Security

last person joined: 22 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  Fail to delete Policy

    Posted 09-02-2010 07:06

    Hi all,

     

    I'm running NSM 2010.2 and despite the client being a memory hog, it is working fine.

    This NSM is only managing the security policy of a cluster of SRX5800.

    Since this Firewall is working as a Core router and there are lots of changes on the Device outside NSM, I'm constantly importing the device and sometimes a new Policy is created.

    After having lots of policy versions, I delete obsolete ones to keep the GUI clean.

    I have been able to delete all Policies I wanted except six of them.

    The GUI confirms that these policies are not referenced on any device but when I click the Finish button to delete them I get the message "Failed to delete object. Please see error log for details".

     

    I checked the errorlog  guiDaemon.0 and found the following:

     

     

    [09/02/2010 15:03:43.707] [Error] [30868368-XmlContainerImpl.cpp:922] deleteObject failed because object (&1.rb_firewall.14) has following referrers:
    nsmpolicy/1.16.65520
    [09/02/2010 15:03:43.709] [Error] [30868368-nsSetDbXDb.cpp:1015] XdbException: Exception [4294967295]: Operation failed because this object (&1.rb_firewall.14) is currently referenced by other objects
    StackTrace:
            136444853: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN9ExceptionC2ERKSsi+0xa5) [0x821fbb5]
            135503324: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN5Utils17throwXdbExceptionEPKcz+0x7c) [0x8139ddc]
            135920449: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN16XmlContainerImpl13deleteObject_ERN5DbXml14XmlTransactionEtjR17RefCountedAutoPtrI16XdbUpdateContextEbb+0xc01) [0x819fb41]
            136214848: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN12XdbContainer12deleteObjectEtj17RefCountedAutoPtrI16XdbUpdateContextES0_I14XdbTransactionEjbb+0x1a0) [0x81e7940]
            137245018: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(setDbDeleteXdbSetObj+0xda) [0x82e315a]
            137146429: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cb03d]
            137685706: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(bbHashForEach+0x8a) [0x834eaca]
            137156464: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cd770]
            137161191: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModify+0x87) [0x82ce9e7]
            137162628: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModifyWithSet+0x494) [0x82cef84]
    [09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:5477] setDbDeleteXdbSetObj failed: domain(global), category(rb_firewall), id(14)
    [09/02/2010 15:03:43.710] [Error] [30868368-bbHash.c:760] bbHashForEachFunc() failed due to application error.
    [09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:4582] bbHashForEach failed
    [09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:2094] processDelete failed
    [09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:1319] nsSetDbMgrModify failed
    [09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgrUtils.c:151] Error executing 'modify' request: NS_SETDBMGR_QUERYCALLBACK_FAILED

     

    Where can I find this "nsmpolicy/1.16.65520" which is said to being referencing this policy?

     

    Thanks in advance

     

    Paulo Vasconcelos



  • 2.  RE: Fail to delete Policy
    Best Answer

    Posted 10-05-2010 02:09
    Hello Paulo I also experienced this problem, I was unable to delete some policies although they were no longer assigned to any device. I found, in my case, that this was due to objects contained in earlier versions of the policy. By restoring the oldest version of the problematic policy I was then able to delete it. I hope this helps Regards Tony


  • 3.  RE: Fail to delete Policy

    Posted 10-05-2010 08:05

    Thanks Tony, that worked a treat, been trying to solve that one for ages! Robot Very Happy



  • 4.  RE: Fail to delete Policy

    Posted 10-06-2010 01:26

    Thanks Tony! I'll give it a try!

     

    Cheers



  • 5.  RE: Fail to delete Policy

    Posted 10-15-2010 01:06

    Hi

     

    I have the same issue, I could not delete the policies even after devices and objects are deleted. In fact I have 3 old polices. 

     

    I simply logout and login to NSM and deleted the very first policy. Now it is deleted. Tried the next one soon, but failed.

    Again logout and login to NSM and can able to delete the next one.

     

    I am not sure, but to delete the plocies I used to logout and login everytime.  Pls try.

     

    Reg

    Boopathy

     

     



  • 6.  RE: Fail to delete Policy

    Posted 10-15-2010 02:07

    Tony's solution worked like a charm to me.

    Just restored the policies I couldn't delete to their original version and it worked flawlessly.

     

    Thanks again Tony.

     

    Cheers



  • 7.  RE: Fail to delete Policy

    Posted 10-25-2010 01:48
    Hi, I had the same issue with NSM 2010.3 and this solution works fine for me. Thank you!


  • 8.  RE: Fail to delete Policy

    Posted 12-16-2010 07:32

    Hi All, I had the same issue however there was no earlier version to restore.  But, I created a version, then went back in and restored the version prior to the one I created.  Once restored I was able to remove the policy.  Odd, but it worked.



  • 9.  RE: Fail to delete Policy

    Posted 12-16-2010 07:52

    I'm becoming more and more accostumed and less impressed to stuff like this as my time using Juniper products grows.... 🙂



  • 10.  RE: Fail to delete Policy

    Posted 01-18-2011 03:49

    Hi, I got the same problem too. I am using 2010.3

     

    May I know how do i restore the policy to the original version?

     

    I am not quite sure about the version thingy. May i know where can i see the version?

     

    Thanks



  • 11.  RE: Fail to delete Policy

    Posted 06-04-2011 22:41
    1.  right click on the policy you wanna delete.
    2. choose the last option " Show Versions".
    3. a new window will popup, there gonna be two lines; the first one tells you what is your current version & the second one tells you what is your inital version.
    4. click one the second one "initial version" & then click on restore.
    5. click next, next and then finish.
    6. right click on the policy you wanna delete & click delete, it should work now.


  • 12.  RE: Fail to delete Policy

    Posted 10-19-2012 02:50
    Hello Najiyousif, Thanks for your post. Your suggested steps did the trick. And I was able to delete to old policies! Kind regards, Antoinette