Secure Firewall Migration Tool Error Messages

This document provides information about the messages that are generated by the Secure Firewall Migration Tool, when an error occurs during configuration push to the management center.

About Troubleshooting for the Firewall Migration Tool

A migration typically fails during the configuration file upload or, when the migrated configuration is being pushed to the management center.

Firewall Migration Tool Support Bundle

The Firewall Migration Tool provides a support bundle that contains valuable troubleshooting information such as log files, DB, and configuration files. To download the support bundle:

  1. On the Complete Migration screen, click the Support button.

  2. Check the Support Bundle check box and then select the configuration files to download.


    Note
    The Log and DB files are selected for download by default.

  3. Click Download.

    The support bundle file is downloaded as a .zip to your local path. Extract the zip folder to view the log, DB, and configuration files.

  4. Click Email us to email the failure details to the technical team.

    You can also attach the downloaded support files to your email.

  5. Click Visit TAC page to create a Cisco Technical Assistance Center (TAC) case for this failure.


    Note
    You can open a TAC case, at any time during the migration, from the support page.

Logs and Other Files Used for Troubleshooting

The table gives the name and location of files that are useful for identifying issues and troubleshooting them.

File Location

Log file

<migration_tool_folder>\logs

Pre-migration report

<migration_tool_folder>\resources

Post-migration report

<migration_tool_folder>\resources

unparsed file

<migration_tool_folder>\resources

Error Messages with Workaround

If you encounter any other issues, contact Cisco Technical Assistance Center (TAC) case for this failure and provide them with the support bundle that is downloaded from the Firewall Migration Tool.

Error While Pushing Network Groups: No Data

Explanation

Recommended Action

This error occurs in the source configuration file, when there is an object that has no IP Address or port value defined to it.

Check the Verbose logs on the Firewall Migration Tool to identify the file that has the error. Extract the configuration file again using the Web Visualization Tool as this problem occurs because of an export issue in Check Point. If the issue persists, contact TAC to create a TAC case for this failure and provide them with the support bundle that is downloaded from the Firewall Migration Tool.

VLAN Interface Type is Not Supported on This Device Model

Explanation

Recommended Action

This error occurs if you are using an older version of the Firewall Migration Tool.

Download the latest version of the Firewall Migration Tool to proceed with the migration.

Access-list in bulk [1 - 1000] Another operation by another user prevented this operation. Please retry

Explanation

Recommended Action

This error occurs when multiple users try to connect to the management center as the Firewall Migration Tool during the migration.

Avoid multiple connections to the management center when the Firewall Migration Tool is migrating a configuration.

Another operation by another user prevented this operation. Please retry after sometime.

Explanation

Recommended Action

This error occurs when multiple users try to connect to the management center as the Firewall Migration Tool during the migration.

Avoid multiple connections to the management center when the Firewall Migration Tool is migrating a configuration.

Object deletion restricted for Outside. Remove object from the following: Device - AUMEL DHCP Relay Se

Explanation

Recommended Action

This error occurs when the management center has several existing configurations and the Firewall Migration Tool is unable to clear the attributes of the device-specific configurations during the Push Phase.

Clear the existing configurations on the management center and proceed with the migration. If the issue persists, contact Cisco TAC to create a TAC case for this failure and provide them with the support bundle downloaded from the Firewall Migration Tool.

Invalid logical name used by Ethernet1/2. The name is being used in policies that are not supported by the Migration Tool. We recommend that you use a clean device for migration

Explanation

Recommended Action

This error occurs when the management center has several existing configurations and the Firewall Migration Tool is unable to clear the attributes of the device-specific configurations during the Push Phase.

Clear the existing configurations on the management center and proceed with the migration. If the issue persists, contact Cisco TAC to create a TAC case for this failure and provide them with the support bundle downloaded from the Firewall Migration Tool.

System experienced internal issues, please check the logs

Explanation

Recommended Action

This error occurs when the management center has several existing configurations and the Firewall Migration Tool is unable to clear the attributes of the device-specific configurations during the Push Phase.

Clear the existing configurations on the management center and proceed with the migration. If the issue persists, contact Cisco TAC to create a TAC case for this failure and provide them with the support bundle downloaded from the Firewall Migration Tool.

[PushException(PushException(Exception('Cannot modify the interface which is a member of EtherChannel interface.',),),), 'interfaces']

Explanation

Recommended Action

This error occurs when the management center has several existing configurations and the Firewall Migration Tool is unable to clear the attributes of the device-specific configurations during the Push Phase.

Clear the existing configurations on the management center and proceed with the migration. If the issue persists, contact Cisco TAC to create a TAC case for this failure and provide them with the support bundle downloaded from the Firewall Migration Tool.

Management Center Connection Issue

Explanation

Recommended Action

This error occurs when the Firewall Migration Tool loses connectivity to the management center.

Check the network connectivity.

Invalid URL

Explanation

Recommended Action

This error occurs when the Firewall Migration Tool supports the migration of a particular feature. For example, ACE Category Migration. The management center or the threat defense is not of the version that has the API support for the feature.

Refer to the Firewall Migration Tool User Guide and upgrade the management center or threat defense to the required version.

No Resource Found

Explanation

Recommended Action

This error occurs when the Firewall Migration Tool supports the migration of a particular feature. For example, ACE Category Migration. The management center or the threat defense is not of the version that has the API support for the feature.

Refer to the Firewall Migration Tool User Guide and upgrade the management center or threat defense to the required version.

network objects of type [host] bulk on [1-50] - {"error":{"category":"FRAMEWORK","messages":[{"description":"Invalid object ? is not allowed as the last character in an object description Please remove or replace ? and retry"}],"severity":"ERROR"}}

Explanation

Recommended Action

This error occurs when there are special characters in the Object description parameter of an object.

Check the Verbose logs to identify the source configuration and the object where the special characters, not supported by management center, were used. Correct the source configuration, upload, and migrate the configuration again using the Migration Tool.

Object with the same name already exists

Explanation

Recommended Action

This error occurs when Firewall Migration Tool is unable to validate the parsed configuration against the configuration elements available on the management center such as objects. This can be caused by any one of several reasons such as loss of connectivity.

Resume the migration, revalidate, and push the configuration by selecting resume > validate > push.