Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antonio_Martins
Contributor
Jump to solution

Pushing Security Policy using autoconf.clish error

Hi CheckMates,

Everytime I use autoconf.clish to load the policy I receive this kind of errors:

_________________________________________________________________________________

Installing Security Policy...

sfw_make_policy_id: Warning: returning a dummy policy ID.

[ 17610 1999798272]@GW000[21 May 17:44:16]

sfw_load: Error loading security policy


Error loading policy.

sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1

Unable to install the Security Policy on the appliance

line 36: Autoconfiguration CLI script failed, clish return code = 1

_________________________________________________________________________________
Strangely the policy is fetched!

What can be wrong here?

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

You are using clish commands, but these are calling others like:

fw fetch

Fetch last policy

fw fetchdefault [-h]

Fetch default policy

fw fetchlocal [-h]

Fetch local policy

 

In Managed GWs, the GW will after reboot read both local policy and current policy from SMS; if they are the same, local copy will be installed, otherwise, fetched policy will be installed. Maybe when fetching policy from SMS, the unit found that the local policy is missing and issues an error - understandable after a reset to factory...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
If you execute the precise command you've specified above in expert mode, does it work?
0 Kudos
Antonio_Martins
Contributor

The policy is pushed when the autoconf.clish script runs. Nevertheless it creates a log file with this error message.

If I apply the configuration in clish I don't receive any error message.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I have often used autoconf.clish to configure IPs, Networks and WLAN, but these basic config never did push a security policy (as i did not define one in there). My questions:

- in which state of the box autoconf.clish is run (completely reset?)

- is it locally or centrally managed ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Antonio_Martins
Contributor

Yes, the gateway configuration was reverted to factory defaults before test.

The purpose is to automatically register it in Management Server (centrally managed).

I'm using this three commands at the end of the autoconf.clish:

 

set sic_init password <sic pass>
fetch certificate mgmt-ipv4-address <mgmt server ip> gateway-name <gateway name>
fetch policy mgmt-ipv4-address <mgmt server ip>

 

The script is working as the gateway is able to obtain the policy. I'm just curious about the error message.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You are using clish commands, but these are calling others like:

fw fetch

Fetch last policy

fw fetchdefault [-h]

Fetch default policy

fw fetchlocal [-h]

Fetch local policy

 

In Managed GWs, the GW will after reboot read both local policy and current policy from SMS; if they are the same, local copy will be installed, otherwise, fetched policy will be installed. Maybe when fetching policy from SMS, the unit found that the local policy is missing and issues an error - understandable after a reset to factory...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events