VPN policies not visible after conf import

SonicAdmin80

I'm testing importing settings from a TZ500 to TZ670. When I go to VPN policies after import I don't see any of the policies there, it's just a blank page.

I can see them from the CLI or if I switch to the Gen 6 UI.

Is this a known issue in SonicOS 7? Any workaround?

SonicAdmin80

@Saravanan

I found the issue. Gen 7 UI has a problem with VPN policies that have the ampersand (&) character in their name. All other policies are also hidden until the policy with the ampersand is removed.

This is a bug in the Gen 7 UI as ampersands are allowed and work in the CLI and Gen 6 UI.

Saravanan

Hi @SONICADMIN80,

Thanks for your efforts to narrow down the issue. Please report this issue to our support team to file a bug.

https://www.sonicwall.com/support/contact-support/

Ajishlal

Hi @SonicAdmin80,

Please try to use SonicWall migration Tool.

https://migratetool.global.sonicwall.com/

SonicAdmin80

Hi @Ajishlal,

The tool doesn’t migrate VPN policies, perhaps because of this exact reason. Or are there other reasons for them not being migrateable?

Saravanan

Hi @SONICADMIN80,

Thank you for visiting SonicWall Community.

As per the support matrix shown below, the settings import from TZ 500 to TZ 670 is legitimate. We should be able to migrate settings successfully.

https://www.sonicwall.com/support/knowledge-base/can-settings-be-exported-imported-from-one-sonicwall-to-another-support-matrix/170505258332789/

Since you have issues with the VPN policies not visible, this needs to be documented and verified. Could you please share the firmware version on your TX 500 and TZ 670 devices respectively?

Ajishlal

Hi @SonicAdmin80,

The new device are enabled sometime " Disable Auto-Added VPN management Rules". So please Navigate to Diag.html --> Internal Settings --> under the VPN Settings -->Remove the tick mark If enable the Disable Auto-Added VPN management Rules & restart the Firewall.

Ajishlal

Hi @SonicAdmin80 ,

For getting the Diag page in TZ670 model,

SonicAdmin80

Hi @Saravanan & @Ajishlal ,

The setting was already unticked. TZ500 is at 6.5.4.7-83n and TZ670 at 7.0.0-R713.

Saravanan

Hi @SONICADMIN80, 

This needs to be investigated further. Could you please contact our support team to report this issue?

https://www.sonicwall.com/support/contact-support/

SonicAdmin80

https://community.sonicwall.com/technology-and-support/discussion/comment/5551#Comment_5551

Sure, I'll do that today.

SonicAdmin80

The problem seems to be specifically in the import process. I did a factory reset for the firewall and created a new policy from the CLI and it shows up in GUI as well.

That's enough for me now as I can enter the IPsec policies that way without having to do them manually. I created a ticket for this as well.