Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 10541 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Import Full Configuration Failure

ChrisKnight

Trying to resolve a Captive Portal certificate binding issue. No matter what I do, the Captive Portal refuses to use the specified certificate and stubbornly uses the ApplianceCertificate certificate.

I've performed a backup, factory reset and restore but still have the same problem.

I've just tried an Export full configuration, factory reset, minimal configuration necessary and Import file, but end up with an "API Import Fail" error.

I'm not trying anything fancy, just using the same release (v17.1.1) and the same hardware (XG 115, same unit).

Is it possible to import a full configuration, or is there a trick I'm missing to successfully complete this?

Really not looking forward to reconfiguring from scratch for the four XG units I have that have this certificate binding issue :-(



This thread was automatically locked due to age.
  • 0

    Contents of /log/apiparser.log

     

    INFO : 4410 Sanity check not required. And XML file is valid. xml: /sdisk/api-2018-07-07-14-52-05/Entities.xml.
    INFO : 4410 Start Set Handler,Component : PopImapScanning
    ERROR : 4410 Key:ISCrEntity is not found in RequestMap File for PopImapScanning.
    WARNING : 4410 Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    WARNING : 4410 Mode value for 'Add' is not there, So Mode value is 'Update'.
    ERROR : 4410 Flag setting for this opcode is 16.
    INFO : 4410 Opcode response: status:200
    INFO : 4410 Import for this component is done sucessfully!!!INFO : 4410 End SET Handler, Status : Success, Component : PopImapScanning, Transaction : , Operation : NONE.
    INFO : 4410 Start Set Handler,Component : SophosAdaptiveLearning
    ERROR : 4410 Key:ISCrEntity is not found in RequestMap File for SophosAdaptiveLearning.
    WARNING : 4410 Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    WARNING : 4410 Mode value for 'Add' is not there, So Mode value is 'Update'.
    ERROR : 4410 Flag setting for this opcode is 16.
    INFO : 4410 Opcode response: status:200
    INFO : 4410 Import for this component is done sucessfully!!!INFO : 4410 End SET Handler, Status : Success, Component : SophosAdaptiveLearning, Transaction : , Operation : NONE.
    INFO : 4410 Start Set Handler,Component : PatternDownload
    ERROR : 4410 Key:ISCrEntity is not found in RequestMap File for PatternDownload.
    WARNING : 4410 Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    WARNING : 4410 Mode value for 'Add' is not there, So Mode value is 'Update'.
    ERROR : 4410 type != const in logicaloperator.So string comparision is done.
    ERROR : 4410 Flag setting for this opcode is 16.
    INFO : 4410 Opcode response: status:200
    INFO : 4410 Import for this component is done sucessfully!!!INFO : 4410 End SET Handler, Status : Success, Component : PatternDownload, Transaction : , Operation : NONE.
    INFO : 4410 Start Set Handler,Component : AdminSettings
    ERROR : 4410 Key:ISCrEntity is not found in RequestMap File for AdminSettings.
    WARNING : 4410 Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    WARNING : 4410 Mode value for 'Add' is not there, So Mode value is 'Update'.
    ERROR : 4410 Flag setting for this opcode is 16.
    INFO : 4410 Opcode response: status:200
    INFO : 4410 Import for this component is done sucessfully!!!WARNING : 4410 Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    WARNING : 4410 Mode value for 'Add' is not there, So Mode value is 'Update'.
    ERROR : 4410 Flag setting for this opcode is 16.
    INFO : 4410 Opcode response: status:500
    ERROR : 4410 Opcode return status is neither 528 nor 200 for ImportSo Exiting.....

  • 0

    Hi,

     

    i am kinda curios about the certificate issue. 

    Where did you get this certificate? Can you open the cert in windows and post a screenshot of it? Purpose etc. 

  • 0 in reply to LuCar Toni

    The certificate is irrelevant. Doesn't matter if it's a self-signed certificate, a commercial certificate for the FQDN or a wildcard certificate. Something in the process/configuration that binds the certificate to the captive portal isn't working right.

    Besides, that's a different problem from the fact that importing a full configuration generated from the same version of SFOS on the same XG Firewall doesn't work on a unit that has had a Factory Reset applied. Wondering if anyone else has experienced a similar problem, or if it's not possible to import a full configuration.

  • 0 in reply to ChrisKnight

    Ok - The point i tried to make is, the import export function creates a XML backup. So basically a tool, which tries to import everything via xml. If some configuration in your XML is broken, the other appliance does not accept this config file.

    And seems like something in your xml / config is broken. 

    The issue should be in the apiparser.log at the very last. 

  • 0 in reply to LuCar Toni

    I included the full contents of apiparser.log.

    My best guess is that each element is added sequentially, so it gets to the WebAdminSettings element and then falls over trying to set the Certificate as the CertificateAuthority element has yet to be processed. Which suggests that the XML export needs to be ordered correctly for dependencies to work.

    Not that the full configuration import was going to work for me anyway - no firewall rules in the full configuration export :-(

    EDIT: Rules are all there - I keep forgetting that Windows' Preview Pane for XML documents is broken, and won't show the complete contents. Open the Entities.xml in Notepad/Wordpad/etc and everything's there. Loading the full configuration back into a unit that's been factory reset still fails though.

  • 0 in reply to ChrisKnight

    As I suspected, the XML full configuration export pays no attention to correctly ordering the elements for an import to succeed.

    Once I reordered the elements to account for dependencies I was able to get an import working.