Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

problem exporting a policy

Hello guys, im using the phyton tools, and i have a problem exporting a policy package, on the export operation it gives me this error

Exporting Access Control layers

Exporting Access Layer [test Network]

Failed to retrieve layer named 'test Network'! Error: Internal error. For more info search for incident [ee8fec3d-602b-4ef4-8d93-bf0b0e5f49c1] in log file. Layer was not exported!

Exporting NAT policy

Getting information from show-nat-rulebase

 

i check with the command mgmt_cli show access-layer and the layer exist.

 

anyone encounter this issue? any help will be appreciate

 

regards

0 Kudos
7 Replies
Highlighted
Admin
Admin

What version of management code?
How much RAM/CPU have you on your management?
It's possible a reboot might clear the issue.
If it still persists, check the output of api status -s.
0 Kudos
Highlighted

Hello Phoneboy,

 

version of management is R80.10, memory 4GB ,4cpu, i did a reboot, but the issue still persist,

the output of the api status -s 

 

[Expert@FW-MGMT-EE-CC:0]# api status -s

API Settings:
---------------------
Accessibility: Require all granted
Automatic Start: Enabled

Processes:

Name State PID More Information
-------------------------------------------------
API Started 25886
CPM Started 4559 Check Point Security Management Server is running and ready
FWM Started 4006

Port Details:
-------------------
JETTY Internal Port: 50276
APACHE Gaia Port: 443


--------------------------------------------
Overall API Status: Started
--------------------------------------------

API readiness test SUCCESSFUL. The server is up and ready to receive connections

Collecting and compressing diagnostic data... Please wait...
Adding api.elg
Adding api_sh.elg
Adding api.json
Adding api.csv
Adding cpm.elg
Adding fwm.elg
Adding httpd_access_log
Adding httpd2.conf
Adding extra/httpd2-webapi.conf
Adding httpd2_access_log
Adding httpd2_error_log
Adding memory.elg
Adding disk_space.elg
Adding ifconfig.elg
Adding cpwd_admin_list.elg
File /home/admin/2019.04.11_09-40-49_api_data_.tgz has been created

[Expert@FW-MGMT-EE-CC:0]#

 

and the layer test network exist

 

[Expert@FW-MGMT-EE-CC:0]# mgmt_cli show access-layer name "test Network"
Username: admin
Password:
uid: "ac6c10d0-60a4-407a-9a4b-e4006bd797d8"
name: "test Network"
type: "access-layer"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
shared: false
applications-and-url-filtering: false
content-awareness: false
mobile-access: false
firewall: true
comments: ""
color: "black"
icon: "ApplicationFirewall/rulebase"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1554928786919
iso-8601: "2019-04-10T17:39-0300"
last-modifier: "admin"
creation-time:
posix: 1554928786919
iso-8601: "2019-04-10T17:39-0300"
creator: "admin"
read-only: false

 

0 Kudos
Highlighted
Admin
Admin

Our minimum supported RAM for management is 6GB and may explain the odd behavior.
Please try again with at least 8GB but I recommend 16GB.
0 Kudos
Highlighted

i upgrade, the RAM to 8GB but still the same

0 Kudos
Highlighted
Employee+
Employee+

Does the Layer "test Network" exist?

0 Kudos
Highlighted

yes i check with the mgmt_cli show acces-layer name "test Network" command and it exist

[Expert@FW-MGMT-EE-CC:0]# mgmt_cli show access-layer name "test Network"
Username: admin
Password:
uid: "ac6c10d0-60a4-407a-9a4b-e4006bd797d8"
name: "test Network"
type: "access-layer"
domain:
uid: "41e821a0-3720-11e3-aa6e-0800200c9fde"
name: "SMC User"
domain-type: "domain"
shared: false
applications-and-url-filtering: false
content-awareness: false
mobile-access: false
firewall: true
comments: ""
color: "black"
icon: "ApplicationFirewall/rulebase"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1554928786919
iso-8601: "2019-04-10T17:39-0300"
last-modifier: "admin"
creation-time:
posix: 1554928786919
iso-8601: "2019-04-10T17:39-0300"
creator: "admin"
read-only: false

0 Kudos
Highlighted

Guys, to let you know, i found the problem, on the rulebase on the column VPN are defined "VPN comunities", i delete the comuities of the rules, and no more issues.
As a note the error that give me that layer couldn´t retrieve has nothing to do with the solution, but it work.
thanks for the help
0 Kudos