Route-Based VPN Creation Error about fp-ngfw-smc-python HOT 7 CLOSED

Seems correct unless you miss preshared key, do you have any details on you error? Feel free to contact support if you face a database issue

from fp-ngfw-smc-python.

``I tried both in production and in a Lab Environment (which has nothing in common with the production one).

I did not include the preshared_key because, if I understood correctly, there is no need to specify it if both Firewalls are managed by the same SMC.

File "c:\path\to\fp-smc\smc_utils.py", line 85, in create_tunnel_interface
    RouteVPN.create_ipsec_tunnel(name=comment,
  File "C:\path\to\fp-smc\venv\Lib\site-packages\smc\vpn\route.py", line 196, in create_ipsec_tunnel
    return versioned_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\path\to\fp-smc\venv\Lib\site-packages\smc\vpn\route.py", line 272, in _create_ipsec_tunnel_66
    raise CreateVPNFailed(err)
smc.api.exceptions.CreateVPNFailed: Impossible to store the element (VPN S2S) FIRENZE - MILANO.

from fp-ngfw-smc-python.

It can be possible that the problem is with your vpn configuration, you need to check smc traces or try to configure the same on the gui to figure out the configuration error.

from fp-ngfw-smc-python.

I am able to correctly configure che Route-Based VPN using the GUI with the same endpoints.

That's the SMC Trace of the Error:
trace.log

from fp-ngfw-smc-python.

Please check the example given below and let me know if it works for you. We need to pass preshared_key in RouteVPN.create_ipsec_tunnel.

`def create_rbvpn(fw1, fw2, interface_id, comment):

engine1 = Engine(str(fw1))
engine2 = Engine(str(fw2))
engine1.tunnel_interface.add_cluster_virtual_interface(interface_id = interface_id, comment=comment)
engine2.tunnel_interface.add_cluster_virtual_interface(interface_id = interface_id, comment=comment)
TunnelMonitoringGroup.create(name=comment, comment=comment)
local_endpoint = TunnelEndpoint.create_ipsec_endpoint(
    engine1.vpn.internal_gateway, engine1.tunnel_interface.get(interface_id))
remote_endpoint = TunnelEndpoint.create_ipsec_endpoint(
    engine2.vpn.internal_gateway, engine2.tunnel_interface.get(interface_id))
RouteVPN.create_ipsec_tunnel(name=comment,
                             local_endpoint = local_endpoint,
                             remote_endpoint = remote_endpoint,
                             monitoring_group=TunnelMonitoringGroup(comment),
                             vpn_profile=VPNProfile("Suite-B-GCM-256"),
                             preshared_key=psk,
                             comment=comment)`

from fp-ngfw-smc-python.

Hi,

I tried to create a RBVPN using the Ansible Module and it gave me a more explicit error.

Then I passed a preshared key and it worked without problems.

"Impossible to store the element (VPN S2S) FIRENZE - MILANO. An element is invalid: With Tunnel type VPN and Encryption set to N/A, a Pre-shared Key is mandatory."

As per documentation of both Ansible Module and fp-NGFW-SMC-python there should be no need to pass a preshared-key if both firewalls are under the same SMC since the preshared will be autogenerated.

I think the issue is a mistake in the documentation or a missed implementation of the auto-generation of the preshared.

https://fp-ngfw-smc-ansible.readthedocs.io/en/latest/modules/route_vpn_module.html

from fp-ngfw-smc-python.

created a ticket to update documentation, which will be fixed in future smc-python and smc-ansible release.

from fp-ngfw-smc-python.