cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Support license expired - are policy changes prohibited?

Jump to solution

Sidewinder 8.1.3:  license is non-expiring, but support expired 6 months ago.

I cannot make a change to an existing policy.  The error is:

Administrator: System

Conflict:  An object referenced by Network group <>

Message:  Another administrator has made changes which conflict with your changes.  Your changes have been lost?
I tried making the change on 30 Mar 2015, but the conflict message is dated 12 Mar 2015.  March 12, 2015 is 184 days after support ended.

Or is this totally unrelated to licensing and support?

I created a host network object and saved the configuration.  When I tried putting it into a netgroup (which was used in a policy) I got the above error and Sidewinder deleted the host I had created.

1 Solution

Accepted Solutions
Highlighted
Level 14
Report Inappropriate Content
Message 4 of 6

Re: Support license expired - are policy changes prohibited?

Jump to solution

The command should not cause any traffic issues on the firewall.  The 'cf' database is compiled into some format that ACLd uses to process your rules; this command will cause the firewall to 'redo' the compilation.

A reboot of the firewall will fix the problem with conflicting changes.  We don't really ever see that message here in Support so I am not sure why you're getting it.  If you pasted the entire error message there may be more information there that we could investigate further.  The version you are at is very old but since the Support-license is expired you are unable to upgrade, which is what I would recommend here.

View solution in original post

5 Replies
Highlighted
Level 14
Report Inappropriate Content
Message 2 of 6

Re: Support license expired - are policy changes prohibited?

Jump to solution

The Support license-feature does not prevent you from Saving changes to the policy if it has expired.

Try this command:

$> cf policy repair

Highlighted

Re: Support license expired - are policy changes prohibited?

Jump to solution

"cf policy validate" shows no errors. I will try the cf policy repair command in a test lab before trying in production.  Any cautions when using cf policy repair?  I'm concerned about its deleting the policy database and restoring.  Can this command be executed while the firewall is up?  Where does it restore the policy database from?  Thanks for the quick response to my initial question!

Highlighted
Level 14
Report Inappropriate Content
Message 4 of 6

Re: Support license expired - are policy changes prohibited?

Jump to solution

The command should not cause any traffic issues on the firewall.  The 'cf' database is compiled into some format that ACLd uses to process your rules; this command will cause the firewall to 'redo' the compilation.

A reboot of the firewall will fix the problem with conflicting changes.  We don't really ever see that message here in Support so I am not sure why you're getting it.  If you pasted the entire error message there may be more information there that we could investigate further.  The version you are at is very old but since the Support-license is expired you are unable to upgrade, which is what I would recommend here.

View solution in original post

Highlighted

Re: Support license expired - are policy changes prohibited?

Jump to solution

We're actually on 8.3.1. I had reversed the digits.  We've renewed our contract so will be updating. Our immediate issue seems to be that our cluster is broken which is preventing updating a policy.  The GUI shows that only one of our two firewalls is in the cluster pair.  It is listed as the primary.  The second is shown as not in the cluster.  However, the command line cluster status shows both as primary and that the failover daemon is not running on the second firewall.  We will reboot at our next scheduled outage.

Highlighted

Re: Support license expired - are policy changes prohibited?

Jump to solution

Reboot of the malfunctioning Sidewinder in the cluster let the Sidewinder rejoin the cluster.  This allowed a network object to be created and the policy edited.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community