Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dave_Taylor1
Collaborator

Validation Error

We are migrating R77.30 to R80.10 management. I am getting validation errors for a Service Group and I'm not able to determine which service is causing the issue. What changed with services from R77.30 to R80.10?

0 Kudos
7 Replies
HeikoAnkenbrand
Champion Champion
Champion

If you start "migrate export" you will get a log file that describing the issues.  Now  you see the "service group" that causing the issue. Then open the DashBoard and check the "service group".

You can found more informations in SK117237:

R80.10 Pre-Upgrade Verifier notifications and their solutions 

Best regard

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Dave_Taylor1
Collaborator

I'm aware of which Service Group, but I'm not aware of what inside the group is causing the issue. There are160 objects including individual services and additional groups inside this group.

I inherited this, so I'm trying to clean it up best I can.

0 Kudos
PhoneBoy
Admin
Admin

The main thing that changed with respect to services is that you're not allowed to edit default services.

That said, the upgrade verifier should tell you which services (whether or not they're in a group) are impacted by this.

It would be really helpful if you could send the text/screenshot of the exact error you're seeing in context.

0 Kudos
Dave_Taylor1
Collaborator

Thanks. The Upgrade Verifier only warned that the TFTP service needed to be renamed.

Not sure if this helps, but see the below screenshot. Basically it contains a large list of services we have to exclude for BlueCoat. Unfortunately this is the only solution we were able to find to allow only 80/443 traffic to the Bluecoat policy/tunnel. As you can see below it just says it "references invalid objects" doesn't indicate which object.

The group contains around 160 objects.

0 Kudos
PhoneBoy
Admin
Admin

If your goal is to exclude everything but 80/443, why not just create new TCP services that are ranges?

So you'd have three: One service for TCP port 1-79, one for port 81-442, and another for 444 to 65535.

That would be a simpler solution, I would think.

Dave_Taylor1
Collaborator

We originally tried this route on our R77.30 management, but couldn't get it to work, and was told by support to add all the services as we did.

I am hoping that with R80.10 this is no longer an issue, as it is a pain to manage.

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events