Sophos Firewall Change Port of VLANs via XML

Question

I followed this helfull guide:

Sophos Firewall: Interface / VLAN Migration via XML Import/Export

I am facing a migration from SG (UTM) to XGS (SFOS) with hundrets of VLANs an DHCP-Server.

Sophos Migration Support converted the config of the SG and provided it to me as a .backup file that i successfully loaded in the XGS 2100.

I now have all the VLANs on the wrong interface.

I tried to replace all "Port3" to "PortA1" just for a few VLANs with this xml:

<?xml version="1.0" encoding="UTF-8"?>
<Configuration APIVersion="1905.1" IPS_CAT_VER="0">
  <VLAN transactionid="">
    <Zone>LAN</Zone>
    <Interface>PortA1</Interface>
    <Hardware>PortA1.102</Hardware>
    <Name>PortA1.102</Name>
    <VLANID>102</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Address/>
    <IPv6Prefix/>
    <IPv6GatewayName/>
    <IPv6GatewayAddress/>
    <LocalIP/>
    <Status>Unplugged</Status>
    <IPv6Assignment/>
    <DHCPRapidCommit/>
    <IPAddress>10.101.2.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
  </VLAN>
  <VLAN transactionid="">
    <Zone>LAN</Zone>
    <Interface>PortA1</Interface>
    <Hardware>PortA1.103</Hardware>
    <Name>PortA1.103</Name>
    <VLANID>103</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Address/>
    <IPv6Prefix/>
    <IPv6GatewayName/>
    <IPv6GatewayAddress/>
    <LocalIP/>
    <Status>Unplugged</Status>
    <IPv6Assignment/>
    <DHCPRapidCommit/>
    <IPAddress>10.101.3.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
  </VLAN>
  <VLAN transactionid="">
    <Zone>LAN</Zone>
    <Interface>Port4</Interface>
    <Hardware>Port4.101</Hardware>
    <Name>Port4.101</Name>
    <VLANID>101</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Address/>
    <IPv6Prefix/>
    <IPv6GatewayName/>
    <IPv6GatewayAddress/>
    <LocalIP/>
    <Status>Unplugged</Status>
    <IPv6Assignment/>
    <DHCPRapidCommit/>
    <IPAddress>10.101.1.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
  </VLAN>
  <VLAN transactionid="">
    <Zone>LAN</Zone>
    <Interface>Port4</Interface>
    <Hardware>Port4.3333</Hardware>
    <Name>vl3333</Name>
    <VLANID>3333</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Address/>
    <IPv6Prefix/>
    <IPv6GatewayName/>
    <IPv6GatewayAddress/>
    <LocalIP/>
    <Status>Unplugged</Status>
    <IPv6Assignment/>
    <DHCPRapidCommit/>
    <IPAddress>172.19.33.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
  </VLAN>
  </Configuration>

Please see attached apiparser.log:

Fullscreen apiparser.log Download

INFO      Mar 20 12:10:34Z [19986]: Sanity check not required. And XML file is valid. xml: /sdisk/api-2023-03-20-13-10-34/Entities.xml.
INFO      Mar 20 12:10:34Z [19986]: Start Set Handler,Component : VLAN 
ERROR     Mar 20 12:10:34Z [19986]: Key:ISCrEntity is not found in RequestMap File for VLAN.
WARNING   Mar 20 12:10:34Z [19986]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Mar 20 12:10:34Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:10:34Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:10:34Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:10:34Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:10:34Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:10:34Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:11:25Z [19986]: Opcode response: status:200
INFO      Mar 20 12:11:25Z [19986]: Import for this component is done sucessfully!!!INFO      Mar 20 12:11:25Z [19986]: End  SET Handler, Status : Success,  Component : VLAN, Transaction : , Operation : NONE.
MESSAGE   Mar 20 12:11:25Z [19986]: ENTITY 'VLAN' IMPORT Success
INFO      Mar 20 12:11:25Z [19986]: Start Set Handler,Component : VLAN 
ERROR     Mar 20 12:11:25Z [19986]: Key:ISCrEntity is not found in RequestMap File for VLAN.
WARNING   Mar 20 12:11:25Z [19986]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Mar 20 12:11:25Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:25Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:25Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:11:25Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:11:25Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:25Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:11:43Z [19986]: Opcode response: status:500
WARNING   Mar 20 12:11:43Z [19986]: Opcode failed with 'Add' operation. So call opcode with 'Update'.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:43Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:11:43Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:43Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:11:43Z [19986]: Opcode response: status:500
ERROR     Mar 20 12:11:43Z [19986]: Opcode return status is neither 528 nor 200 for ImportSo Exiting.....
INFO      Mar 20 12:11:43Z [19986]: End  SET Handler, Status : Fail,  Component : VLAN, Transaction : , Operation : NONE.
MESSAGE   Mar 20 12:11:43Z [19986]: ENTITY 'VLAN' IMPORT Failed
INFO      Mar 20 12:11:43Z [19986]: Start Set Handler,Component : VLAN 
ERROR     Mar 20 12:11:43Z [19986]: Key:ISCrEntity is not found in RequestMap File for VLAN.
WARNING   Mar 20 12:11:43Z [19986]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:43Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:11:43Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:11:43Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:44Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:11:44Z [19986]: Opcode response: status:500
WARNING   Mar 20 12:11:44Z [19986]: Opcode failed with 'Add' operation. So call opcode with 'Update'.
ERROR     Mar 20 12:11:44Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:44Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:44Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:11:44Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:11:44Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:11:44Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:12:06Z [19986]: Opcode response: status:200
INFO      Mar 20 12:12:06Z [19986]: Import for this component is done sucessfully!!!INFO      Mar 20 12:12:06Z [19986]: End  SET Handler, Status : Success,  Component : VLAN, Transaction : , Operation : NONE.
MESSAGE   Mar 20 12:12:06Z [19986]: ENTITY 'VLAN' IMPORT Success
INFO      Mar 20 12:12:06Z [19986]: Start Set Handler,Component : VLAN 
ERROR     Mar 20 12:12:06Z [19986]: Key:ISCrEntity is not found in RequestMap File for VLAN.
WARNING   Mar 20 12:12:06Z [19986]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
ERROR     Mar 20 12:12:06Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:06Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:06Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:12:06Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:12:06Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:06Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:12:07Z [19986]: Opcode response: status:500
WARNING   Mar 20 12:12:07Z [19986]: Opcode failed with 'Add' operation. So call opcode with 'Update'.
ERROR     Mar 20 12:12:07Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:07Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:07Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
ERROR     Mar 20 12:12:07Z [19986]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
ERROR     Mar 20 12:12:07Z [19986]: type != const in logicaloperator.So string comparision is done.
ERROR     Mar 20 12:12:07Z [19986]: Flag setting for this opcode is 18.
INFO      Mar 20 12:12:29Z [19986]: Opcode response: status:200
INFO      Mar 20 12:12:29Z [19986]: Import for this component is done sucessfully!!!INFO      Mar 20 12:12:29Z [19986]: End  SET Handler, Status : Success,  Component : VLAN, Transaction : , Operation : NONE.
MESSAGE   Mar 20 12:12:29Z [19986]: ENTITY 'VLAN' IMPORT Success

This thread was automatically locked due to age.

LuCar Toni · Answer

Something seems to be off in V19.5 MR1 at least. 
 I can reproduce this problem and looking into it. Seems to be related to the fact, that the VLAN is already available on the firewall. 
 So if you can delete the old VLAN, this should work as an upload. But the edit (move) of a VLAN seems to be break. 
 BTW: I can confirm, deleting the old VLAN works. The Name seems to be the problem. 
 
 Please create a Backup before doing this! 
 We could try to workaround this. So if you edit the XML and add a 1 to all the VLANs, this could work. Verify you have only VLANs in your Import Export. Create a copy of your XML. 
 Then do the following in Notepad+: 
 This should add a 1 to all namens. 
 Upload this XML to your firewall with the new Port assigned. 
 Then upload the old XML (with the normal name but the Port Change).

Nevertheless, we are looking into this problem, why this occurs in the first place.