cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Admin
Admin

Re: Python tool for exporting/importing a policy package or parts of it

It's possible the session is trying to create too many objects at once, though I believe the script should account for this condition.

You may also want to see if the objects already exist on the target system as that will cause the script to fail also.

0 Kudos
Neville_Kuo
Silver

Re: Python tool for exporting/importing a policy package or parts of it

Yes, we've found Check Point is weak in such large scale, like too many logs(Over 70G per day), too many rules/objects to import at one, finally we chose migrate export/import to a brand new sms, and follow sk to change ip/hostname.

We also found those objects that can't be imported might be due to the following error formats in csv file(See the red square):

From DCE-RPC, these are the objects that can't be imported, those objects are converted from smartmove(Fortigate to CP), so maybe this is the root cause(Error format).

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi All,

I am trying to run the export script and receiving the following error.  Can someone please assist?

I am running Python 2.7.14 and the latest version of the script.  I have also installed the latest version cpapi.  I am receiving the same error on 2 different hosts using various valid versions on Python. (2.7.14 and 2.7.9)

Paste below has been sanitized.

SOLUTION: I needed to add the flag "-v 1" for both the export and import. 

The final export command was:

python import_export_package.py -op export -n ** -o ** -u ** -p ** -m *.*.*.* -v 1

Thanks in advance

[ExportImportPolicyPackage-master]# python import_export_package.py -op export -n ** -o ** -u ** -p ** -m *.*.*.*
The script will run with the following parameters:
Export Access-Control layers = True
Export Threat-Prevention layers = False
Output-file name = filenamex
Management Server IP = **
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Exit
2
Exporting Access Control layers

Exporting Access Layer [Network]

Traceback (most recent call last):
File "import_export_package.py", line 44, in <module>
export_package(client, args)
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_package.py", line 39, in export_package
= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_access_rulebase.py", line 16, in export_access_rulebase
get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})
File "/home/user/Downloads/ExportImportPolicyPackage-master/exporting/export_objects.py", line 38, in get_query_rulebase_data
if compare_versions(client.api_version, "1.1") != -1:
File "/home/user/Downloads/ExportImportPolicyPackage-master/utils.py", line 126, in compare_versions
v1_nums = version1.split('.')
AttributeError: 'NoneType' object has no attribute 'split'
[ExportImportPolicyPackage-master]#

0 Kudos
Employee+
Employee+

Re: Python tool for exporting/importing a policy package or parts of it

Check out How to extend and enhance SmartConsole? to integrate tool as a web application inside SmartConsole

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi Dameon,

 

As you suggested I have also installed Python library also for using R80 management server https://community.checkpoint.com/docs/DOC-1091

 

I also tried Ubuntu 18.4, but facing exactly same issue from both OS (Win-10 and Ubuntu)

Error is related to 5 Files which are the part of this python-tool (https://community.checkpoint.com/docs/DOC-1938)

 

Below are the files:

  • py (line 45)
  • exporting\export_package.py (line 39)
  • \exporting\export_access_rulebase.py (Line 16)
  • \exporting\export_objects.py (line 38)
  • py (line 126)

 

Error Message:

===================== ===============

Exporting Access Control layers

 

Exporting Access Layer [Policy_Package_1 Network]

 

Traceback (most recent call last):

  File "D:\GIT_HUB\SCRIPT\import_export_package.py", line 45, in <module>

    export_package(client, args)

  File "D:\GIT_HUB\SCRIPT\exporting\export_package.py", line 39, in export_package

    = export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)

  File "D:\GIT_HUB\SCRIPT\exporting\export_access_rulebase.py", line 16, in export_access_rulebase

    get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})

  File "D:\GIT_HUB\SCRIPT\exporting\export_objects.py", line 38, in get_query_rulebase_data

    if compare_versions(client.api_version, "1.1") != -1:

  File "D:\GIT_HUB\SCRIPT\utils.py", line 126, in compare_versions

    v1_nums = version1.split('.')

AttributeError: 'NoneType' object has no attribute 'split'

============= =================================== 

 

Below are the contents of each lines (which are throwing error) from relevant files.

===================XXXX=======================

File Name: import_export_package.py     (line 45)

Exact Content of line 45 in this file:

  export_package(client, args)

====================XXXX=======================

File Name: exporting\export_package.py  (line 39)

Exact Content of line 39 in this file:

= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)

 

=======================XXXX==========================

File Name: \exporting\export_access_rulebase.py      (Line 16)

Exact Content of line 16 in this file:

        get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})

=======================XXXX===========================

File Name: \exporting\export_objects.py   (line 38)

Exact Content of line 38 in this file:

if compare_versions(client.api_version, "1.1") != -1:

======================XXXX=============================

File name: utils.py   (line 126)

Exact Content of line 126 in this file:

v1_nums = version1.split('.')

=====================XXXX===============================

0 Kudos
Admin
Admin

Re: Python tool for exporting/importing a policy package or parts of it

On Ubuntu, you should be able to use pip to install the SDK.

See: GitHub - CheckPointSW/cp_mgmt_api_python_sdk: Check Point API Python Development Kit 

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hello guys anyone encounter this or know how to solve it

 i need help with the migration of policies, from a management 80.10 to a multidomain 80.10, the export goes well, also the import of the first policy goes ok, but when i try to import a second policy the process fails after failing to import several objects that were previously imported on the first policy package(i guess is ok those errors cause the object already exist), have someone encounter this issue before?

 

this is the output of the terminal when fails

Traceback (most recent call last):
File "C:\xxxxxxxxxxr\import_export_package.py", line 47, in <module>
import_package(client, args)
File "C:\xxxxxxxxxx\import_package.py", line 52, in import_package
layers_to_attach = import_objects(args.file, client, {})
File "C:\xxxxxxxxxx\import_objects.py", line 78, in import_objects
changed_layer_names, api_call, num_objects, client)
File "C:\xxxxxxxxxx\import_objects.py", line 221, in add_object
"name"] + "]" if "name" in payload else "", error_msg)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xed' in position 24: ordinal not in range(128)

regards

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hello guys, i have an issue with the import of a policy, during the  import i get an error of not unique name problem with PostgreSQL, and it didnt import that acces rule, i check and there is only one object with that name, so i dont know how to solve this.

Failed to import access-rule. Error: Requested object name [PostgreSQL] is not unique.

Not unique name problem "PostgreSQL" - changing payload to use UID instead.

Not unique name problem "PostgreSQL" - cannot change payload to use UID instead of name.

Failed to import access-rule. Error: Requested object name [PostgreSQL] is not unique.

0 Kudos
Admin
Admin

Re: Python tool for exporting/importing a policy package or parts of it

The script will export rules and the objects that make up the rule.

It should NOT export predefined objects, of which PostgreSQL is one.

That would classify as a bug.

Amiad Stern‌ can you have someone look into this?

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi Sergio lopez‌,

First, thanks for you feedback.

This is a specific issue with this specific object. We have 2 objects with that name in our system (1 is a service and 1 is application. See image below), the fact that it fails is because we are trying to get objects in rule by name. I can think of few solutions in our code though the fasts WA will be manually adding this rule. I guess you have only few rules holding PostgresSQL in you Application&Service column. 

Regards,

Amiad.

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hello Amiad,

Thanks for the fast response, unfortunately i have 6 policy package that i need to migrate and at least there 80 rules with that object, but as a workaround, i create a dummy service to reference this one and use the replace feature to change them all without going through each rule, so when i finish migrating the policies i can replace again the dummy object to the real service.

thanks

Re: Python tool for exporting/importing a policy package or parts of it

#R80.20

Hi Guys,


I see the R80.20 is not yet supported because it use API v 1.3

I have been able to use the tool modifying the file lists_and_dictionaries.py with a good result, I have not seen not supported API commands and the number of exceptions is similar to v R80.10.

Are you paining to release a new version that officially support R80.20?


Thanks

Emanuele

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Scripts with lower API version should also work on higher API implementations. If it works on R80.10, it also should on R80.20.

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Export seems to work perfect from what I can tell, but when doing import I receive management server failed to execute command for services and the majority of my hosts and host groups.  Any ideas?

Capture.JPG

Capture2.JPG

0 Kudos
Highlighted

Re: Python tool for exporting/importing a policy package or parts of it

for me it was a case of tags being applied in R80.10 (source) which yielded the generic_server_error on the R80.20 (destination) server

manually deleted the tag values in the json and csv files

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi,

An error occurs when exporting.

--------------------------------------------

Exporting Access Layer [FW Application]

Getting layer information for layer [FW Application]

Failed to retrieve layer named 'FW Application'! Error: Wrong session id [2_zG5SA7vgfeTtiIrXLsCrDe].

Session may be expired. Please check session id and resend the request.. Layer was not exported!

Exporting NAT policy Getting information from show-nat-rulebase

Failed to retrieve NAT rulebase! Error: Wrong session id [2_zG5SA7vgfeTtiIrXLsCrDe]. Session may be expired.

Please check session id and resend the request..

NAT rulebase was not exported!

--------------------------------------------

SmartCentet inactivitiy timeout 720

 

Thank you Best Regards Suleyman Toreli

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

I seem to have found a minor issue.

If your NAT rules have the "Gateways" object instead of "Policy Targets" or a specific gateway name the import of NAT rules will fail with the error:

Failed to import nat-rule. Error: message: Requested object [Gateways] not found
code: generic_err_object_not_found
0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Additionally, it seems like Tags aren't taken over. The definition is in the XML/CSV, however the Tags themselves are not exported, so aren't created, and therefore the tag can't be set on object import.
0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hello,

 

I don't know if someone requested this already, but how easy would it be to add a tag to objects exported/imported with the script in order to be easily searchable after the transfer? This would be really helpful.

 

Thanks!

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi,

while export completes successfully for me, the import fails with:

Login to management server failed. instance({
"data": null,
"error_message": "APIResponse received a response which is not a valid JSON.",
"res_obj": {},
"status_code": 403,
"success": false
})

 

Regards,

Dmitri

 

 

 

 

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi!

I've got an error when I tried exporting policy.

Spoiler

D:\CPTool\ExportImportPolicyPackage-master>import_export_package.py -op export -n Standart_Clone -ac -o Standart_Clone -u admin -m *.*.*.*
The script will run with the following parameters:
Export Access-Control layers = True
Export Threat-Prevention layers = False
Output-file name = Standart_Clone
Management Server IP = *.*.*.*
Management Server Port = 443
Management Server Domain = None
1. Change Settings
2. Run
99. Exit
2

Please enter your password:

Exporting Access Control layers

Exporting Access Layer [Standart_Clone Security]

Retrieved 50 out of 455 rules (10%)

Traceback (most recent call last):
File "D:\CPTool\ExportImportPolicyPackage-master\import_export_package.py", line 59, in export_package(client, args)
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_package.py", line 39, in export_package
= export_access_rulebase(show_package.data["name"], access_layer["name"], access_layer["uid"], client, timestamp, tar_file)
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_access_rulebase.py", line 16, in export_access_rulebase
get_query_rulebase_data(client, "access-rulebase", {"name": layer, "uid": layer_uid, "package": package})
File "D:\CPTool\ExportImportPolicyPackage-master\exporting\export_objects.py", line 64, in get_query_rulebase_data
for rulebase_reply in rulebase_replies:
File "D:\Python27\lib\site-packages\cpapi\mgmt_api.py", line 417, in gen_api_query
raise APIException(api_res.error_message, api_res.data)
cpapi.api_exceptions.APIException: APIResponse received a response which is not a valid JSON.

The script was launched and the error has occurred 5 min later. It seems like timeout affects behavior.

Spoiler
2019-08-12,11:18:08 +0700,login,PASSED,1071
2019-08-12,11:18:09 +0700,show-package,PASSED,391
2019-08-12,11:18:09 +0700,show-access-layer,PASSED,32
2019-08-12,11:18:41 +0700,show-access-rulebase,PASSED,31418
2019-08-12,11:23:42 +0700,logout,PASSED,130
2019-08-12,11:23:42 +0700,show-access-rulebase,FAILED,300817
2019-08-12,11:46:17 +0700,show-hosts,PASSED,135
2019-08-12,11:46:18 +0700,logout,PASSED,968

API readiness test SUCCESSFUL

Spoiler

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 26963
CPM Started 3722 Check Point Security Management Server is running and ready
FWM Started 3128
APACHE Started 2546

Port Details:
-------------------
JETTY Internal Port: 50277
APACHE Gaia Port: 443
Apache port retrieved from: httpd-ssl.conf


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Python version 2.7.13

CheckPoint API Python Development Kit was installed.

Has anybody an experience with the issue?
Thank you in advance for any kind of assistance.

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hi all.

I was trying to import a policy package from R80.20 take 87 to a different server with the same software version. Most of the objects are imported successfully, but some are not. Error message is:

Management server failed to execute command
code: generic_server_error

Looking at api.elg, I get a more precise message, indicating that locking did not work properly. See spoiler for details.

Spoiler
--------------------------------------
2019-08-23 11:35:44,242 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp-1644921743-33] - Inbound Message
----------------------------
ID: 273
Address: http://127.0.0.1:50276/web_api/v1.3/add-service-udp
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[*/*], accept-encoding=[identity], connection=[keep-alive], Content-Length=[607], content-type=[application/json], Host=[127.0.0.1:50276], User-Agent=[python-api-wrapper], X-chkp-sid=[70qoJaI5i1Nyal8Ew9aXr8B5vtSBATz70sXn
z1izBPo], X-Forwarded-For=[127.0.0.1], X-Forwarded-Host=[127.0.0.1], X-Forwarded-Host-Port=[443], X-Forwarded-Server=[10.10.10.180]}
Payload: {"match-by-protocol-signature": "false", "aggressive-aging": {"use-default-timeout": "true", "enable": "true", "timeout": "15", "default-timeout": "0"}, "ignore-warnings": true, "name": "NAME_COLLISION_RESOLVED_36_udp-49152-6553
5", "override-default-settings": "false", "color": "black", "sync-connections-on-cluster": "true", "comments": " udp-49152-65535", "match-for-any": "false", "keep-connections-open-after-policy-installation": "false", "session-timeout": "
40", "accept-replies": "true", "use-default-session-timeout": "true", "port": "49152-65535", "tags": ["dcaa4621-3a34-479e-ad88-8d5da19200df"]}
--------------------------------------
2019-08-23 11:35:44,249 INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.:21 [qtp-1644921743-33] - Cache created and initialized
2019-08-23 11:35:44,250 INFO com.checkpoint.management.web_api.web_services.WebApiEntryPoint.logRequestedCommandInfo:51 [qtp-1644921743-33] - Executing [add-service-udp] of version 1.3 (references 1.1)
2019-08-23 11:35:44,318 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:47 [qtp-1644921743-33] - Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_OBJECT_CANNOT_BE_LOCKED] errorFamil
y [null] message [An internal error has occurred.]
2019-08-23 11:35:44,318 WARN com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:190 [qtp-1644921743-33] - Unhandled GeneralRemoteFault error code [CP_ERR_OBJECT_CANNOT_BE_LOCKED]
2019-08-23 11:35:44,319 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:94 [qtp-1644921743-33] -
com.checkpoint.web_services.faults.GeneralRemoteFault: An internal error has occurred.
at sun.reflect.GeneratedConstructorAccessor249.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at org.apache.cxf.interceptor.ClientFaultConverter.processFaultDetail(ClientFaultConverter.java:182)
at org.apache.cxf.interceptor.ClientFaultConverter.handleMessage(ClientFaultConverter.java:82)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:802)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1642)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1533)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1336)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:652)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:425)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:326)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:279)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy244.updateObjectWithReturnControlErrorLevel(Unknown Source)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn_aroundBody30(RemoteObjectCrudManager.java:24)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager$AjcClosure31.run(RemoteObjectCrudManager.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:13)
at com.checkpoint.management.web_api_is.utils.managers.RemoteObjectCrudManager.updateObjectWithReturn(RemoteObjectCrudManager.java:72)
at com.checkpoint.management.web_api_is.core.handler.base.ApiObjectRequestHandler.doUpdateObjectForAdd(ApiObjectRequestHandler.java:34)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add_aroundBody0(ApiCrudRequestHandler.java:19)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler$AjcClosure1.run(ApiCrudRequestHandler.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.checkpoint.management.web_api_is.aspects.logging.WebApiMethodLoggerAspect.aroundMethodLoggerTest(WebApiMethodLoggerAspect.java:13)
at com.checkpoint.management.web_api_is.core.handler.base.ApiCrudRequestHandler.add(ApiCrudRequestHandler.java:52)
at com.checkpoint.management.web_api.core.handler.objects.network_objects.services.service.advanced.ip.v1_1.IPServiceRequestHandler.add(IPServiceRequestHandler.java:5)
at com.checkpoint.management.web_api.core.handler.objects.network_objects.services.service.advanced.ip.udp.v1_1.UdpServiceRequestHandler.add(UdpServiceRequestHandler.java:2)
at sun.reflect.GeneratedMethodAccessor151.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at com.checkpoint.management.web_api_is.utils.WebApiReflectionUtils.invoke(WebApiReflectionUtils.java:7)
at com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint(WebApiEntryPoint.java:81)
at sun.reflect.GeneratedMethodAccessor101.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
at java.lang.reflect.Method.invoke(Method.java:508)
at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
at com.checkpoint.management.web_api.core.filter.LogCustomDebugFieldFilter.doFilter(LogCustomDebugFieldFilter.java:19)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
at org.eclipse.jetty.server.handler.IPAccessHandler.handle(IPAccessHandler.java:203)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
at java.lang.Thread.run(Thread.java:785)

Essentially, the error message is:

Server has thrown GeneralRemoteFault exception errorCode [CP_ERR_OBJECT_CANNOT_BE_LOCKED] errorFamil
y [null] message [An internal error has occurred.]

 

Does anybody have a clue why this error occurs only for some objects? I do not see anything they have in common. Same issue occurs for "udp-9679", so it's not the length 🙂

 

Thanks

Steffen

0 Kudos

Re: Python tool for exporting/importing a policy package or parts of it

Hello,

I want to export a policy from R80.10 Management server and then import it to R80.20.

Import blocked with this message :

Importing general objects

Traceback (most recent call last):
File "F:\a143279\ExportImportPolicyPackage-master\import_export_package.py", l
ine 47, in <module>
import_package(client, args)
File "F:\a143279\ExportImportPolicyPackage-master\importing\import_package.py"
, line 52, in import_package
layers_to_attach = import_objects(args.file, client, {})
File "F:\a143279\ExportImportPolicyPackage-master\importing\import_objects.py"
, line 56, in import_objects
client.api_version] else "generic objects of type " + api_type), True)
KeyError: u'1.3'

Can you help please ?

Regards,

Benoit.
0 Kudos