Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2
13.0.0, 12.1.2 HF1
Opened: Nov 22, 2016
Related Article: K01174447
After syncing an access policy, the access policy change on the other device should be prompting you to apply the policy, but instead it applies the policy automatically.
Policy changes are automatically applied, when they should only be synced with a prompt to apply after the sync.
Two or more devices configured in a trust group, one device group is a failover device group, and one device group is a sync-only device group with automatic sync enabled. A key component that triggers this symptom is that the failover device group is listed first in the configuration. When this occurs, the policy will be applied automatically, which shouldn't occur.
After syncing an access policy, the access policy change on the other device in the trust group now prompts you to apply the policy, which is correct behavior.