XG firewall migration to 18 : probably a BUG

Here, the results of my trials:

I have at home an XG HOME firewall running the version 17.5.10-MR 10; I created and downloaded a backup file

When I tried to upgrade to the firmware version 18, the firewall restarted with the default configuration (Ver.18.0.0.GA running, but just the administrator password set, all other settings have been deleted -no users, no interfaces, no zones, no rules, etc.)

I have also a new XG115 to be prepared/configured for a customer of mine; I registered it, configured it for basic functions and I updated it to the latest firmware version shown (17.5.10-MR10); I also downloaded, from the Sophos site, the related new firmware version 17.5.11-MR11 and 18.0.0 GA Build 354-SF300); after, I configured it for customer environment (LAN IP address, WAN configuration, rules, hosts, etc.); at the end, I created and downloaded the configuration backup.

I tried to RESTORE, successfully, my Sophos XG Home configuration on customer’s XG

I tried to upgrade the firmware to version 18 and it started with the DEFAULT FACTORY configuration (Administrator password remained set)

I also tried to RESTORE the XG HOME configuration backup on version 18, but it didn’t work (I was able to restore, but, at the restart, it was still with the default factory configuration)

So I rollback the firewall, loading the other firmware image directly via GUI, and the configuration was back (and running, but on firmware 17.5.10-MR10)

Then I RESTORED the customer configuration, just created, on version/image 17.5.10-MR10 and it was OK; I updated the firmware version to the 18 and it was OK

I rolled back (boot) again to the version 17.5.10 using the second image on firewall, I RESTORED the XG HOME configuration and I tried to upgrade the firmware version to 17.5.11-MR11 just downloaded on the Sophos site, and IT WORKED WELL; it restarted with the firmware version 17.5.11-MR11 with the correct configuration.

So, I tried to UPGRADE (and boot) to the firmware version 18 and the firewall/GUI showed a message saying “It will restart with the default configuration, do you want to proceed?”

 

CONCLUSION:

The configuration of XG HOME firewall runs perfectly on version 17.5.10 and 17.5.11 (both on XG HOME device and on XG115 device), but cannot be migrated to the version18; I think there is something in these settings which the UPGRADE of firmware version 18 is NOT ABLE to RUN; in other words, the firmware 18 is NOT ABLE to migrate all parameters set and so it starts on factory default settings; migrating from the version 17.5.11-MR11, the issue persists, but is shown a message.

 

Is there a way to debug/understand why (or which part of configurtion)?

 

Many thanks in advance and best Regards  

Giorgio

  • Hi,

    V17.5.10 migration works, I used the software version of the sig file. At the moment I do not believe there is a migration process for v17.5.11.

    Ian

  • In reply to rfcat_vk:

    https://community.sophos.com/products/xg-firewall/b/blog/posts/sfos-17-5-mr11-released

    Note: The upgrade from this version SF 17.5 MR11 to v18.0 will follow soon. 

     

     

    Will be updated as V18.0 MR1, as far as i know. 

  • In reply to rfcat_vk:

    Hi,

    did you read my post? How can you say "it works" when I have just finished to describe 2 cases, using the same method to migrate, one configuration is perfectly migrated and the second FAILS at all, on the same machines, same version, same all?

    I'd say "it GENERALLY works, BUT NOT ALWAYS, so the migration, at the moment, is not completely sure/safe. There are situations/configurations (I hope few and rare cases) where it doesn't work at all

  • In reply to LuCar Toni:

    Hi LuCar,

    I'd say to not waste time speaking of 17.5.11; it was just an added trial that I described; the problem is that with 2 different configurations it didn't migrate corretly one of them, on the same appliance, from the same firmware version, on the same condition; the 17.5.11 trial was only to say that a firmware upgrade of this configuration from ver. 17.5.10 to 17.5.11 wotks perfectly, but not from 17 to 18, so it means that on version 18 still remain some "dark zones" which not permit the correct migration.

    Many thanks LuCar

  • In reply to Giorgio Premoli1:

    There is a log after migration. 

    /log/migration.log 

    It actually points, which database fails to migrate. 

     

  • In reply to LuCar Toni:

    Hi LuCar Toni,

    many thanks. I'll investigate on that. Now I have reset (initialized) the XG115 from the beginning (with an iso 17.5.10-10MR) and I've restored the backuped configuration that fails the upgrade; in the next days, I'll make some other trials and I'll check the log, as you suggested (since I don't have a big experience on Linux and Sophos O.S., could you suggest to me, please, how to get the log, step by step?)
    I'll keep you updated and, as soon as I'll have the answer to my issue, I'll post it here.

    Just a question: what's the structure? The images are hosted in 2 separated partitions and the configuration in another one? I mean: now on XG115 I have just one firmware present and the working configuration (restored); if I upgrade to version 18, it puts the new firmware in another partition and always try to use the configuration? Or the configiuation is stored in the same partition and it tries to load it just the first time when the new image is loaded?

    Let's assume I boot with the new firmware and it starts with the default factory configuration, if I roll back to the previous firmware version and I make some corrections to the configuration, when I boot (activate) again the new firmware, does it try to reload the configuration running or have I still to upgrade it, in order to check if the "modified" configuration works?

    Many thanks again.

    Giorgio

  • In reply to Giorgio Premoli1:

    Simple as that: 

    Upgrade. 

    Notice the Configuration is not migrated. 

    Log into the XG via SSH (Putty, MobaXTerm etc.). https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/cli/index.html

    Go to the Advanced Shell (Option 5, Option 3). 

    # cd /log

    # less migration.log

    Go to the Bottom: https://www.linode.com/docs/quick-answers/linux/how-to-use-less/

    Check the Last Logs, post the Output. 

    Optional: Copy the Content of the migration.log into your own PC. 

  • In reply to LuCar Toni:

    Hi LuCar,

    here the migration.log file; I'm not an expert, but I think the problem is on a "new" dimension of a string (rule name); I have marked it on BOLD, but please, have a check on all log.

    A little note: this "upgrade" has been made on the XG115 that was not connected to the WAN (you should find some "warnings" on that, but I had the same behaviour on XG Home that was connected.

     

    CONSOLE SCREEN (during the migration):

    Doing Appliance Specific Setting
    sh: write error: Invalid argument
    Loading firstboot configuration
    Reading firmware information
    Migrating config from SFOS 17.5.10 MR-10 to SFOS 18.0.0 GA-Build354
    ERROR(0x03): Failed to migrate config. Loading default.
    Firmware upgraded
    Password:

    Sophos Firewall
    ===============
    (C) Copyright 2000-2020 Sophos Limited and others. All rights reserved.
    Sophos is a registered trademark of Sophos Limited and Sophos Group.
    All other product and company names mentioned are trademarks or registered
    trademarks of their respective owners.

    For End User License Agreement - www.sophos.com/.../sophos-end-user-license-agreement.aspx

    NOTE: If not explicitly approved by Sophos support, any modifications
    done through this option will void your support.


    XG115_XN03_SFOS 18.0.0 GA-Build354# cd /log
    XG115_XN03_SFOS 18.0.0 GA-Build354# ls -l


    -rw-r--r-- 1 root 0 0 Apr 12 15:37 VPN.log
    -rw-r--r-- 1 root 0 4887041 Apr 14 10:28 WINGc.log
    -rw-r--r-- 1 root 0 879036 Apr 14 10:29 access_server.log
    -rw-r--r-- 1 root 0 3348 Apr 12 16:09 apache.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 apiparser.log
    -rw-r--r-- 1 root 0 236 Apr 14 05:23 app-feedback.log
    -rw-r--r-- 1 root 0 1734 Apr 14 10:28 appcached.log
    -rw-r--r-- 1 root 0 496873 Apr 14 10:29 applog.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 av.log
    -rw-r--r-- 1 root 0 1770861 Apr 14 10:29 avd.log
    -rw-r--r-- 1 root 0 417565 Apr 14 10:29 awarrenhttp.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 awarrenhttp_access.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 awarrensmtp.log
    -rw-r--r-- 1 root 0 11703 Apr 14 10:28 awed.log
    -rw-r--r-- 1 root 0 753 Apr 14 10:28 bgpd.log
    -rw-r--r-- 1 root 0 708 Apr 14 10:28 bwm.log
    -rw-r--r-- 1 root 0 5413 Apr 14 10:26 catUpdateLog
    -rw-r--r-- 1 root 0 3735 Apr 12 15:55 catUpdateLog11
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 centralmanagement.log
    -rw-r--r-- 1 root 0 20374 Apr 14 10:28 charon.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 chromebook-sso-backend.log
    -rw-r--r-- 1 root 0 563 Apr 14 10:28 clientless_access.log
    -rw-r--r-- 1 root 0 417 Apr 14 10:26 confdbstatus.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 crreportdb.log
    -rw-r--r-- 1 root 0 1581176 Apr 14 10:29 csc.log
    -rw-r--r-- 1 root 0 9218 Apr 14 10:12 cschelper.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 csd.log
    -rw-r--r-- 1 root 0 2242 Apr 14 10:28 ctasd.log
    -rw-r--r-- 1 root 0 56705 Apr 14 10:28 ctipd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 ctsyncd.log
    -rw-r--r-- 1 root 0 1431 Apr 14 10:28 ddc.log
    -rw-r--r-- 1 root 0 3204312 Apr 14 10:29 dgd.log
    -rw-r--r-- 1 root 0 4827 Apr 14 10:28 dhcpd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 dhcpd6.log
    -rw-r--r-- 1 root 0 38735 Apr 14 10:28 dnsd.log
    -rw-r--r-- 1 root 0 425 Apr 14 10:28 dnsgrabber.log
    -rw-r--r-- 1 root 0 506 Apr 14 10:20 dropbear.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 eacd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:36 entity.log
    -rw-r--r-- 1 root 0 11551 Apr 14 10:29 error_log.log
    -rw-r--r-- 1 root 0 9245 Apr 14 10:28 firewall_rule.log
    -rw-r--r-- 1 root 0 6268002 Apr 14 10:28 fqdnd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:38 fqdndebug.log
    -rw-r--r-- 1 root 0 908 Apr 14 10:28 ftpproxy.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 fwcm-eventd.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 fwcm-heartbeatd.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 fwcm-updaterd.log
    -rw-r--r-- 1 root 0 462 Apr 14 10:29 fwlog.log
    -rw-r--r-- 1 root 0 516592 Apr 14 10:29 garner.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 ha_pair.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 ha_tunnel.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 hbtrust.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 heartbeatd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 hostapd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 hotspotd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 hwmon.log
    -rw-r--r-- 1 root 0 1935205 Apr 14 10:29 ips.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 ipsec.log
    -rw-r--r-- 1 root 0 823 Apr 14 10:28 ipsec_monitor.log
    -rw-r--r-- 1 root 0 4594805 Apr 14 10:28 iview.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 l2tpd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 lcd.log
    -rw-r--r-- 1 root 0 18047 Apr 14 10:29 licensing.log
    -rw-r--r-- 1 root 0 672 Apr 14 10:27 mdev.log
    -rw-r--r-- 1 root 0 5306 Apr 14 10:25 migration.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 mrouting.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 msync.log
    drwxr-xr-x 2 root 0 4096 Apr 12 15:37 nSXLd
    -rw-r--r-- 1 root 0 3368 Apr 14 10:28 nSXLd.log
    -rw-r--r-- 1 root 0 7783 Apr 14 10:28 nasm.log
    -rw-r--r-- 1 root 0 493 Apr 14 10:28 nat_rule.log
    -rw-r--r-- 1 root 0 114856 Apr 14 10:28 networkd.log
    -rw-r--r-- 1 root 0 852953 Apr 14 10:20 ntpclient.log
    -rw------- 1 root 0 431 Apr 14 10:20 openvpn-status.log
    -rw-r--r-- 1 root 0 712 Apr 14 10:27 ospfd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 pimd.log
    -rw-r--r-- 1 root 0 2465 Apr 14 10:28 pktcapd.log
    -rw-r--r-- 1 root 0 32375 Apr 14 10:26 postgres.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 pptpvpn.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 radvd.log
    -rw-r--r-- 1 root 0 682 Apr 14 10:28 readobject.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 red.log
    drwxr-xr-x 2 root 0 4096 Apr 14 10:28 redis
    -rw-r--r-- 1 root 0 47123 Apr 14 10:26 reportdb.log
    -rw-r--r-- 1 root 0 3655 Apr 14 10:26 reportmigration.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 reverseproxy.log
    -rw-r--r-- 1 root 0 693 Apr 14 10:28 ripd.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 sac-feedback.log
    -rw-r--r-- 1 root 0 423 Apr 14 10:20 sandbox_reportd.log
    -rw-r--r-- 1 root 0 2017 Apr 14 10:28 sandboxd.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 sessiontbl.log
    -rw-r--r-- 1 root 0 1192 Apr 12 15:57 sig_upgrade.log
    -rw-r--r-- 1 root 0 5941 Apr 14 10:28 sigdb.log
    -rw-r--r-- 1 root 0 8112 Apr 14 10:26 sigmigration.log
    -rw-r--r-- 1 root 0 4533 Apr 12 16:09 skein.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 smbnetfs.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 smtpd_error.log
    -rw-r--r-- 1 root 0 13548783 Apr 14 10:29 smtpd_main.log
    -rw-r--r-- 1 root 0 131 Apr 12 15:38 smtpd_panic.log
    -rw-r--r-- 1 root 0 229 Apr 12 16:00 snireport.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 snmpd.log
    -rw-r--r-- 1 root 0 545 Apr 14 10:28 sophos-central.log
    -rw-r--r-- 1 root 0 103 Apr 14 10:26 sshd.log
    -rw-r--r-- 1 root 0 3110 Apr 14 10:20 sslvpn.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 ssod.log
    -rw-r--r-- 1 root 0 823 Apr 14 10:28 strongswan-monitor.log
    -rw-r--r-- 1 root 0 21542 Apr 14 10:28 strongswan.log
    -rw-r--r-- 1 root 0 486 Apr 12 16:06 strongswan_migration.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:36 sync.log
    -rw-r--r-- 1 root 0 35416 Apr 14 10:26 sysinit.log
    -rw-r--r-- 1 root 0 1012622 Apr 14 10:28 syslog.log
    -rw-r--r-- 1 root 0 4722 Apr 13 23:58 tmclient.log
    -rw-r--r-- 1 root 0 48645 Apr 14 10:28 tomcat.log
    -rw-rw-rw- 1 root 0 375 Apr 12 15:55 tracelog.txt
    -rw-r--r-- 1 root 0 226297 Apr 14 10:29 u2d.log
    -rw-r--r-- 1 root 0 2838 Apr 14 10:17 up2date_av.log
    -rw-r--r-- 1 root 0 0 Apr 12 16:09 validation.log
    -rw-r--r-- 1 root 0 200012 Apr 14 10:29 validationError.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 vhost.log
    -rw-r--r-- 1 root 0 4198 Apr 14 10:25 vpncertificate.log
    -rw-r--r-- 1 root 0 67851 Apr 14 10:28 warren.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 wc_remote.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:38 webproxy.log
    -rw-r--r-- 1 root 0 0 Apr 12 15:37 wifiauth.log
    -rw-r--r-- 1 root 0 0 Apr 14 10:27 xfrmi.log
    -rw-r--r-- 1 root 0 2092 Apr 14 10:29 zebra.log

     

    MIGRATION LOG FILE:

    XG115_XN03_SFOS 18.0.0 GA-Build354#
    XG115_XN03_SFOS 18.0.0 GA-Build354# cat migration.log

    Tue Apr 14 09:24:47 UTC 2020 starting old version corporate db
    Starting conf database
    308 2020-04-14 09:24:49.099 GMTLOG: could not connect socket for statistics collector: Network is unreachable
    308 2020-04-14 09:24:49.099 GMTLOG: disabling statistics collector for lack of working socket
    310 2020-04-14 09:24:49.099 GMTLOG: database system was shut down at 2020-04-14 09:20:25 GMT
    308 2020-04-14 09:24:49.104 GMTLOG: database system is ready to accept connections
    2020-04-14 11:24:50.877001+02
    Tue Apr 14 09:24:50 UTC 2020 : Database started after 0 seconds
    DROP SCHEMA
    UPDATE 3
    Stopping database
    308 2020-04-14 09:24:55.311 GMTLOG: received fast shutdown request
    308 2020-04-14 09:24:55.311 GMTLOG: aborting any active transactions
    311 2020-04-14 09:24:55.312 GMTLOG: shutting down
    311 2020-04-14 09:24:55.499 GMTLOG: database system is shut down
    Tue Apr 14 11:24:56 CEST 2020 : Database stopped after 1 seconds
    /sdisk/oldpgconfdump.sql is created
    Starting conf database
    358 2020-04-14 09:24:58.287 GMTLOG: could not connect socket for statistics collector: Network is unreachable
    358 2020-04-14 09:24:58.287 GMTLOG: disabling statistics collector for lack of working socket
    360 2020-04-14 09:24:58.288 GMTLOG: database system was shut down at 2020-03-19 18:27:59 GMT
    358 2020-04-14 09:24:58.293 GMTLOG: database system is ready to accept connections
    2020-04-14 09:25:00.27276+00
    Tue Apr 14 11:25:00 CEST 2020 : Database started after 0 seconds
    DROP SCHEMA config CASCADE
    DROP SCHEMA
    DROP SCHEMA public CASCADE
    DROP SCHEMA
    DROP PROCEDURAL LANGUAGE plpgsql
    372 2020-04-14 09:25:03.422 GMTERROR: cannot drop language plpgsql because extension plpgsql requires it
    372 2020-04-14 09:25:03.422 GMTHINT: You can drop extension plpgsql instead.
    372 2020-04-14 09:25:03.422 GMTSTATEMENT: DROP PROCEDURAL LANGUAGE plpgsql
    ERROR: cannot drop language plpgsql because extension plpgsql requires it
    HINT: You can drop extension plpgsql instead.
    CREATE SCHEMA public
    CREATE SCHEMA
    psql:/sdisk/oldpgconfdump.sql:16522: WARNING: column "senderemail" has type "unknown"
    DETAIL: Proceeding with relation creation anyway.
    psql:/sdisk/oldpgconfdump.sql:16522: WARNING: column "receipientemail" has type "unknown"
    DETAIL: Proceeding with relation creation anyway.
    setval
    --------
    160
    (1 row)

    setval
    --------
    1
    (1 row)

    setval
    --------
    1
    (1 row)

    setval
    --------
    1
    (1 row)

    setval
    --------
    1
    (1 row)

    setval
    --------
    1
    (1 row)

    setval
    --------
    131
    (1 row)

    361 2020-04-14 09:25:07.979 GMTLOG: checkpoints are occurring too frequently (9 seconds apart)
    361 2020-04-14 09:25:07.979 GMTHINT: Consider increasing the configuration parameter "checkpoint_segments".
    Stopping database
    358 2020-04-14 09:25:14.757 GMTLOG: received fast shutdown request
    358 2020-04-14 09:25:14.757 GMTLOG: aborting any active transactions
    361 2020-04-14 09:25:15.555 GMTLOG: shutting down
    361 2020-04-14 09:25:15.789 GMTLOG: database system is shut down
    Tue Apr 14 11:25:16 CEST 2020 : Database stopped after 2 seconds
    old conf to new conf migrated with return value :: 0
    Tue Apr 14 11:25:16 CEST 2020 starting migration log
    Starting conf database
    426 2020-04-14 09:25:17.104 GMTLOG: could not connect socket for statistics collector: Network is unreachable
    426 2020-04-14 09:25:17.104 GMTLOG: disabling statistics collector for lack of working socket
    428 2020-04-14 09:25:17.105 GMTLOG: database system was shut down at 2020-04-14 09:25:15 GMT
    426 2020-04-14 09:25:17.109 GMTLOG: database system is ready to accept connections
    2020-04-14 09:25:19.082834+00
    Tue Apr 14 11:25:19 CEST 2020 : Database started after 0 seconds
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 0
    INSERT 0 1
    UPDATE 1
    Old version is 17.318 and currentversion is 18.011
    Database is upgrading to dbv18.000
    Check migration for version dbv18.000
    Applying migration for version dbv18.000
    migrate_firewallrule
    ----------------------

    (1 row)

    migrate_firewallrule
    ----------------------

    (1 row)

    1308 2020-04-14 09:25:21.995 GMTERROR: value too long for type character varying(100)
    1308 2020-04-14 09:25:21.995 GMTCONTEXT: SQL statement "update tblvirtualhost set mappedport=destinationPort where ruleid =varRecord1.fwruleid"
    PL/pgSQL function replacemappingport() line 30 at SQL statement
    1308 2020-04-14 09:25:21.995 GMTSTATEMENT: select replaceMappingPort();
    psql:/_conf/DB/dbv18.000/corporate.sql:331: ERROR: value too long for type character varying(100)
    CONTEXT: SQL statement "update tblvirtualhost set mappedport=destinationPort where ruleid =varRecord1.fwruleid"
    PL/pgSQL function replacemappingport() line 30 at SQL statement
    /bin/psql -1 -p 5432 -U nobody -q -d corporate -f /_conf//DB/dbv18.000/corporate.sql Failed
    /bin/sh /_conf//DB/dbv18.000/migration.sh Failed
    UPDATE 1
    Stopping database
    426 2020-04-14 09:25:23.905 GMTLOG: received fast shutdown request
    426 2020-04-14 09:25:23.905 GMTLOG: aborting any active transactions
    429 2020-04-14 09:25:23.906 GMTLOG: shutting down
    429 2020-04-14 09:25:24.124 GMTLOG: database system is shut down
    Tue Apr 14 11:25:24 CEST 2020 : Database stopped after 1 seconds
    applymigration.sh exited with 1
    Tue Apr 14 10:25:47 BST 2020: Before mountconf unmount
    XG115_XN03_SFOS 18.0.0 GA-Build354#

  • In reply to Giorgio Premoli1:

    Could you take alook at V17.5 and check, whether one of the Mapped Port List is Empty in one of your Business Application Rule?

    This could be one of the old Bugs of V17.1 to V17.5 Migration. 

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/109780/change-destination-port-not-saving

     

    In V17.1, there was a "Change Port" Flag, which was removed. If this rule is that old, this flag could be still there and properly causing this issue. 

     

  • In reply to LuCar Toni:

    Hi LuCar,

    I have just checked and there aren't business rules where the mapping port field is NOT SET / FILLED.

    The only rule without a MAPPING PORT field set is where in the services there are 2 items and, the mapping port field is not ENABLED, so showed as EMPTY.

    Attached the image of the rule

    On other side, I have seen there are rules (Business and User/Network rules) where the name is quite long, like "FOSCAM CAM FI9999PX-v2 port 12345"; if you agree, I could try to change these names in shorter names and try again to upgrade.

     

  • In reply to Giorgio Premoli1:

    I have just tried to reduce the lenght of rules name and the Host names included on the business rules, but the error remain (same migration error in the related file) 

  • Hi  

    As per our discussion on twitter, request you to share the backup file from v17 and also open a service request and share the service request number you will receive from the support.

  • In reply to Keyur:

    Case number #9822103

    Many thanks

  • In reply to Giorgio Premoli1:

    Hi  

    Thank you for the service request number.

  • In reply to Giorgio Premoli1:

    The Flag is not there anymore. It was deleted and replaced by the option to self create the mapped Port option. 

    I guess, if you would delete both business application rules, the problem disappears. 

    Try to clone them and delete the old Rules.