Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PhongNN
Contributor
Jump to solution

Error when trying to export package by import_export_package.py

Hi all

I have a trouble when trying to export a package from SMC. The message like this :

Exporting NAT policy

Getting information from show-nat-rulebase

Retrieved 50 out of 65 rules (76%)

Traceback (most recent call last):
File "import_export_package.py", line 59, in <module>
export_package(client, args)
File "D:\Python\ExportImportPolicyPackage-master\exporting\export_package.py", line 59, in export_package
nat_data_dict, nat_unexportable_objects = export_nat_rulebase(show_package.data["name"], client)
File "D:\Python\ExportImportPolicyPackage-master\exporting\export_nat_rulebase.py", line 13, in export_nat_rulebase
rulebase_rules, general_objects = get_query_nat_rulebase_data(client, {"package": package})
File "D:\Python\ExportImportPolicyPackage-master\exporting\export_objects.py", line 174, in get_query_nat_rulebase_data
if "Automatic Generated Rules : " in rulebase_item["name"]:
KeyError: 'name'

Does anyone have any ideas for this ?

Thank you

Regards

1 Solution

Accepted Solutions
FraP
Contributor

I think you have some sections in the nat rulebase, without an explict name...
Open smartconsole, check in the rulebase for each section named "New Section", and rename it like you prefer, publish, and run the export script again.
Let me know if it's work...

View solution in original post

(1)
14 Replies
PhoneBoy
Admin
Admin
To troubleshoot, we’d need to see those first 50 NAT rules in the policy.
It’s possible there’s something there the script doesn’t like.
0 Kudos
PhongNN
Contributor

Thanks for your reply

This is 50 rules nat

Screenshot_12.pngScreenshot_15.png

0 Kudos
PhoneBoy
Admin
Admin
Try enabling the disabled rules (don't push policy obviously) and see if it helps.
Note that most of the rules are automatic NAT rules which shouldn't necessarily get exported.
PhongNN
Contributor

Thanks for your solution but it's does not work

enabled all disabled rules but the error message still appears

Thank you

 

PhoneBoy
Admin
Admin
The log file that is created by running the export might provide some clue as might api.elg from the manager (believe it's in $FWDIR/log).
0 Kudos
PhongNN
Contributor
I saw in api.elg, the process 's stopped to nat rule 39, but I do not know why. Here is the detail log:
"rule-number" : 38,
"method" : "hide",
"auto-generated" : true,
"original-destination" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"translated-destination" : "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c",
"original-source" : "b39291fa-09ba-480e-9dfc-dfaebb6eab97",
"translated-source" : "b39291fa-09ba-480e-9dfc-dfaebb6eab97",
"original-service" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"translated-service" : "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c",
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1479900853696,
"iso-8601" : "2016-11-23T18:34+0700"
},
"last-modifier" : "System",
"creation-time" : {
"posix" : 1479900853696,
"iso-8601" : "2016-11-23T18:34+0700"
},
"creator" : "System"
},
"comments" : "",
"enabled" : true,
"install-on" : [ "97aeb368-9aea-11d5-bd16-0090272ccb30" ]
}, {
"uid" : "465af4fe-4588-49d3-b792-2482e88ff20d",
"type" : "nat-rule",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"rule-number" : 39,
"method" : "hide",
"auto-generated" : true,
"original-destination" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"translated-destination" : "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c",
"original-source" : "91c9537f-f99e-401b-8bd7-51152f052a4f",
"translated-source" : "91c9537f-f99e-401b-8bd
--------------------------------------
2019-11-14 09:50:18,174 INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp-22057241-25] - Inbound Message
0 Kudos
PhoneBoy
Admin
Admin
If you change Websense_88 so it doesn't have an automatic NAT enabled, what happens?
0 Kudos
DeltaG
Explorer

Hello , I,ve got the same error at NAT rule 38.

This is the piece of the entry from the api.elg:

 

"rule-number" : 38,
"method" : "static",
"auto-generated" : false,
"original-destination" : "ca69ca62-a759-11e2-bc0a-000000008b8b",
"translated-des

 

No idea what to do, any help is welcome.

 

Thanks

0 Kudos
Darren_Fine
Collaborator

Hi DeltaG,

 

I have the exact same error and it seems to be at the exact same rule number if i look in api.log 🙂

 

Did you manage to solve this ?

 

See below from my api.elg

"type" : "nat-rule",
"domain" : {
"uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
"name" : "SMC User",
"domain-type" : "domain"
},
"rule-number" : 39,
"method" : "static",
"auto-generated" : false,
"original-destination" : "af1d8fc3-f59e-476f-a233-c31de18d9fde",
"translated-destination" : "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c",
"original-source" : "b58c828c-3293-44a8-baf5-f7c8b6e01c57",
"translated-source" : "da94a8fc-a41e-4b6f-8e6b-3e905c0d10dd",
"original-service" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
"translated-service" : "85c0f50f-6d8a-4528-88ab-5fb11d8fe16c",
"meta-info" : {
"lock" : "unlocked",
"validation-state" : "ok",
"last-modify-time" : {
"posix" : 1557088214832,
"iso-8601" : "2019-05-05T22:30+0200"
},
"last-modifier" : "System",
"creation-time" : {
"posix" : 1557088214832,
"iso-8601" : "2019-05-05T22:30+0200"
},
"creator" : "System"
},
"comments" : "",
"enabled" : true,

 

 

And the error when running the export :

 

Exporting NAT policy

Getting information from show-nat-rulebase

Retrieved 50 out of 388 rules (12%)

Traceback (most recent call last):
File "import_export_package.py", line 59, in <module>
export_package(client, args)
File "/home/darren/Downloads/Check Point/automation/cp_mgmt_apit_git_clone/ExportImportPolicyPackage/exporting/export_package.py", line 59, in export_package
nat_data_dict, nat_unexportable_objects = export_nat_rulebase(show_package.data["name"], client)
File "/home/darren/Downloads/Check Point/automation/cp_mgmt_apit_git_clone/ExportImportPolicyPackage/exporting/export_nat_rulebase.py", line 13, in export_nat_rulebase
rulebase_rules, general_objects = get_query_nat_rulebase_data(client, {"package": package})
File "/home/darren/Downloads/Check Point/automation/cp_mgmt_apit_git_clone/ExportImportPolicyPackage/exporting/export_objects.py", line 174, in get_query_nat_rulebase_data
if "Automatic Generated Rules : " in rulebase_item["name"]:
KeyError: 'name'

 

 

Any info would be appreciated 🙂 

 

 

0 Kudos
FraP
Contributor

I think you have some sections in the nat rulebase, without an explict name...
Open smartconsole, check in the rulebase for each section named "New Section", and rename it like you prefer, publish, and run the export script again.
Let me know if it's work...

(1)
PhongNN
Contributor
It 's worked with me
But when i import to another SMC, some objects failed to import. This is log about this:
Failed to import network with name [Net_10.10.10.0]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found


Failed to import network with name [LAB_192.168.48.0_22]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found


Failed to import network with name [VPN_Pool]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found


Failed to import network with name [VPN_Pool_02]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found


Failed to import network with name [Cyperbit_LAB]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found


Failed to import network with name [Net_192.168.0.0]. Error: message: Requested object [partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT] not found
code: generic_err_object_not_found
Do you see something like that before ???
Thank you so much
0 Kudos
FraP
Contributor

On your target SMS there is a missing object for some reason... check if "partial_export_error_simple-gateway_b2a92db4-c398-4ed5-96a7-71c1e3ddcc74_FW-MISOFT" exist also with
mgmt_cli -r true -f json show object uid "b2a92db4-c398-4ed5-96a7-71c1e3ddcc74"

For this reason the script is not able to import the network objects VPN_Pool,VPN_Pool_2 ecc....

Before you imported this package, did you check for errors during the export?

Anyway, if these are the only errors and the import complete successfully, you can try to fix it, or check on the old SMS where the objects are used, so you can manually fix it!

0 Kudos
PhoneBoy
Admin
Admin
Those look like "placeholder" objects that get created for objects that are not entirely configurable via the REST API but are referred to by other objects.
Specifically, there are several parameters in a gateway object that cannot currently be created via the REST API.
In this case, each one of these objects should have been deleted and replaced by their manually created equivalents.
0 Kudos
Darren_Fine
Collaborator

Hi Francesco_P,

 

You were correct !!! Would have never got that on my own - much appreciated !!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events