Hello _Val_

Since I am startig the comands execution with 'set cloning-group-management on', it was supposed that all the comands would be automatically replicated to the second FW, correct?

This expected replication is ocurring normally for all the commands inside 'comandos.txt' file. The only exception refers to the "set user adm_mickeymouse password-hash $6$PSTU$EvYh..." command. I mean, the hash config is not being replicated.

I realized that this is also happening even when I execute these commands (via clish) interactively.

But... When I create this user via Gaia GUI in FW1, the password is automatically and correctly replicated on FW2.

Thanks!

Oh I see. Is it for all users, or for this specific hash only? 

If the latter, I would assume the hash is treated as a variable, since it starts with $. Otherwise, looks like a but to me. If it is a global issue, please raise a TAC case for it.

This is happening for any user I try to create. And it seems that is happening for any hash.

I tried to use MD5 ($1$) hash and the behavior was the same.

I also tried to use single and double quotes around the hash (to try to avoid the 'hash being treated as variable'). But the behavior is the same.

I´ll contact TAC staff.

Thanks anyway!

Understood. Please let us know what TAC finds out, when it is resolved. Meanwhile, you can use the same scripts on both members to define users, without cloning groups feature

Yes, it would be possible to run the scripts separately. But in order to do that I would have to remove "Users and Roles" from the Cloning Group Shared Features list. Otherwise, the system will not allow me to add the user. It warns me with the following message: "CLINFR0699 This command belongs to a cloning group synchronized feature and therefore cannot be executed in normal mode."

Yes, I will let you know what TAC finds out!

Thank you very much for your attention and help!