Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor
Jump to solution

Violation Errors: The object name must not contain whitespace characters at the beginning or the end

Hi All,

At a customer we successfully upgraded from R81.10 to R81.20 Take 26 via a migration. Creating an export package, re-install the server and import the package. We used the latest deployment agent and the latest R81.20 migration tools.

After the upgrade we noticed 6 violations in SmartConsole with the following message:

"The object name must not contain whitespace characters at the beginning or the end" with a link to a rule in the policy.
When going to this rule, we noticed some Rule Names and Comments had a carriage return, so we fixed this. But the 6 violations remain. We performed several steps trying to solve the issue.

1. Leave the Rule Names and Comment blank.
2. Copy the rule below the original and remove the original rule.
3. Create a new rule with the same objects as the original one and remove the original rule.
4. Checked sk153833 and sk161294.

I would like to mention, we use the latest version of R81.20 SmartConcole and keyboard is set to English.

But all this did not help. At some actions the violations change to grayed out, but still 6 violations.

We can not find anything wrong within the rule.

Anyone seen this before? Is there a way to solve this, or do we need to involve TAC?

Regards,
Martijn

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Please open a ticket with TAC and send me the number (tfridman@checkpoint.com) or post it here. I will ensure that it receives high priority. TAC will also be able to provide you with a script to remove these validations.

View solution in original post

0 Kudos
16 Replies
the_rock
Legend
Legend

Hi Martijn,

Would you mind please share a screenshot? Be free to blur out any sensitive info. I never had this sort of problem in the lab or when upgrading customers from R81.20 to R81.20.

Kind regards,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

The errors point you to the specific rules, right? The next thing I would try is copying the rule's UUID and showing it on the command line like this:

mgmt_cli -f json -r true show object details-level full uid "<rule UUID>"

For example:

[Expert@TestSC]# mgmt_cli -f json -r true show object details-level full uid "2b922948-da96-4c9d-a654-063e0183f9ae"
{
  "object" : {
    "uid" : "2b922948-da96-4c9d-a654-063e0183f9ae",
    "name" : "Cleanup rule",
    "type" : "access-rule",
    "domain" : {
      "uid" : "41e821a0-3720-11e3-aa6e-0800200c9fde",
      "name" : "SMC User",
      "domain-type" : "domain"
    },
    "track" : {
      "type" : {
        "uid" : "29e53e3d-23bf-48fe-b6b1-d59bd88036f9",
        "name" : "None",
        "type" : "Track",
        "domain" : {
          "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
          "name" : "Check Point Data",
          "domain-type" : "data domain"
        },
        "color" : "none",
        "meta-info" : {
          "validation-state" : "ok",
          "last-modify-time" : {
            "posix" : 1668642045721,
            "iso-8601" : "2022-11-16T23:40+0000"
          },
          "last-modifier" : "System",
          "creation-time" : {
            "posix" : 1668642045721,
            "iso-8601" : "2022-11-16T23:40+0000"
          },
          "creator" : "System"
        },
        "tags" : [ ],
        "icon" : "General/globalsNone",
        "comments" : "No tracking.",
        "customFields" : null
      },
      "per-session" : false,
      "per-connection" : false,
      "accounting" : false,
      "enable-firewall-session" : false,
      "alert" : "none"
    },
    "layer" : "38271c2f-ab44-4e25-9aa4-e219cb6e12cf",
    "source" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "source-negate" : false,
    "destination" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "destination-negate" : false,
    "service" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "service-negate" : false,
    "service-resource" : "",
    "vpn" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "action" : {
      "uid" : "6c488338-8eec-4103-ad21-cd461ac2c473",
      "name" : "Drop",
      "type" : "RulebaseAction",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "color" : "none",
      "meta-info" : {
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642046034,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642046034,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "tags" : [ ],
      "icon" : "Actions/actionsDrop",
      "comments" : "Drop",
      "display-name" : "Drop",
      "customFields" : null
    },
    "action-settings" : { },
    "content" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "content-negate" : false,
    "content-direction" : "any",
    "time" : [ {
      "uid" : "97aeb369-9aea-11d5-bd16-0090272ccb30",
      "name" : "Any",
      "type" : "CpmiAnyObject",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "comments" : "",
      "color" : "black",
      "icon" : "General/globalsAny",
      "tags" : [ ],
      "meta-info" : {
        "lock" : "unlocked",
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642023237,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "read-only" : true,
      "available-actions" : {
        "edit" : "false",
        "delete" : "false",
        "clone" : "true"
      }
    } ],
    "custom-fields" : {
      "field-1" : "",
      "field-2" : "",
      "field-3" : ""
    },
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1668649434218,
        "iso-8601" : "2022-11-17T01:43+0000"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1668649434218,
        "iso-8601" : "2022-11-17T01:43+0000"
      },
      "creator" : "System"
    },
    "comments" : "",
    "enabled" : true,
    "install-on" : [ {
      "uid" : "6c488338-8eec-4103-ad21-cd461ac2c476",
      "name" : "Policy Targets",
      "type" : "Global",
      "domain" : {
        "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
        "name" : "Check Point Data",
        "domain-type" : "data domain"
      },
      "color" : "none",
      "meta-info" : {
        "validation-state" : "ok",
        "last-modify-time" : {
          "posix" : 1668642045629,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "last-modifier" : "System",
        "creation-time" : {
          "posix" : 1668642045629,
          "iso-8601" : "2022-11-16T23:40+0000"
        },
        "creator" : "System"
      },
      "tags" : [ ],
      "icon" : "General/globalsAny",
      "comments" : "The policy target gateways",
      "customFields" : null
    } ],
    "available-actions" : {
      "edit" : "true",
      "delete" : "false",
      "clone" : "not_supported"
    },
    "tags" : [ ]
  }
}

Are there any spaces at the start or end of any of the strings?

0 Kudos
Alex-
Leader Leader
Leader

I had this issue at a few customers, not all. It was generally solved by deleting the reported rules, publishing, and recreating them manually then publish again. That might be a variation of the sequence you already tried but I remember it was solved quite quickly by doing so.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Was about to suggest the same. Just do not forget to make a note/screenshot of affected rules once deleted and published 😄 Or you can also try revert the changes from revision after all 6 rules are deleted.

Kind regards,
Jozko Mrkvicka
0 Kudos
Martijn
Advisor
Advisor

Hi Alex,

We tried to remove the rule, publish and then create the rule again. It did not help. The Validation Error is still there, but now the link in the error is greyed out. That makes sense because the rule ID is not there anymore.

I think a TAC case the is only way to solve this.

Martijn

Validation.png

0 Kudos
IdentityUnknown
Contributor

May you share the results of the TAC case? Did you solve the issue?
I am running in the same issue with two customer ufter upgrading to R81.20 Take 41. So, in the case it is a bug, it is not fixed with Take 41.

0 Kudos
Timothy_Hall
Legend Legend
Legend

I've run into this during every single one of my upgrades into R81.20 and a TAC case is required, as they have to manually remove the violating object from postgres.  Not something you can figure out yourself, and I don't think customers trying to manually hack things in postgres is supported.  Wish they would release some kind of tool to let customers deal with this...

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
the_rock
Legend
Legend

I agree with @Timothy_Hall . I had to do the same few times, TAC case was needed.

Best,

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Please open a ticket with TAC and send me the number (tfridman@checkpoint.com) or post it here. I will ensure that it receives high priority. TAC will also be able to provide you with a script to remove these validations.

0 Kudos
Thomas_Eichelbu
Advisor
Advisor

Hello team, 

yes i have encountered the same ...
mostly i delete all texts from the affected firewall rules, publish and write the text new into the name and rulebase comments.
since there is a link in the error which let you jump to the affected rule.
mostly thats the way to go.

but i have seen one validation error that doesnt go away, since there is no link to jump to the rule any more.
this go to rule is grayed out ... strange.
1.PNG

so i use the cpm_doctor script to find any White Space errors.

4.png

but regarding those rules with policy "NULL" i need to search with the posted command ..

mgmt_cli -f json -r true show object details-level full uid "2b922948-da96-4c9d-a654-063e0183f9ae"

 

best regards

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi, I've spoken to R&D owners and they will publish an SK with a solution.

G_W_Albrecht
Legend Legend
Legend

AFAIK the solution is a script, deleteValidationIncidents.sh - so this will be available for download in the future SK ?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
IdentityUnknown
Contributor

Did they publish a sk in the meantime?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

I dont believe so either, but let @Tal_Paz-Fridman confirm.

Best,

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

The script deleteValidationIncidents.sh is currently not available in any SK, so you still have to open TAC SR# for it...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events