I'm running Sidewinder Admin Console 4.11, which manages multiple firewalls running versions 7.0.1.02 and 7.0.0.02. On the firewalls with 7.0.1.02, there is no issue. But on the 7.0.0.02 firewalls, when I attempt to create a Network Group in the Network Objects section, I receive the following error:
"swerror.TSWAttributeError: TSWAttributeError: TNetobj instance has no attribute 'cfgeolocation'.
I receive that when I click th Network Group button, or when I attempt to modify existing Network Groups. From what I can tell, the Admin Console is expecting to be able to create/modify Geolocations, but that was not available in 7.0.0.02. Via CLI, on 7.0.0.02, I type "cf query" and do not see geolocation. On 7.0.1.02, when I type cf query, I do see geolocation.
Is there a work around for this, or is it just not possible to use the Admin console to manage both 7.0.0.02 and 7.0.1.02?
It has been a while, but I don't think 7.0.0 to 7.0.1 required a different Admin Console - they were generally backwards compatible with machines running the same major version (in other words they are both 7.0.something).
The only proof will be to install a version of the Admin Console native to 7.0.0 on a different machine and give it a try.
If you still see the error it is likely that you'll need to raise a support ticket because there maybe something wrong with the configuration database.
Have you tried creating a test netgroup from the command line on you 7.0.0.02 system. Make a note of the names of two existing IP address objects (doesn't matter what they are) and run the following command:-
cf netgroup add name=TestGroup members=ipaddr:IP-object-1,ipaddr:IP-object-2
If you don't get an error, you should then be able to run cf netgroup query to check the netgroup object is listed. If you do see an error when you try to create the netgroup then I imagine it will be necessary to contact McAfee support.
Unfortunately, installing another version is not an option for me.
Doing anything via CLI works without a problem on the 7.0.0.02 firewall. It's only when I try to add/modify Netgroups via the GUI that the problems come up.
It's not a critical error, as the CLI commands work and this is a firewall that is rarely changed. I was just hoping someone had seen this issue before and had an idea of how to resolve it without doing a reinstall of the Admin Console.
Thanks for your help!
Then maybe there are enough differences between the Admin Console for 7.0.1.xx and 7.0.0.xx for this to be an issue. Essentially, when you configure something through the GUI all it is doing is issuing the equivalent "cf" commands. If the 'cf negroup add' command works, that's encouraging news and means there isn't an issue with the underlying configuration database.
Unfortunately for us, McAfee chose to use a completely different versioning mechanism for the Admin Console and I can't think far enough back to remember which Admin Console versions are specific to 7.0.0 Firewalls. All I can suggest is you go to the McAfee download site, enter the grant number for your Firewalls and because I believe 7.0.0.02 still exists for EAL conformity you'll probably find a link to 7.0.0.02 and from within that section download the Admin Console ISO file. As suggested you'll probably need to install it on a different PC as you may find the installer 'finds' the existing installation and because it is newer (but still a v7-compatible GUI), you may find it won't install. Major versions aren't an issue and my PC has Admin Console installations for G2 (v6), v7 & v8 Firewalls. I have a sneaking suspicion that the people I work for had a couple of customers who stuck with 7.0.0.xx long after 7.0.1 had been release and we had to maintain a separate Admin Console installation on a different machine, just for those 2 or 3 customers.
Actually, I just remembered something. I completely forgot about our backup server. The strange thing is both servers have the same symptoms in regards to Netgroups. As far as I can tell, they do not share a singular database that would explain two instances having the same problem, but I'm still learning the ins and outs of the Admin console, so maybe they do and I don't know about it.