Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Inbar_Moskovich
Employee Alumnus
Employee Alumnus

Python tool for exporting/importing a policy package or parts of it

Overview

ExportImportPolicyPackage tool enables you to export a policy package from a R80.x management database to a .tar.gz file, which can then be imported into any other R80.x management database.

This tool can be used for backups, database transfers, testing, and more.

In the case you are exporting a policy package from a CMA, please verify that a global policy was NOT assigned to that CMA.
The tool doesn't support exporting a policy with global policy assigned!

Description

This tool enables you to export a policy package (Access Policy, Threat Policy or both) from a management server into a .tar.gz file.

Notice

There are some types of objects that the script might not be able to export.
In such a case, an appropriate dummy object will be exported instead, and a message will be logged into the log files to notify you of this.
In the Check Point SmartConsole you can easily replace each of these objects by searching "export_error" in the search field, see where each object is used, create the necessary object manually, then replace it.

Instructions

Download the latest version from our GitHub repository: https://github.com/CheckPointSW/ExportImportPolicyPackage 
First, make sure you have [2.7.9 <= Python <= 2.7.14] installed on the machine running the script.
To export a package, run the import_export_package.py script. An interactive menu will guide you the rest of the way.
Command line flags may also be set in order to skip some or all of the menu.
A lot more details can of course be accessed with the [-h] option. This option also prints the current version of the tool.

Current tool version is V3.0.

Limitations

This export/import script does not gather all data from a given management server/CMA.
In general, it is limited by the R80.x Management APIs.
Specifically, this means:

  • CMAs with a Global Policy assigned cannot be exported
    • Workaround: unassign the Global Policy prior to export
  • Gateway/Cluster objects have to be recreated
    • Placeholder objects will be created
  • UserCheck messages have to be recreated
    • Placeholder objects will be created
  • The Internal Certificate Authority will not be copied. This means:
    • Re-establishing SIC with the appropriate gateways
    • Re-generating VPN certificates
    • Manually recreating HTTPS Inspection and DLP Rules
  • Other objects not currently readable/writable via the R80.x API will not be copied

Tested on version

R80.x
Releases earlier than R80 lack the necessary API support and are not supported.

 

Source Code Availability

The source code is available through GitHub: https://github.com/CheckPointSW/ExportImportPolicyPackage 

FAQ

Replies to this thread have locked.
Please refer to the FAQ below before you create a new post with your question.

When I run this tool, I get the message: APIResponse received a response which is not a valid JSON.

This most likely means you haven't enabled the API server yet.
See: https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Enabling-web-api/m-p/32641

I get an error message related to server fingerprint

Use the --unsafe option to ignore this error.

Can this tool export more than one policy package at a time?

Not currently, but you could call the tool in a script multiple times.

 

 

NOTICE: By using this sample code you agree to terms and conditions in this Terms and Conditions

 

262 Replies
PhoneBoy
Admin
Admin

It's possible the session is trying to create too many objects at once, though I believe the script should account for this condition.

You may also want to see if the objects already exist on the target system as that will cause the script to fail also.

0 Kudos
Neville_Kuo
Advisor

Yes, we've found Check Point is weak in such large scale, like too many logs(Over 70G per day), too many rules/objects to import at one, finally we chose migrate export/import to a brand new sms, and follow sk to change ip/hostname.

We also found those objects that can't be imported might be due to the following error formats in csv file(See the red square):

From DCE-RPC, these are the objects that can't be imported, those objects are converted from smartmove(Fortigate to CP), so maybe this is the root cause(Error format).

0 Kudos
Reece_MacNaught
Explorer

Hi All,

I am trying to run the export script and receiving the following error.  Can someone please assist?

I am running Python 2.7.14 and the latest version of the script.  I have also installed the latest version cpapi.  I am receiving the same error on 2 different hosts using various valid versions on Python. (2.7.14 and 2.7.9)

Paste below has been sanitized.

SOLUTION: I needed to add the flag "-v 1" for both the export and import. 

The final export command was:

python import_export_package.py -op export -n ** -o ** -u ** -p ** -m *.*.*.* -v 1

Thanks in advance

[ExportImportPolicyPackage-master]# python import_export_package.py -op export -n ** -o ** -u ** -p ** -m *.*.*.*
The script will run with the following parameters:
Export Access-Control layers = True
Export Threat-Prevention layers = False
Output-file name = filenamex
Management Server IP = **
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Exit
2
Exporting Access Control layers

Exporting Access Layer [Network]

Traceback (most recent call last):
File "import_export_package.py", line 44, in <module>
export_package(client, args)
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_package.py", line 39, in export_package
= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_access_rulebase.py", line 16, in export_access_rulebase
get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_objects.py", line 38, in get_query_rulebase_data
if compare_versions(client.api_version, "1.1") != -1:
File "/home/user/Downloads/ExportImportPolicyPackage-master/utils.py", line 126, in compare_versions
v1_nums = version1.split('.')
AttributeError: 'NoneType' object has no attribute 'split'
[ExportImportPolicyPackage-master]#

Ron_Izraeli
Employee
Employee

Check out How to extend and enhance SmartConsole? to integrate tool as a web application inside SmartConsole

0 Kudos
Vishnu_Kumar
Contributor

Hi Dameon,

 

As you suggested I have also installed Python library also for using R80 management server https://community.checkpoint.com/docs/DOC-1091

 

I also tried Ubuntu 18.4, but facing exactly same issue from both OS (Win-10 and Ubuntu)

Error is related to 5 Files which are the part of this python-tool (https://community.checkpoint.com/docs/DOC-1938)

 

Below are the files:

  • py (line 45)
  • exporting\export_package.py (line 39)
  • \exporting\export_access_rulebase.py (Line 16)
  • \exporting\export_objects.py (line 38)
  • py (line 126)

 

Error Message:

===================== ===============

Exporting Access Control layers

 

Exporting Access Layer [Policy_Package_1 Network]

 

Traceback (most recent call last):

  File "D:\GIT_HUB\SCRIPT\import_export_package.py", line 45, in <module>

    export_package(client, args)

  File "D:\GIT_HUB\SCRIPT\exporting\export_package.py", line 39, in export_package

    = export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)

  File "D:\GIT_HUB\SCRIPT\exporting\export_access_rulebase.py", line 16, in export_access_rulebase

    get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})

  File "D:\GIT_HUB\SCRIPT\exporting\export_objects.py", line 38, in get_query_rulebase_data

    if compare_versions(client.api_version, "1.1") != -1:

  File "D:\GIT_HUB\SCRIPT\utils.py", line 126, in compare_versions

    v1_nums = version1.split('.')

AttributeError: 'NoneType' object has no attribute 'split'

============= =================================== 

 

Below are the contents of each lines (which are throwing error) from relevant files.

===================XXXX=======================

File Name: import_export_package.py     (line 45)

Exact Content of line 45 in this file:

  export_package(client, args)

====================XXXX=======================

File Name: exporting\export_package.py  (line 39)

Exact Content of line 39 in this file:

= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)

 

=======================XXXX==========================

File Name: \exporting\export_access_rulebase.py      (Line 16)

Exact Content of line 16 in this file:

        get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})

=======================XXXX===========================

File Name: \exporting\export_objects.py   (line 38)

Exact Content of line 38 in this file:

if compare_versions(client.api_version, "1.1") != -1:

======================XXXX=============================

File name: utils.py   (line 126)

Exact Content of line 126 in this file:

v1_nums = version1.split('.')

=====================XXXX===============================

0 Kudos
PhoneBoy
Admin
Admin

On Ubuntu, you should be able to use pip to install the SDK.

See: GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit 

0 Kudos
Sergio_lopez
Contributor

Hello guys anyone encounter this or know how to solve it

 i need help with the migration of policies, from a management 80.10 to a multidomain 80.10, the export goes well, also the import of the first policy goes ok, but when i try to import a second policy the process fails after failing to import several objects that were previously imported on the first policy package(i guess is ok those errors cause the object already exist), have someone encounter this issue before?

 

this is the output of the terminal when fails

Traceback (most recent call last):
File "C:\xxxxxxxxxxr\import_export_package.py", line 47, in <module>
import_package(client, args)
File "C:\xxxxxxxxxx\import_package.py", line 52, in import_package
layers_to_attach = import_objects(args.file, client, {})
File "C:\xxxxxxxxxx\import_objects.py", line 78, in import_objects
changed_layer_names, api_call, num_objects, client)
File "C:\xxxxxxxxxx\import_objects.py", line 221, in add_object
"name"] + "]" if "name" in payload else "", error_msg)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xed' in position 24: ordinal not in range(128)

regards

0 Kudos
Sergio_lopez
Contributor

Hello guys, i have an issue with the import of a policy, during the  import i get an error of not unique name problem with PostgreSQL, and it didnt import that acces rule, i check and there is only one object with that name, so i dont know how to solve this.

Failed to import access-rule. Error: Requested object name [PostgreSQL] is not unique.

Not unique name problem "PostgreSQL" - changing payload to use UID instead.

Not unique name problem "PostgreSQL" - cannot change payload to use UID instead of name.

Failed to import access-rule. Error: Requested object name [PostgreSQL] is not unique.

0 Kudos
PhoneBoy
Admin
Admin

The script will export rules and the objects that make up the rule.

It should NOT export predefined objects, of which PostgreSQL is one.

That would classify as a bug.

Amiad Stern‌ can you have someone look into this?

0 Kudos
Amiad_Stern

Hi Sergio lopez‌,

First, thanks for you feedback.

This is a specific issue with this specific object. We have 2 objects with that name in our system (1 is a service and 1 is application. See image below), the fact that it fails is because we are trying to get objects in rule by name. I can think of few solutions in our code though the fasts WA will be manually adding this rule. I guess you have only few rules holding PostgresSQL in you Application&Service column. 

Regards,

Amiad.

0 Kudos
Sergio_lopez
Contributor

Hello Amiad,

Thanks for the fast response, unfortunately i have 6 policy package that i need to migrate and at least there 80 rules with that object, but as a workaround, i create a dummy service to reference this one and use the replace feature to change them all without going through each rule, so when i finish migrating the policies i can replace again the dummy object to the real service.

thanks

Emanuele_Lorenz
Explorer

#R80.20

Hi Guys,


I see the R80.20 is not yet supported because it use API v 1.3

I have been able to use the tool modifying the file lists_and_dictionaries.py with a good result, I have not seen not supported API commands and the number of exceptions is similar to v R80.10.

Are you paining to release a new version that officially support R80.20?


Thanks

Emanuele

0 Kudos
_Val_
Admin
Admin

Scripts with lower API version should also work on higher API implementations. If it works on R80.10, it also should on R80.20.

0 Kudos
Christopher_Ric
Participant

Export seems to work perfect from what I can tell, but when doing import I receive management server failed to execute command for services and the majority of my hosts and host groups.  Any ideas?

Capture.JPG

Capture2.JPG

0 Kudos
JanVC
Collaborator

for me it was a case of tags being applied in R80.10 (source) which yielded the generic_server_error on the R80.20 (destination) server

manually deleted the tag values in the json and csv files

0 Kudos
Suleyman_B_T
Participant

Hi,

An error occurs when exporting.

--------------------------------------------

Exporting Access Layer [FW Application]

Getting layer information for layer [FW Application]

Failed to retrieve layer named 'FW Application'! Error: Wrong session id [2_zG5SA7vgfeTtiIrXLsCrDe].

Session may be expired. Please check session id and resend the request.. Layer was not exported!

Exporting NAT policy Getting information from show-nat-rulebase

Failed to retrieve NAT rulebase! Error: Wrong session id [2_zG5SA7vgfeTtiIrXLsCrDe]. Session may be expired.

Please check session id and resend the request..

NAT rulebase was not exported!

--------------------------------------------

SmartCentet inactivitiy timeout 720

 

Thank you Best Regards Suleyman Toreli

0 Kudos
Matt_Elkington
Participant

I seem to have found a minor issue.

If your NAT rules have the "Gateways" object instead of "Policy Targets" or a specific gateway name the import of NAT rules will fail with the error:

Failed to import nat-rule. Error: message: Requested object [Gateways] not found
code: generic_err_object_not_found
0 Kudos
Matt_Elkington
Participant

Additionally, it seems like Tags aren't taken over. The definition is in the XML/CSV, however the Tags themselves are not exported, so aren't created, and therefore the tag can't be set on object import.
0 Kudos
Geo_Mal
Explorer

Hello,

 

I don't know if someone requested this already, but how easy would it be to add a tag to objects exported/imported with the script in order to be easily searchable after the transfer? This would be really helpful.

 

Thanks!

0 Kudos
Chckpnt_Charlie
Explorer

Hi,

while export completes successfully for me, the import fails with:

Login to management server failed. instance({
"data": null,
"error_message": "APIResponse received a response which is not a valid JSON.",
"res_obj": {},
"status_code": 403,
"success": false
})

 

Regards,

Dmitri

 

 

 

 

0 Kudos
alex_lavrus
Explorer

Hi!

I've got an error when I tried exporting policy.

Click to Expand

D:\CPTool\ExportImportPolicyPackage-master>import_export_package.py -op export -n Standart_Clone -ac -o Standart_Clone -u admin -m *.*.*.*
The script will run with the following parameters:
Export Access-Control layers = True
Export Threat-Prevention layers = False
Output-file name = Standart_Clone
Management Server IP = *.*.*.*
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Exit
2

Please enter your password:

Exporting Access Control layers

Exporting Access Layer [Standart_Clone Security]

Retrieved 50 out of 455 rules (10%)

Traceback (most recent call last):
File "D:\CPTool\ExportImportPolicyPackage-master\import_export_package.py", line 59, in export_package(client, args)
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_package.py", line 39, in export_package
= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_access_rulebase.py", line 16, in export_access_rulebase
get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_objects.py", line 64, in get_query_rulebase_data
for rulebase_reply in rulebase_replies:
File "D:\Python27\lib\site-packages\cpapi\mgmt_api.py", line 417, in gen_api_query
raise APIException(api_res.error_message, api_res.data)
cpapi.api_exceptions.APIException: APIResponse received a response which is not a valid JSON.

The script was launched and the error has occurred 5 min later. It seems like timeout affects behavior.

Click to Expand
2019-08-12,11:18:08 +0700,login,PASSED,1071
2019-08-12,11:18:09 +0700,show-package,PASSED,391
2019-08-12,11:18:09 +0700,show-access-layer,PASSED,32
2019-08-12,11:18:41 +0700,show-access-rulebase,PASSED,31418
2019-08-12,11:23:42 +0700,logout,PASSED,130
2019-08-12,11:23:42 +0700,show-access-rulebase,FAILED,300817
2019-08-12,11:46:17 +0700,show-hosts,PASSED,135
2019-08-12,11:46:18 +0700,logout,PASSED,968

API readiness test SUCCESSFUL

Click to Expand

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 26963
CPM Started 3722 Check Point Security Management Server is running and ready
FWM Started 3128
APACHE Started 2546

Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 443
Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Python version 2.7.13

CheckPoint API Python Development Kit was installed.

Has anybody an experience with the issue?
Thank you in advance for any kind of assistance.

0 Kudos
steffenkoelsch
Explorer

Hi all.

I was trying to import a policy package from R80.20 take 87 to a different server with the same software version. Most of the objects are imported successfully, but some are not. Error message is:

Management server failed to execute command
code: generic_server_error

Looking at api.elg, I get a more precise message, indicating that locking did not work properly. See spoiler for details.

Click to Expand
--------------------------------------
2019-08-23 11:35:44,242 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp-1644921743-33] - Inbound Message
----------------------------
ID: 273
Address: http://127.0.0.1:50276/web_api/v1.3/add-service-udp
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[*/*], accept-encoding=[identity], connection=[keep-alive], Content-Length=[607], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[python-api-wrapper], X-chkp-sid=[70qoJaI5i1Nyal8Ew9aXr8B5vtSBATz70sXn
z1izBPo], X-Forwarded-For=[127.0.0.1], X-Forwarded-Host=[127.0.0.1], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[10.10.10.180]}
Payload: {"match-by-protocol-signature": "false", "aggressive-aging": {"use-default-timeout": "true", "enable": "true", "timeout": "15", "default-timeout": "0"}, "ignore-warnings": true, "name": "NAME_COLLISION_RESOLVED_36_udp-49152-6553
5", "override-default-settings": "false", "color": "black", "sync-connections-on-cluster": "true", "comments": " udp-49152-65535", "match-for-any": "false", "keep-connections-open-after-policy-installation": "false", "session-timeout": "
40", "accept-replies": "true", "use-default-session-timeout": "true", "port": "49152-65535", "tags": ["dcaa4621-3a34-479e-ad88-8d5da19200df"]}
--------------------------------------
2019-08-23 11:35:44,249 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.:21 [qtp-1644921743-33] - Cache created and initialized
2019-08-23 11:35:44,250 INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:51 [qtp-1644921743-33] - Executing [add-service-udp] of version 1.3 (references 1.1)
2019-08-23 11:35:44,318 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:47 [qtp-1644921743-33] - Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_OBJECT_CANNOT_BE_LOCKED] errorFamil
y [null] message [An internal error has occurred.]
2019-08-23 11:35:44,318 WARN com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:190 [qtp-1644921743-33] - Unhandled GeneralRemoteFault error code [CP_ERR_OBJECT_CANNOT_BE_LOCKED]
2019-08-23 11:35:44,319 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:94 [qtp-1644921743-33] -
com.checkpoint.web_services.faults.GeneralRemoteFault: An internal error has occurred.
at sun.reflect.GeneratedConstructorAccessor249.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at org.apache.cxf.interceptor.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:182)
at org.apache.cxf.interceptor.ClientFaultConverter.handleMessage(ClientFaultConverter.java:82)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:802)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1642)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1533)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1336)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy244.updateObjectWithReturnControlErrorLevel(Unknown Source)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn_aroundBody30(RemoteObjectCrudManager.java:24)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager$AjcClosure31.run(RemoteObjectCrudManager.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:13)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn(RemoteObjectCrudManager.java:72)
at com.checkpoint.management.web_api_is.core.handler.base.ApiObjectRequestHandler.doUpdateObjectForAdd(ApiObjectRequestHandler.java:34)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add_aroundBody0(ApiCrudRequestHandler.java:19)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler$AjcClosure1.run(ApiCrudRequestHandler.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:13)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add(ApiCrudRequestHandler.java:52)
at com.checkpoint.management.web_api.core.handler.objects.network_objects.services.service.advanced.ip.v1_1.IPServiceRequestHandler.add(IPServiceRequestHandler.java:5)
at com.checkpoint.management.web_api.core.handler.objects.network_objects.services.service.advanced.ip.udp.v1_1.UdpServiceRequestHandler.add(UdpServiceRequestHandler.java:2)
at sun.reflect.GeneratedMethodAccessor151.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.checkpoint.management.web_api_is.utils.WebApiReflectionUtils.invoke(WebApiReflectionUtils.java:7)
at com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint(WebApiEntryPoint.java:81)
at sun.reflect.GeneratedMethodAccessor101.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at com.checkpoint.management.web_api.core.filter.LogCustomDebugFieldFilter.doFilter(LogCustomDebugFieldFilter.java:19)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.IPAccessHandler.handle(IPAccessHandler.java:203)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:785)

Essentially, the error message is:

Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_OBJECT_CANNOT_BE_LOCKED] errorFamil
y [null] message [An internal error has occurred.]

 

Does anybody have a clue why this error occurs only for some objects? I do not see anything they have in common. Same issue occurs for "udp-9679", so it's not the length 🙂

 

Thanks

Steffen

0 Kudos
CCSP_Team_NA
Explorer

Hello,

I want to export a policy from R80.10 Management server and then import it to R80.20.

Import blocked with this message :

Importing general objects

Traceback (most recent call last):
File "F:\a143279\ExportImportPolicyPackage-master\import_export_package.py", l
ine 47, in <module>
import_package(client, args)
File "F:\a143279\ExportImportPolicyPackage-master\importing\import_package.py"
, line 52, in import_package
layers_to_attach = import_objects(args.file, client, {})
File "F:\a143279\ExportImportPolicyPackage-master\importing\import_objects.py"
, line 56, in import_objects
client.api_version] else "generic objects of type " + api_type), True)
KeyError: u'1.3'

Can you help please ?

Regards,

Benoit.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events