Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall rule could not be added / could not be updated

LHerzog

Hi,

I'm trying to edit firewall rules - basic thing of a firewall, isn't it?

Version SFOS 18.0.1 MR-1-Build396

an hour ago i noticed, I could not rename a rule,

so i cloned it and deleted the "bad" one.

Now i have an other rule where I wanted to change a setting. Same issue:

Firewall rule "User-2-WAN" could not be updated.
Now I cannot even clone the rule! After click on clone rule above, the new rule shows up and on clicking on save it says in that nice little red box:
Firewall rule "Clone_User-2-WAN" could not be added.
Other admin user has the same problem.
Other browser: same problem.
What's the issue?


This thread was automatically locked due to age.
Parents
  • 0

    Seems like there is a configuration setting in this rule, which cannot be upgraded to the new rule. 

    Can you link a screenshot of this rule? 

  • 0 in reply to LuCar Toni

    All quite basic stuff in this rule. All zones and DST objects exist. The DSTs are Host IP.

  • 0 in reply to LHerzog

    this is logged in tomcat.log when I try to change the rule

    2020-11-05 18:16:13,65:INFO:CSC - EventBean: { opCode: update_firewall, mode: 105, waitForeResponse: true, requestType: 0, opcodetype: 2, entityId: 23, beanName: cyberoam.firewall.helpers.FirewallRuleHelper, syncalbe: true, comProtocol: t }
2020-11-05 18:16:13,66:INFO:CSC - UserId: 153, ___username: myusername, __currentlyloggedinuserip: , ___component: GUI
2020-11-05 18:16:13,66:INFO:CSC - Event Bean:{ opCode: update_firewall, mode: 105, waitForeResponse: true, requestType: 0, opcodetype: 2, entityId: 23, beanName: cyberoam.firewall.helpers.FirewallRuleHelper, syncalbe: true, comProtocol: t }
2020-11-05 18:16:13,66:INFO:CSC - JSON Keys:
2020-11-05 18:16:13,66:INFO:CSC - JSON Keys: JSON Keys: ["ipspolicyid_cat", "___component", "heartbeat", "description", "rulename", "position_cat", "transactionid", "blockquickquic", "minpermittedhb", "groupname_cat", "dstzones_cat", "logginglevel", "dstzones", "serviceid_cat", "___serverip", "skip_local_destined", "___serverport", "firewallaction", "policytype", "ipfamily", "attachidentity", "srczones_cat", "srczones", "destinationid", "groupname", "dscpval_cat", "firewallaction_cat", "isenable", "dscpval", "currentlyloggedinuserid", "destinationid_cat", "__newname", "___serverprotocol", "dest_minpermittedhb", "position", "___username", "serviceid", "ipspolicyid", "currentlyloggedinuserip"]
2020-11-05 18:16:13,66:INFO:CSC - final opcode:
opcode apiInterface csc/1.0
content-type:json
content-length:1077

    and this in validationError.log 

                    - Validating custom function firewall::securitypolicy::validateSecurityPolicy($entityJSON,$request) : Result=false


 Length Of The ErrorList 1
********** Entity json validation log End FOR :5-11-2020  18:16:13 Objectname=firewall::securitypolicy

********** Entity json validation log:5-11-2020  18:19:54 Objectname=firewall::securitypolicy

        => Validation start for: dstzones_exception

        => Validation start for: ___serverip

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: isuseractdisable

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: transactionid

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: updatedat

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: pop

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: APIVersion

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: wfscheme

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: ___username

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: groupname

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: blockquickquic

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: position_cat

        => Validation start for: serviceid

                - Inside functin Validating type : ARRAY,STRING

                - Validating 'validateValidAndInvalidInput' for type ARRAY

                - Validating 'Foreign Entity' : Result=true with fhlog

        => Validation start for: Entity

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: destinationid

                - Inside functin Validating type : ARRAY,STRING

                - Validating 'validateValidAndInvalidInput' for type ARRAY

                - Validating 'Foreign Entity' : Result=true with fhlog

        => Validation start for: isenable

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: firewallaction

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: heartbeat

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: currentlyloggedinuserip

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: ipfamily

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: _discriminator

        => Validation start for: migratedpolicyroute

        => Validation start for: destinationid_exception

        => Validation start for: operationname

        => Validation start for: bwpolicyid

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: serviceid_exception

        => Validation start for: imaps

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: description

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: proxymode

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: srczones_cat

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: attachidentity

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: smtp

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: srczones

                - Inside functin Validating type : ARRAY,STRING

                - Validating 'validateValidAndInvalidInput' for type ARRAY

                - Validating 'Foreign Entity' : Result=true with fhlog

        => Validation start for: https

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: logginglevel

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: srczones_exception

        => Validation start for: rulename

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'require' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

                - validflag result = true,funcname=validateInputWithValidCharacters($entityJSON->{$key},$regexIndex,'')

                - Validating 'validateInputWithValidCharacters' : Result=true

        => Validation start for: wcatbasedbwpolicy

        => Validation start for: sourceid_exception

        => Validation start for: dest_heartbeat

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: ipspolicyid

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

                - Validating 'Foreign Entity' : Result=true with fhlog

        => Validation start for: ftp

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: __newname

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

                - validflag result = true,funcname=validateInputWithValidCharacters($entityJSON->{$key},$regexIndex,'')

                - Validating 'validateInputWithValidCharacters' : Result=true

        => Validation start for: enablesandstorm

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: dscpval_cat

        => Validation start for: webfilterid

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: appfilterid

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: sourceid

        => Validation start for: usecaptiveportal

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: afscheme

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: destinationid_cat

        => Validation start for: pops

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: userid

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: ___component

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: serviceid_cat

        => Validation start for: policytype

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'require' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: imap

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: dscpval

                - Inside functin Validating type : SCALAR,STRING

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: Event

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: dstzones_cat

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: smtps

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: appbasedbwpolicy

        => Validation start for: ___serverprotocol

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: firewallaction_cat

        => Validation start for: http

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: minpermittedhb

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: ___serverport

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: skip_local_destined

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: dest_minpermittedhb

                - Inside functin Validating type : SCALAR,INTEGER

                - Validating 'datatype' : Result=true

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: scheduleid

                - Validating 'defaultvalue' : Result=true : Default Value is assigned to key.

        => Validation start for: mode

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: dstzones

                - Inside functin Validating type : ARRAY,STRING

                - Validating 'validateValidAndInvalidInput' for type ARRAY

                - Validating 'Foreign Entity' : Result=true with fhlog

        => Validation start for: currentlyloggedinuserid

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: groupname_cat

                - Validating 'validateValidAndInvalidInput' for type SCALAR

        => Validation start for: ipspolicyid_cat

                - Validating 'validateValidAndInvalidInput' for type SCALAR

                - Validating custom function firewall::securitypolicy::validateSecurityPolicy($entityJSON,$request) : Result=false


 Length Of The ErrorList 1
********** Entity json validation log End FOR :5-11-2020  18:19:54 Objectname=firewall::securitypolicy

  • +1 in reply to LHerzog

    Is it just me, or why is your "Block QUIC protocol" greyed out but active? 

    That looks odd to me. Likely this causes your problem. Because i am not sure, how to generate such a rule in any way. Blocking of QUIC should be related to the proxy / web filtering. So it should be only possible if the proxy is enabled. 

  • 0 in reply to LuCar Toni

    great - this was the solution!

    I entered a web policy, unchecked block QUIC and could save.

    Then removed the web policy and saving was still possible. So removing the greyed out QUIC block solved it.

    Thanks!

  • 0 in reply to LHerzog

    Can you try to figure out, how you generate such a rule in the first place? Because if i try to do this, my rule are always deselecting this. Maybe Sophos missed a combination or this rule is "very old". 

  • 0 in reply to LuCar Toni

    this rule is some kind of old - maybe this has been migrated from older versions and never been touched afterwards. Today I just wanted to remove the block clients with no HB.

    Can I now after the rule has been changed, see when the second last change has been made?

Reply
  • 0 in reply to LuCar Toni

    this rule is some kind of old - maybe this has been migrated from older versions and never been touched afterwards. Today I just wanted to remove the block clients with no HB.

    Can I now after the rule has been changed, see when the second last change has been made?

Children
No Data