Unable to save config

Trying to duplicate the configuration currently on my primary firewall to a stand-by device through Policy Manager in System Manager, just for testing. Both are XTM 330. I can't save the config to the stand-by firebox. First message is "there are no feature keys" which I have seen before and was able to ignore that and save anyway. But now when I click No, it is forced "Please update your feature key". Can I not save this configuration on this spare device?

Comments

  • In Policy Manager, delete the Feature Key, and then paste in the Feature Key for the backup XTM 330.
    Then you can successfully save that config to the backup XTM 330

  • @Bruce_Briggs said:
    In Policy Manager, delete the Feature Key, and then paste in the Feature Key for the backup XTM 330.
    Then you can successfully save that config to the backup XTM 330

    I am not following this, Bruce. Delete "the" feature key and paste "the" feature key?

  • Open the config of the current firewall in Policy Manager.
    Delete THAT Feature Key.
    Import/paste in the Feature Key of the firewall to which you want to save the config.
    Save the to the backup firewall.
    The Feature key includes the model & serial number of the firewall amongst other things - which is why you need to do this.

  • @Bruce_Briggs said:
    Open the config of the current firewall in Policy Manager.
    Delete THAT Feature Key.
    Import/paste in the Feature Key of the firewall to which you want to save the config.
    Save the to the backup firewall.
    The Feature key includes the model & serial number of the firewall amongst other things - which is why you need to do this.

    Will this not brick the current firewall?

  • NO - you are not saving the modified config to the current firewall, you are saving it to the backup firewall

  • @Bruce_Briggs said:
    NO - you are not saving the modified config to the current firewall, you are saving it to the backup firewall

    I tried pasting the key into the backup and it kinda took it but still refuses to save the config with the same error "Please update your feature key"

  • We need details on the fireware version on your current and backup XTM 330s

  • Current is v12.1.3 but backup is only v11.10.5 - not compatible?

  • If your current one is 11.9 or newer and the backup one is 11.8x or older, then you need to change the setting here in Policy Manager, prior to doing the save:
    Setup -> OS Compatibility

  • You need to change the setting in Policy Manager, prior to doing the save:
    Setup -> OS Compatibility, select 11.9-11.12.x

  • Still refuses to save, same error

  • What WSM Policy Manager version are you using?

    There is this Known Issue which seems similar:
    Policy Manager v12.4 and later fails to save Feature Key to Firebox with Fireware v11.8 and older
    https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3ScSAI&lang=en_US

    Since XTM 330 units are End of Life, I'm not sure what help you can get from WG related to this error.

    Perhaps @James_Carson will comment.

  • WSM 12.6.3 and the Fireware is not older than the 11.8 threshold. It is at 11.10

  • I understand that which is why I said "which seems similar".

    Since you are stuck, you could try using Policy Manager from WSM V12.3 and see if that works.

  • I recommend using the SAME version of Policy Manager that you have for Fireware on those older Fireboxes. I have had issues with several old models with 11.9.4 that won't save even with the compatibility choice in newer PM versions. I keep a Win 10 virtual machine running just for that old box (it's at a client who has yet to update...he buys his own boxes).

    Gregg Hill

  • I usually just use the save version function and call it a day once I remove the old feature key and re-add it like @Bruce_Briggs mentions.

    @Greggmh123 does mention a clever idea of running a machine on the older software to configure it though.

  • @Tristan_Colo said:
    I usually just use the save version function and call it a day once I remove the old feature key and re-add it like @Bruce_Briggs mentions.

    @Greggmh123 does mention a clever idea of running a machine on the older software to configure it though.

    "I usually just use the save version function...."

    So do I, except for two Fireboxes running 11.7.x and 11.9.4 where that function fails. It actually corrupts the config file.

    Gregg Hill

Sign In to comment.