Central Firewall Groups, massive conflict issue when re-registering firewalls

Hello,

Central firewall groups would be a great thing for distributed companies if it didn't have the following massive conflict issue.

When you put a firewall in a new group

and in that new group start to build your hosts and rulesets.

put a firewall in that group.

the firewall applies the hosts and rules and other objects that exist in central automatically.

so far so good.

.

Now you have a firewall issue and Sophos support asks you to remove that firewall from central and re-register it.

you may think: Ok, no problem, you deregister them

note: all the objects, you created (and even more automatically created) on central will remain and keep working on the firewall.

next you register them again to your central account.

put them back into the central firewall group you created earlier.

firewall then tries to sync the hosts and rules again from central

what's next? EPIC FAIL!

Task Queue errors, because conflicting objects exist on central and on the firewall.

Suche "record exists" (78 Treffer in 1 Dateien von 1 gesucht)
  new 1 (78 Treffer)
	Line 23:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"schedule\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 49:       "responseStatus": "{\"Entity\":\"schedule\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 75:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"schedule\",\"statusmessage\":\"record exists\"}",
	Line 101:       "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"schedule\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 127:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"schedule\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 153:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"schedule\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 1349:       "responseStatus": "{\"Entity\":\"services\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 1375:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"services\",\"status\":\"502\"}",
	Line 1401:       "responseStatus": "{\"Entity\":\"services\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 1427:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"Entity\":\"services\",\"status\":\"502\"}",
	Line 1453:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"Entity\":\"services\",\"status\":\"502\"}",
	Line 1479:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"services\"}",
	Line 1505:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"status\":\"502\",\"Entity\":\"services\"}",
	Line 1531:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"services\"}",
	Line 1557:       "responseStatus": "{\"Entity\":\"services\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 1583:       "responseStatus": "{\"Entity\":\"services\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 1609:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"services\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 1635:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"services\",\"Event\":\"ADD\"}",
	Line 1661:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"services\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 1687:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"services\"}",
	Line 2025:       "responseStatus": "{\"Entity\":\"fqdnhost\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 2051:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\"}",
	Line 2155:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 2571:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"fqdnhost\",\"statusmessage\":\"record exists\"}",
	Line 2623:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\",\"Event\":\"ADD\"}",
	Line 2675:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\"}",
	Line 2948:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"status\":\"502\",\"Entity\":\"fqdnhost\"}",
	Line 2974:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\"}",
	Line 3104:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"fqdnhost\",\"status\":\"502\"}",
	Line 3156:       "responseStatus": "{\"Entity\":\"fqdnhost\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 3234:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"fqdnhost\"}",
	Line 3312:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"fqdnhost\"}",
	Line 3416:       "responseStatus": "{\"Entity\":\"fqdnhost\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 3468:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"fqdnhost\"}",
	Line 3520:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\"}",
	Line 3754:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Entity\":\"fqdnhost\",\"Event\":\"ADD\"}",
	Line 3923:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhost\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 4287:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"guestuserssmsgateway\"}",
	Line 4313:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"Entity\":\"guestuserssmsgateway\",\"status\":\"502\"}",
	Line 4339:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"guestuserssmsgateway\"}",
	Line 4365:       "responseStatus": "{\"Entity\":\"adsserver\",\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 4391:       "responseStatus": "{\"Entity\":\"adsserver\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 4417:       "responseStatus": "{\"Entity\":\"adsserver\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 4443:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"applicationfilterpolicy\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 4469:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"applicationfilterpolicy\",\"statusmessage\":\"record exists\"}",
	Line 4495:       "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"applicationfilterpolicy\",\"statusmessage\":\"record exists\",\"status\":\"502\"}",
	Line 4521:       "responseStatus": "{\"Entity\":\"applicationfilterpolicy\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 4547:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"applicationfilterpolicy\"}",
	Line 4573:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 4599:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\"}",
	Line 4625:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\"}",
	Line 4651:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 4677:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 4703:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 4729:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"fqdnhostgroup\",\"status\":\"502\"}",
	Line 4755:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"fqdnhostgroup\"}",
	Line 4768:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\"}",
	Line 4794:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 4820:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\"}",
	Line 4846:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 4872:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 4898:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\"}",
	Line 4924:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"fqdnhostgroup\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\"}",
	Line 4950:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"Entity\":\"fqdnhostgroup\"}",
	Line 4976:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 5002:       "responseStatus": "{\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"fqdnhostgroup\"}",
	Line 5028:       "responseStatus": "{\"Entity\":\"fqdnhostgroup\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 5054:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\"}",
	Line 5080:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"fqdnhostgroup\"}",
	Line 5106:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"fqdnhostgroup\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 5132:       "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"countryhostgroup\",\"statusmessage\":\"record exists\",\"status\":\"502\"}",
	Line 5158:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"countryhostgroup\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 5184:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"countryhostgroup\"}",
	Line 5210:       "responseStatus": "{\"statusmessage\":\"record exists\",\"Entity\":\"countryhostgroup\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 5236:       "responseStatus": "{\"Entity\":\"countryhostgroup\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\",\"status\":\"502\"}",
	Line 5262:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"record exists\",\"Entity\":\"countryhostgroup\"}",
	Line 5288:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"countryhostgroup\",\"Event\":\"ADD\",\"statusmessage\":\"record exists\"}",
	Line 5314:       "responseStatus": "{\"Entity\":\"countryhostgroup\",\"statusmessage\":\"record exists\",\"status\":\"502\",\"Event\":\"ADD\"}",
Suche "fail" (44 Treffer in 1 Dateien von 1 gesucht)
  new 1 (44 Treffer)
	Line 9:         "statusmessage": "Failed because of Invalid Parameters"
	Line 192:       "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"webcategoryurlgroup\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\"}",
	Line 5366:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterexception\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 5379:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterexception\",\"status\":\"502\"}",
	Line 5392:       "responseStatus": "{\"Entity\":\"webfilterexception\",\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 5405:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterexception\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 5418:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"webfilterexception\"}",
	Line 5431:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"webfilterexception\"}",
	Line 5444:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterexception\",\"Event\":\"ADD\"}",
	Line 5457:       "responseStatus": "{\"Entity\":\"webfilterexception\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 5470:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterexception\"}",
	Line 5483:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"webfilterexception\"}",
	Line 5496:       "responseStatus": "{\"Entity\":\"webfilterexception\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 6835:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 6848:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"Event\":\"ADD\"}",
	Line 6861:       "responseStatus": "{\"Entity\":\"useractivity\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\"}",
	Line 6874:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"useractivity\"}",
	Line 6887:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\"}",
	Line 6900:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"Event\":\"ADD\"}",
	Line 6913:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"useractivity\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 6926:       "responseStatus": "{\"status\":\"502\",\"Entity\":\"useractivity\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\"}",
	Line 6939:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"useractivity\"}",
	Line 6952:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"useractivity\"}",
	Line 6965:       "responseStatus": "{\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"useractivity\"}",
	Line 6978:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"useractivity\"}",
	Line 6991:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"useractivity\"}",
	Line 7004:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"status\":\"502\"}",
	Line 7017:       "responseStatus": "{\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"status\":\"502\"}",
	Line 7030:       "responseStatus": "{\"Event\":\"ADD\",\"Entity\":\"useractivity\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 7043:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"Entity\":\"useractivity\",\"status\":\"502\"}",
	Line 7056:       "responseStatus": "{\"Entity\":\"useractivity\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\"}",
	Line 7069:       "responseStatus": "{\"Entity\":\"useractivity\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 7082:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"useractivity\",\"status\":\"502\",\"Event\":\"ADD\"}",
	Line 7446:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterpolicy\"}",
	Line 7472:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"webfilterpolicy\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 7498:       "responseStatus": "{\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Entity\":\"webfilterpolicy\"}",
	Line 7524:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\",\"Entity\":\"webfilterpolicy\"}",
	Line 7550:       "responseStatus": "{\"Entity\":\"webfilterpolicy\",\"Event\":\"ADD\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\"}",
	Line 7576:       "responseStatus": "{\"Entity\":\"webfilterpolicy\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"Event\":\"ADD\",\"status\":\"502\"}",
	Line 7602:       "responseStatus": "{\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"webfilterpolicy\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 7628:       "responseStatus": "{\"Entity\":\"webfilterpolicy\",\"Event\":\"ADD\",\"status\":\"502\",\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\"}",
	Line 7654:       "responseStatus": "{\"statusmessage\":\"Orm Configuration Failed Duplicate Record.\",\"status\":\"502\",\"Event\":\"ADD\",\"Entity\":\"webfilterpolicy\"}",
	Line 7680:       "responseStatus": "{\"statusmessage\":\"Failed because of Invalid Parameters\",\"Entity\":\"securitypolicy\",\"invalidparams\":[\"srczones\"],\"status\":\"501\",\"Event\":\"ADD\"}",
	Line 7693:       "responseStatus": "{\"invalidparams\":[\"srczones\"],\"Event\":\"UPDATE\",\"status\":\"501\",\"Entity\":\"securitypolicy\",\"statusmessage\":\"Failed because of Invalid Parameters\"}",

Who do you think want's to delete all those manually and automatically created objects you push from central to the firewalls manually? Only for re-registering the firewalls? Only for them beeing recreated just when you've deleted them? Funny job, isn't it?

Why, why Sophos, don't you apply GUID and a modify date to your central groups or something else, that allows the firewall or central, to identify, that an object on the firewall is actually from central and there is no need to conflict something.

Firewall Central groups are unusable the way they are developed by now.

I think in the last 2 years I needed to re-register firewall to Central about 5 or 6 times. And we know, Sophos support and the techy persons here in the forums are asking to re-register quite often.



typos
[bearbeitet von: LHerzog um 8:46 AM (GMT -7) am 29 Mar 2022]
Parents Reply Children
  • Let me know if you have mapped the Zones in your Dynamic Zone configuration as mentioned in step 5 of the following doc page.
    - Dynamic zones

    This is done under the section "Mappings". The drop-down menu for "Zone Type" is a Label for the Dynamic Zone as opposed to an actual mapping. 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • thanks for your PM and answer here.

    I have not used Dynamic zones and already deleted the firewall groups from our Central account because they make no sense at the current stage of Central usability.

    If I create a support case for this as asked in PM, will they ask me to recreate the issue? Because I would need a test appliance for that. No way I would do this with a machine in production and try to delete that stuff manually after de-registration.

  • I will obtain a test device to replicate the issue to inquire further with our team. I will let you know here as we make further progress on this.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you for taking your time! I hope if this would be acknowledged by Sophos Central team, a solution will be developed.

    use my cheat sheet to reproduce it:

    1. Register a firewall to central
    2. in central firewall management, create a new firewall group
    3. in that firewall group create one random object or rule
    4. put a firewall in that group (the firewall applies the object from above and some default objects that exist in central automatically)
    5. deregister the firewall from central (note: all the objects, you created (and the automatically created ones) on central will remain and keep working on the firewall)
    6. register the firewall again to your central account
    7. put them back into the central firewall group you created earlier
    8. firewall then tries to sync the hosts and rules again from central and this task fails due to conflicting objects
  • did you have time to recreate this? should be quite easy though

  • When testing this with a very basic setup with only one or two rules added, I did not run into the same issue. Do you know if the rules you’re using are referencing dynamic objects as well? 

    I will contact our team to see if we can replicate the issue with a more elaborate configuration. 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Actually it depends on the configuration you are using. 

    Because in the most scenarios this is working fine.

    Only Support can tell the actual issue and consider to find the issue, why the object cannot be pushed. 

    As the template (entire config) cannot be pushed, there is one object, which is actually faulty. And this objects needs to be figured out. 

    You cannot say "delete a firewall, recreate it and you will have this issue". Because that is not the way, this problem occurs. My firewall configs with round about 400 objects works fine. 

    There is a certain config object within your config, which causes this problem. And this needs to be analysed by the DEV team. So we need a case to begin with, to give this to DEV. 

    As this seesm to be related to the TLS rules, if you take a closer look to your TLS rules in Central, what can you figure out there? Are there rules? Which kind of rules? Are those rules maybe causing this problem? Can you delete them and try to push the template again? Will this work? How does those TLS rules look like? 

    __________________________________________________________________________________________________________________

  • Thanks for your repiles.

    When we tested this, we did some 5 minutes of dummy configuration to test out what our Sophos partner warned us about.

    No DPI settings or dynamic objects created on central.

    As you can see as prove on one of the screenshots, the conflicts also (and mostly) for the objects automatically created by the firewall.

    like the work hours setting, which we do not even use.

    As I do not have more firewalls available, I cannot re-test it currently.