SonicOS 7 – How to fix invalid autogenerated entries?
Syzygy
Newbie ✭
Device: TZ570W running SonicOS 7.0.1-5018
Recently upgraded from a TZ500W. Imported settings from the older device.
Discovered that some autogenerated entries are invalid, and can’t seem to fix them.
Specifically, on the page:
Object > Profile Objects > Endpoint Security
there are multiple entries that are said to be “Custom” but were autogenerated by the SonicWall based on custom zones (defined/created/named on a different page in the past). Example: a zone named “Capture Client Zone”. The autogenerated entry for this zone shown on this page is “Capture Client Endpoint Security Capture Client Zone Profile”.
If I click on the pencil icon to edit the entry, it throws up an error message:
From a bit of troubleshooting, it appears that the maximum length of an entry here is something like 49 characters (while the autogenerated entry is 60 characters).
The problem is:
1. I can’t edit the name to make it shorter (results in the same error message)
2. I can’t delete the entry (results in the same error message)
3. I have even tried deleting the zone entirely to see if it automatically removes the entry – it doesn’t – the zone is gone, but the entry on this page remains.
Any suggestions on how to fix this?
Answers
Have you tried in the CLI?
Otherwise don't trust Sonicwall's config import matrix and recreate the config manually.
Thanks for the suggestion, but no, I have not tried in the CLI.
Any pointers on what command(s) I would even run in the CLI to accomplish this? Or is there a good document on the CLI that would cover this? (The command line documentation I have seen seems spotty/incomplete).
I also wondered if there is a setting in the "diag" page that could be enabled (or disabled) that would then allow this fix within the GUI, but didn't see anything that looked appropriate.
@Syzygy
CLI did it for me, but not surgically. You have to shotgun all the lists and/or groups. At least I did. Here are the steps.
Download Putty.
Make sure your LAN interface has SSH management enabled. It's under Network, Interfaces.
Launch Putty and go to the LAN IP of the SW. Log in with your admin creds. If you're also logged into the GUI, you will be given the option to preempt the GUI and take over configuration rights.
Once in, these are the commands I used:
configure
content-filter
(At this point you would normally be able to delete each URI List or Group surgically by name; however, the error happens here too. If we could use it, then at this point we would type:
no uri-list-object "object list name" or
no uri-list-group "group name"
Of course the names inside the quote would be the name of what you're trying to delete.)
Instead, I had to delete all the Lists and in my case all groups too since they were problematic as well. To do that I typed:
no uri-list-objects
no uri-list-groups
commit
I think I may have done the objects, committed that, and then the groups and committed that, but it should work either way.
Afterward, you can bring your old lists in from the previous Sonicwall by going to each list, exporting them, and then importing the lists individually to the new Sonicwall. If you had * as a wildcard in your old URI lists, you'll have to clean those out, but you can clean them all with the replace command in Excel.
So from the top, these are the commands I used:
Login
configure
content-filter
no uri-list-objects
no uri-list-groups
commit
exit, exit, exit