10-09-2013 11:29 AM
I've already imported all objects successfully with panxapi (part of PAN-Perl), and have manually created all zones referenced in security policy. But for some reason I keep getting error code 12 when I try to import policy. I've tried the xpath syntax from the Panorama-Device-Migration guide and also variations on the xpath based off what I see when using the API browser. Any idea what's wrong?
This is the syntax from the conversion guide…
mint-alternate ~ # panxapi -h $pan -S ./temp_security.xml "/config/devices/entry/device-group/entry[@name='Primary_Burlington_PA5020']/pre-rulebase"
set: HASH(0x1dfa9b8) status="error" code="12"
Also tried variations on the xpath based off what I saw in the API browser….
panxapi -h $pan -S ./temp_security.xml "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Primary_Burlington_PA5020']/pre-rulebase/security"
set: HASH(0x33a5918) status="error" code="12"
mint-alternate ~ # panxapi -h $pan -S ./temp_security.xml "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Primary_Burlington_PA5020']/pre-rulebase"
set: HASH(0x2ac8a88) status="error" code="12"
temp_security.xml was produced with this command:
panxapi -h $fw -sxr "/config/devices/entry/vsys/entry/rulebase/security" > temp_security.xml
Thanks!
10-09-2013 01:49 PM
the HASH() is because the response XML format is not recognized.
run panxapi with -x which will print the full XML response and see if
it shows clues.
panxapi -x -h $pan -S ./temp_security.xml "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='Primary_Burlington_PA5020']/pre-rulebase"
10-09-2013 05:32 PM
Ok I'll try that, thanks. So is the problem more likely with the input file I'm using, or with the xpath I'm using in the command? I ask because of the description of error code 12 in the XML API guide....
12 Invalid object Xpath or element values provided are not complete.
10-10-2013 04:19 PM
your show and set command (the one I quoted) look correct, so I think it may be something else. need to see the error message in the XML response.
10-17-2013 08:21 AM
First thing to consider is that you need to be careful if trying to import the entire config as there's has to be a concept of pre and post policies in your migration XML. Second, is more of a troubleshooting helper - enable debug (-D) in your commands to help drill down into where you're going wrong. My initial guess would be that it's complaining about your import breaking existing validity or something along those lines...
Good luck!
Dave
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
