This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Dave_Taylor1
Collaborator
‎2018-07-10 10:43 AM

Validation Error

We are migrating R77.30 to R80.10 management. I am getting validation errors for a Service Group and I'm not able to determine which service is causing the issue. What changed with services from R77.30 to R80.10?

0 Kudos
Reply
7 Replies
HeikoAnkenbrand
Champion
Champion
‎2018-07-10 12:52 PM

If you start "migrate export" you will get a log file that describing the issues.  Now  you see the "service group" that causing the issue. Then open the DashBoard and check the "service group".

You can found more informations in SK117237:

R80.10 Pre-Upgrade Verifier notifications and their solutions 

Best regard

Heiko

0 Kudos
Reply
Dave_Taylor1
Collaborator
‎2018-07-10 02:57 PM

I'm aware of which Service Group, but I'm not aware of what inside the group is causing the issue. There are160 objects including individual services and additional groups inside this group.

I inherited this, so I'm trying to clean it up best I can.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2018-07-13 03:31 AM

The main thing that changed with respect to services is that you're not allowed to edit default services.

That said, the upgrade verifier should tell you which services (whether or not they're in a group) are impacted by this.

It would be really helpful if you could send the text/screenshot of the exact error you're seeing in context.

0 Kudos
Reply
Dave_Taylor1
Collaborator
‎2018-07-13 07:22 AM
In response to PhoneBoy

Thanks. The Upgrade Verifier only warned that the TFTP service needed to be renamed.

Not sure if this helps, but see the below screenshot. Basically it contains a large list of services we have to exclude for BlueCoat. Unfortunately this is the only solution we were able to find to allow only 80/443 traffic to the Bluecoat policy/tunnel. As you can see below it just says it "references invalid objects" doesn't indicate which object.

The group contains around 160 objects.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2018-07-13 08:33 AM
In response to Dave_Taylor1

If your goal is to exclude everything but 80/443, why not just create new TCP services that are ranges?

So you'd have three: One service for TCP port 1-79, one for port 81-442, and another for 444 to 65535.

That would be a simpler solution, I would think.

Reply
Dave_Taylor1
Collaborator
‎2018-07-13 08:40 AM
In response to PhoneBoy

We originally tried this route on our R77.30 management, but couldn't get it to work, and was told by support to add all the services as we did.

I am hoping that with R80.10 this is no longer an issue, as it is a pain to manage.

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2018-07-13 08:58 AM
In response to Dave_Taylor1

Related to this: Services configured as Excluded for IPSec tunnel are not being excluded 

0 Kudos
Reply