Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Pushing Security Policy using autoconf.clish error

Jump to solution

Hi CheckMates,

Everytime I use autoconf.clish to load the policy I receive this kind of errors:

_________________________________________________________________________________

Installing Security Policy...

sfw_make_policy_id: Warning: returning a dummy policy ID.

[ 17610 1999798272]@GW000[21 May 17:44:16]

sfw_load: Error loading security policy


Error loading policy.

sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1

Unable to install the Security Policy on the appliance

line 36: Autoconfiguration CLI script failed, clish return code = 1

_________________________________________________________________________________
Strangely the policy is fetched!

What can be wrong here?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Sapphire

You are using clish commands, but these are calling others like:

fw fetch

Fetch last policy

fw fetchdefault [-h]

Fetch default policy

fw fetchlocal [-h]

Fetch local policy

 

In Managed GWs, the GW will after reboot read both local policy and current policy from SMS; if they are the same, local copy will be installed, otherwise, fetched policy will be installed. Maybe when fetching policy from SMS, the unit found that the local policy is missing and issues an error - understandable after a reset to factory...

View solution in original post

0 Kudos
5 Replies
Highlighted
Admin
Admin
If you execute the precise command you've specified above in expert mode, does it work?
0 Kudos

The policy is pushed when the autoconf.clish script runs. Nevertheless it creates a log file with this error message.

If I apply the configuration in clish I don't receive any error message.

0 Kudos
Highlighted
Sapphire

I have often used autoconf.clish to configure IPs, Networks and WLAN, but these basic config never did push a security policy (as i did not define one in there). My questions:

- in which state of the box autoconf.clish is run (completely reset?)

- is it locally or centrally managed ?

0 Kudos
Highlighted

Yes, the gateway configuration was reverted to factory defaults before test.

The purpose is to automatically register it in Management Server (centrally managed).

I'm using this three commands at the end of the autoconf.clish:

 

set sic_init password <sic pass>
fetch certificate mgmt-ipv4-address <mgmt server ip> gateway-name <gateway name>
fetch policy mgmt-ipv4-address <mgmt server ip>

 

The script is working as the gateway is able to obtain the policy. I'm just curious about the error message.

 

0 Kudos
Highlighted
Sapphire

You are using clish commands, but these are calling others like:

fw fetch

Fetch last policy

fw fetchdefault [-h]

Fetch default policy

fw fetchlocal [-h]

Fetch local policy

 

In Managed GWs, the GW will after reboot read both local policy and current policy from SMS; if they are the same, local copy will be installed, otherwise, fetched policy will be installed. Maybe when fetching policy from SMS, the unit found that the local policy is missing and issues an error - understandable after a reset to factory...

View solution in original post

0 Kudos