Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Weird address object - can't be deleted

Simon_WeelSimon_Weel Enthusiast ✭✭
in Entry Level Firewalls

After updating our TZ470 to the latest firmware, 7.0.1-5111, one of the address objects has changed name. The object name was KB uitsluiting crystalmark.info and has changed to KB uitsluiting \u0009crystalmark.info

And I can't change the name, nor delete the object. When trying, I get the message Command 'address-object fqdn "KB uitsluiting \u0009crystalmark.info"' is not found or Command 'no address-object fqdn "KB uitsluiting \u0009crystalmark.info"' does not match

Any ideas how to fix this?

Category: Entry Level Firewalls
Reply

Best Answers

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @Simon_Weel did you checked on the CLI how this Object looks in the configuration? Web UI seems to have some trouble with it.

    show address-object fqdn <hit tab for list of objects>

    or for all FQDN objects

    show address-objects fqdn

    --Michael@BWC

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    @Simon_Weel could you please post the whole block like

    address-object fqdn EXT_F_sonicwall.com
    name EXT_F_sonicwall.com
    uuid 00000000-0000-0034-0100-18b169905d80
    zone WAN
    domain *.sonicwall.com
    no dns-ttl
    exit

    --Michael@BWC

  • CORRECT ANSWER
    prestonpreston All-Knowing Sage ✭✭✭✭
    edited April 2023 Answer ✓

    Hi Simon, go to the CLI type in the below or copy and paste (make sure there is only one line break between the commands)

    conf

    no address-object fqdn "KB uitsluiting\tcrystalmark.info"

    exit

    commit

Answers

  • Simon_WeelSimon_Weel Enthusiast ✭✭

    The CLI displays "KB uitsluiting    crystalmark.info" - notice the bunch of spaces. It looks like \u0009 translates to the TAB character?

    Can't delete it using the CLI as well....

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Simon_Weel can you post the portion of your config shown by "show address-object" for that fqdn?

    --Michael@BWC

  • Simon_WeelSimon_Weel Enthusiast ✭✭
    edited April 2023

    With Putty, I have to press TAB twice to get the list of objects and then it lists:

    image.png

    Looks like a TAB character somehow made it's way into the description of the object. In the GUI, the TAB shows as \u0009 and in the CLI is translated to four spaces.

  • Simon_WeelSimon_Weel Enthusiast ✭✭

    @BWC Ok, my misunderstanding. Took a while before I noticed the names are case-sensitive and quotes are needed:

    image.png

    It lists when \t is used.

    Then issued the commands as @preston lists and ... now I'm in trouble. The CLI reports "Service disabled" and when I try to reconnect "An error occurred : websocket connection error.Do you want to view log?"

    The log lists:

    Application init at Mon Apr 17 2023 13:23:46 GMT+0200 (Midden-Europese zomertijd)

    Info: Transport layer start connecting...

    Info: Open websocket, bookmark id is ?ssh2service=router.koppesbouwkunde.nl

    Info: Detected binaryType support in WebSockets

    Error: Websocket error: websocket connection error.

    Info: Websocket closed

    Info: Transport layer start connecting...

    Info: Open websocket, bookmark id is ?ssh2service=router.koppesbouwkunde.nl

    Info: Detected binaryType support in WebSockets

    Error: Websocket error: websocket connection error.

    Info: Websocket closed

    And the address object is still there....

    I guess I have to restart the appliance but with a number of colleagues using Remote Desktop, that's not possible at the moment - has to wait to the evening....

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited April 2023

    @Simon_Weel I'am not sure what the command caused, but if you don't commited the change a reboot should fix it. Isn't the websocket used for the SSL-VPN Portal Bookmarks RDP? The command @preston mentioned looked good to me.

    address-object fqdn "test \tcrystalmark.info"
    name "test \tcrystalmark.info"
    uuid 00000000-0000-0022-0100-2cb8ed6c9594
    zone LAN
    domain crystalmark.info
    no dns-ttl
    exit

config(xxxxxxxxxxxxx)# no address-object fqdn "test \tcrystalmark.info"
config(xxxxxxxxxxxxx)# end

Uncommitted changes found. Commit them now
before exiting(yes/no/cancel)?
[cancel]: yes
% Applying changes...
% Status returned processing command:
    end
% Changes made.

    If you don't wanna worry about escaping you could try to delete by uuid, but the object must not in use anywhere.

    no address-object fqdn uuid  <put the uuid from above in here>

    --Michael@BWC

  • Simon_WeelSimon_Weel Enthusiast ✭✭

    Well, the problem seems to have remedied itself. After a couple of hours, the CLI is back again and the offending address object is gone.

    So thanks to everybody for helping me fix this!

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Simon_Weel I joined the club today, against my conviction I migrated a NSa 2650 to a NSa 2700 and was plagued with the \u0009 myself, it seems that this is not an isolated incident.

    @MustafaA the migration tool should be fixed to strip out these characters if they cannot be handled properly in the UI.

    --Michael@BWC

  • VivekVivek SonicWall Employee

    Hi @BWC -- Thank you for the feedback. I'd like to take this back to our Dev teams managing the migration tool. I have DMd you my email address. We can start working on this from the support side and then take it forward with engineering.

Sign In or Register to comment.