SFM - Push template to XG broken?

Hello,

 

I use the template function to deploy new firewalls for my custommers with a default configuration I created as a template since many years now...

But I'm trying to deploy a new firewall today and I'm trying to push my template and it does not push the whole configuration to it. It pushes randomly just a few objects (between 0 and 50), and it says in the Management System Events that it's successful, with the number written in green, but it's not successful because it should push ~570 objects and not 50 or less...

 

I don't know if the problem is due to the 17.1.2 MR-2 firmware of SFM, but the last firewall sucessfully deployed before this ont which is not working, was when my SFM was still in 17.1.1 MR-1 firmware version.

 

The firewall which has to be deployed with the template is an XG115W 17.5.10 MR-10 (tried with the 17.5.3 MR-3 firmware which was installed by default and the result is the same).

 

Any ideas ?

 

Thanks.

 

Regards

  • I just created a new VM with SFOS 17.5.9 MR-9 on it, and tried to push templates to it, the issue is the same...

    So the problem is really on the SFM side.

    I would like to try to downgrade firmware of SFM to 17.1.1 MR-1 but I don't have the choice to do it on the GUI as we can see on the screenshot:

     

    Anyone have an idea of the ability to downgrade the firmware of SFM ?

     

    Thank you

     

    Regards

  • In reply to VikenNajarian:

    I found the way to downgrade the firmware by CLI.

    So now my SMF is back on 17.1.1 MR-1, and I launched a template push and it works well...

    So the problem is that 17.1.2 MR-2 broke the template push to devices...

    I opened a support case with all the details, and I hope they will correct the issue on 17.1.2 or maybe launch a 17.1.3 because in 17.1.1 the issues corrected on 17.1.2 are back :) 

  • Hi VikenNajarian,

    I'm also having a problem with pushing configuration from SFM to XG devices, I just wondering if what is your XG Central Management configuration and in SFM configuration? I really do appreciate your kind response. 

     

    Thank You

    Jay

  • In reply to RTG:

    Hi Jay,

     

    It depends of the firewall that I'm managing. I'm using templates to push a preconfigured template to new out of the box XG firewalls before customizing them to the customer and installing them on their site.

     

    In SFM 17.1.2 and 17.1.3 the XG Central Management is not configured before trying to push template and the issue is still the same right now.

     

    Only 17.1.1 works for template pushing to new devices.

  • In reply to VikenNajarian:

    Hi folks.

    please raise a support case.

    Ian

  • In reply to VikenNajarian:

    Hi VikenNajarian,

     

    Understood, do you have guidelines on how to downgrade the firmware in CLI?

     

    Thank You

    Jay

  • In reply to rfcat_vk:

    Hello

    The support case is already opened since few weeks, here is the number: #9760767 

     

    The last update I received was Wednesday, and they said that they will have a feedback from the development team on 01-Oct.

     

  • In reply to RTG:

    Hi Jay,

     

    There is no way to downgrade permanently on SFM. So the trick is to type "Enter" when the SFM is booting, and then you will have the choice to choose the firmware to load, and you will load the firmware that you want to boot.

    Then after the next reboot it will automaticaly boot on the newest firmware, so you will have to do the trick at every boot.

  • In reply to VikenNajarian:

    Hi VikenNajarian,

     

    Thank you for your help

  • In reply to VikenNajarian:

    Hi.

    do you really mean 1st October or 1st June?

    Ian

  • In reply to rfcat_vk:

    Hello,

     

    No, the 1st October, they said that in the last case update 3 days ago.

    The case hase been opened the 11 March, the issue is still there, and the next update from the development team is for the 1st October.

  • In reply to VikenNajarian:

    Hi folks,

    maybe we can ask for an update from H_Patel , 4 months wait with a support case issued is a bit long enemy opinion

    Ian