Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bebertjack
Contributor
Jump to solution

Migrate HTTPS inspection policy with ExportImportPolicyPackage

Hi all,

I've created a lab to test this script. I've two MGMT R80.40 with a FW and a policy for each. I have the access, threat prevention and https inspection layer in each policy.

During my tests the export part is OK but not the import part.

The export part:

Exporting HTTPS layers

Exporting HTTPS Layer [Https_Isnpection_source]

Retrieved 2 out of 2 rules (100%)

Processing https rules and sections

Exporting https rules from layer [Https_Isnpection_source]

Exporting https sections from layer [Https_Isnpection_source]

Exporting https placeholders for unexportable objects from layer [Https_Isnpection_source]

Exporting https layer settings of layer [Https_Isnpection_source]

Done exporting https layer 'Https_Isnpection_source'.

I've check the tgz file and everything seems OK. I've a csv file to describe the layer and a tgz file with the rules.

During the export there is a first problem, the import script log say that the SSL layer is a shared one but it's not:

Adding https-layers

Failed to import https-layer with name [Https_Isnpection_source]. Error: code: generic_err_invalid_parameter_name
message: Unrecognized parameter [shared]

ssl layer.png

at the end of the log another 

Importing Https_Layer [Https_Isnpection_source]

The version of the imported package doesn't exist in this machine! import with this machines latest version.

Adding https-rules

Failed to import https-rule. Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found -------> first rule of the layer without a name


Failed to import https-rule with name [dede]. Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found-------> second rule of the layer with a name (dede)


Failed to attach layers to package! Error: code: generic_err_object_not_found
message: Requested object [Https_Isnpection_source] not found
. Import operation aborted.

Does anyone have already export and import policy with SSL inspection rule? Does someone has a tip to do the work ?

 

Thanks

BBJ

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Please ensure you are using the most recent GA JHF.
It looks like the underlying issue was resolved in Take 83 of the JHF for R80.40: https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm?... 

Take 83

Released on 04 October 2020 and moved to General Availability on 25 October 2020

PRJ-16342,
PMTR-58390

SmartConsole

Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.

View solution in original post

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Please ensure you are using the most recent GA JHF.
It looks like the underlying issue was resolved in Take 83 of the JHF for R80.40: https://sc1.checkpoint.com/documents/Jumbo_HFA/R80.40/R80.40/R80.40-List-of-all-Resolved-Issues.htm?... 

Take 83

Released on 04 October 2020 and moved to General Availability on 25 October 2020

PRJ-16342,
PMTR-58390

SmartConsole

Setting or creating HTTPS layer (add-https-layer) with the "shared" parameter using the API may fail with the "Unrecognized parameter [shared]" error.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events