Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bebertjack
Participant

Migrate HTTPS inspection policy with ExportImportPolicyPackage

Hi all,

I've created a lab to test this script. I've two MGMT R80.40 with a FW and a policy for each. I have the access, threat prevention and https inspection layer in each policy.

During my tests the export part is OK but not the import part.

The export part:

Exporting HTTPS layers

Exporting HTTPS Layer [Https_Isnpection_source]

Retrieved 2 out of 2 rules (100%)

Processing https rules and sections

Exporting https rules from layer [Https_Isnpection_source]

Exporting https sections from layer [Https_Isnpection_source]

Exporting https placeholders for unexportable objects from layer [Https_Isnpection_source]

Exporting https layer settings of layer [Https_Isnpection_source]

Done exporting https layer 'Https_Isnpection_source'.

I've check the tgz file and everything seems OK. I've a csv file to describe the layer and a tgz file with the rules.

During the export there is a first problem, the import script log say that the SSL layer is a shared one but it's not:

Adding https-layers

Failed to import https-layer with name [Https_Isnpection_source]. Error: code: generic_err_invalid_parameter_name
message: Unrecognized parameter [shared]

ssl layer.png

at the end of the log another 

Importing Https_Layer [Https_Isnpection_source]

The version of the imported package doesn't exist in this machine! import with this machines latest version.

Adding https-rules

Failed to import https-rule. Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found -------> first rule of the layer without a name


Failed to import https-rule with name [dede]. Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found-------> second rule of the layer with a name (dede)


Failed to attach layers to package! Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found
. Import operation aborted.

Does anyone have already export and import policy with SSL inspection rule? Does someone has a tip to do the work ?

 

Thanks

BBJ

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Please ensure you are using the most recent GA JHF.
It looks like the underlying issue was resolved in Take 83 of the JHF for R80.40: https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm?... 

Take 83

Released on 04 October 2020 and moved to General Availability on 25 October 2020

PRJ-16342,
PMTR-58390

SmartConsole

Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.

0 Kudos