Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Object protocol case issue #16

Open
mjardeli opened this issue May 12, 2017 · 2 comments
Open

Object protocol case issue #16

mjardeli opened this issue May 12, 2017 · 2 comments

Comments

@mjardeli
Copy link

Hi Martin,

Seems another case issue.

Receiving error for the following parse

object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service same_name2
 service-object object TCPUDP

Error:

#[-]   Importing: <ASAObjGroupService # 3 'same_name2'>
Traceback (most recent call last):
  File "c2c.py", line 171, in <module>
    c2c.importConfig(args.cpPortsFile,args.cpNetObjFile,args.ciscoFile)
  File "lib/cisco2checkpoint.py", line 1758, in importConfig
    self._importPortGroups(self.parser.getPortGroups())
  File "lib/cisco2checkpoint.py", line 1842, in _importPortGroups
    self.addObj(CiscoServiceGroup(self, newGrp))
  File "lib/cisco2checkpoint.py", line 1062, in __init__
    for mm_r in parsedObj.result_dict:
  File "lib/ciscoconfparse_patch.py", line 519, in result_dict
    .format(name))
ValueError: FATAL: Cannot find service object named TCPUDP

kind regards,
martindube added a commit that referenced this issue May 15, 2017
@martindube
Added support for protocol groups to be member of service groups (#16).
2c0ffe0
@martindube
Copy link
Contributor

The error disappeared but the example above generate a group with a "any port" member. I'm not sure if it will successfully import. Can you test?

@mjardeli
Copy link
Author

Yes, i'm receiving the following error:

Validation error in field '' of element #1 at object 'same_name2' @ 'Services' --> The referenced object 'any' from table 'globals' does not exist in the database
Object contain invalid reference
Error in line: 6
services::same_name2 Validation error in field '' of element #1 at object 'same_name2' @ 'Services' --> The referenced object 'any' from table 'globals' does not exist in the database
Object contain invalid reference for services::same_name2
Error in line: 7

Is it possible to create a service on checkpoint (on files data/default_r7730_) like tcp_all 1-65535 ( same for udp) and use it accordingly ?
If its not possible on checkpoint part, maybe adding the following to the cisco default.

object-group service tcp_all tcp
 port-object range 1 65535
object-group service udp_all udp
 port-object range 1 65535

Its important to instead of use ANY, to allow only tcp and/or UDP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martindube @mjardeli