Comments (7)
Seems correct unless you miss preshared key, do you have any details on you error? Feel free to contact support if you face a database issue
from fp-ngfw-smc-python.
``I tried both in production and in a Lab Environment (which has nothing in common with the production one).
I did not include the preshared_key because, if I understood correctly, there is no need to specify it if both Firewalls are managed by the same SMC.
File "c:\path\to\fp-smc\smc_utils.py", line 85, in create_tunnel_interface
RouteVPN.create_ipsec_tunnel(name=comment,
File "C:\path\to\fp-smc\venv\Lib\site-packages\smc\vpn\route.py", line 196, in create_ipsec_tunnel
return versioned_method(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\path\to\fp-smc\venv\Lib\site-packages\smc\vpn\route.py", line 272, in _create_ipsec_tunnel_66
raise CreateVPNFailed(err)
smc.api.exceptions.CreateVPNFailed: Impossible to store the element (VPN S2S) FIRENZE - MILANO.
from fp-ngfw-smc-python.
It can be possible that the problem is with your vpn configuration, you need to check smc traces or try to configure the same on the gui to figure out the configuration error.
from fp-ngfw-smc-python.
I am able to correctly configure che Route-Based VPN using the GUI with the same endpoints.
That's the SMC Trace of the Error:
trace.log
from fp-ngfw-smc-python.
Please check the example given below and let me know if it works for you. We need to pass preshared_key in RouteVPN.create_ipsec_tunnel.
`def create_rbvpn(fw1, fw2, interface_id, comment):
engine1 = Engine(str(fw1))
engine2 = Engine(str(fw2))
engine1.tunnel_interface.add_cluster_virtual_interface(interface_id = interface_id, comment=comment)
engine2.tunnel_interface.add_cluster_virtual_interface(interface_id = interface_id, comment=comment)
TunnelMonitoringGroup.create(name=comment, comment=comment)
local_endpoint = TunnelEndpoint.create_ipsec_endpoint(
engine1.vpn.internal_gateway, engine1.tunnel_interface.get(interface_id))
remote_endpoint = TunnelEndpoint.create_ipsec_endpoint(
engine2.vpn.internal_gateway, engine2.tunnel_interface.get(interface_id))
RouteVPN.create_ipsec_tunnel(name=comment,
local_endpoint = local_endpoint,
remote_endpoint = remote_endpoint,
monitoring_group=TunnelMonitoringGroup(comment),
vpn_profile=VPNProfile("Suite-B-GCM-256"),
preshared_key=psk,
comment=comment)`
from fp-ngfw-smc-python.
Hi,
I tried to create a RBVPN using the Ansible Module and it gave me a more explicit error.
Then I passed a preshared key and it worked without problems.
"Impossible to store the element (VPN S2S) FIRENZE - MILANO. An element is invalid: With Tunnel type VPN and Encryption set to N/A, a Pre-shared Key is mandatory."
As per documentation of both Ansible Module and fp-NGFW-SMC-python there should be no need to pass a preshared-key if both firewalls are under the same SMC since the preshared will be autogenerated.
I think the issue is a mistake in the documentation or a missed implementation of the auto-generation of the preshared.
https://fp-ngfw-smc-ansible.readthedocs.io/en/latest/modules/route_vpn_module.html
from fp-ngfw-smc-python.
created a ticket to update documentation, which will be fixed in future smc-python and smc-ansible release.
from fp-ngfw-smc-python.
Related Issues (20)
- Lock an smc element HOT 1
- Create users with password in InternalDomain HOT 11
- Wrong version number in "smc/__version__" HOT 1
- certificate verification warnings using the INI file for session creation HOT 2
- add an IP configuration on a tunnel interface without IP HOT 1
- ServerBackupTask fails HOT 2
- Viewing an Alias' references does not show the element referenced in the Alias, only the address. HOT 1
- Setting standby mode on a TunnelInterface HOT 5
- AttributeError when importing smc module HOT 9
- smc_monitoring: SessionNotFound HOT 13
- AttributeError: 'NoneType' object has no attribute 'href' HOT 4
- session.login: Failed to get username HOT 4
- role 'Manage Administrator' mandatory for read only API clients HOT 1
- How add Exceptions on Phase-1ID in Engine Endpoints HOT 1
- How change tunnel Mode in PolicyVPN HOT 3
- Error with 'interface_id' from InternalEndpoint element HOT 10
- Search a firewall policy similarly to "Search Rules" function in SMC GUI HOT 1
- multiples sessions HOT 2
- engine.routing_monitoring Error HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fp-ngfw-smc-python.