Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS 7 – How to fix invalid autogenerated entries?

Device: TZ570W running SonicOS 7.0.1-5018

Recently upgraded from a TZ500W. Imported settings from the older device.

Discovered that some autogenerated entries are invalid, and can’t seem to fix them.

Specifically, on the page: 

Object > Profile Objects > Endpoint Security 

there are multiple entries that are said to be “Custom” but were autogenerated by the SonicWall based on custom zones (defined/created/named on a different page in the past). Example: a zone named “Capture Client Zone”. The autogenerated entry for this zone shown on this page is “Capture Client Endpoint Security Capture Client Zone Profile”.

If I click on the pencil icon to edit the entry, it throws up an error message:

From a bit of troubleshooting, it appears that the maximum length of an entry here is something like 49 characters (while the autogenerated entry is 60 characters).

The problem is:

1.     I can’t edit the name to make it shorter (results in the same error message)

2.     I can’t delete the entry (results in the same error message)

3.     I have even tried deleting the zone entirely to see if it automatically removes the entry – it doesn’t – the zone is gone, but the entry on this page remains.

Any suggestions on how to fix this?

Category: Firewall Management and Analytics
Reply

Answers

  • TKWITSTKWITS All-Knowing Sage ✭✭✭✭

    Have you tried in the CLI?

    Otherwise don't trust Sonicwall's config import matrix and recreate the config manually.

  • SyzygySyzygy Newbie ✭

    Thanks for the suggestion, but no, I have not tried in the CLI.

    Any pointers on what command(s) I would even run in the CLI to accomplish this? Or is there a good document on the CLI that would cover this? (The command line documentation I have seen seems spotty/incomplete).

    I also wondered if there is a setting in the "diag" page that could be enabled (or disabled) that would then allow this fix within the GUI, but didn't see anything that looked appropriate.

  • MacGyverMacGyver Newbie ✭

    @Syzygy

    CLI did it for me, but not surgically. You have to shotgun all the lists and/or groups. At least I did. Here are the steps.

    Download Putty.

    Make sure your LAN interface has SSH management enabled. It's under Network, Interfaces.

    Launch Putty and go to the LAN IP of the SW. Log in with your admin creds. If you're also logged into the GUI, you will be given the option to preempt the GUI and take over configuration rights.

    Once in, these are the commands I used:

    configure

    content-filter

    (At this point you would normally be able to delete each URI List or Group surgically by name; however, the error happens here too. If we could use it, then at this point we would type:

    no uri-list-object "object list name" or

    no uri-list-group "group name"

    Of course the names inside the quote would be the name of what you're trying to delete.)

    Instead, I had to delete all the Lists and in my case all groups too since they were problematic as well. To do that I typed:

    no uri-list-objects

    no uri-list-groups

    commit

    I think I may have done the objects, committed that, and then the groups and committed that, but it should work either way.

    Afterward, you can bring your old lists in from the previous Sonicwall by going to each list, exporting them, and then importing the lists individually to the new Sonicwall. If you had * as a wildcard in your old URI lists, you'll have to clean those out, but you can clean them all with the replace command in Excel.

    So from the top, these are the commands I used:

    Login

    configure

    content-filter

    no uri-list-objects

    no uri-list-groups

    commit

    exit, exit, exit

Sign In or Register to comment.