy to manage and not so tedious.  

  • In reply to Bradley Bengel:

    More than a year later and this problem still persist.

    It's very very very annoying, why should I remove the service from multiple firewall rule risking to forget to add it back to some rule?

     

    Unacceptable!!!