Operational Defect Database
BugZero found this defect 956 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000SNHKSA4
Cannot apply configuration template to fully managed device (Error: unable to validate configuration)
Last update date:
8/7/2022
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
All
Description:
Issue
Existing v12.0-12.5 configuration templates that were upgraded to v12.6 or higher might miss WebBlocker cache settings when applied to new devices. This means that the Management Server cannot validate the configuration before applying it.To identify this issue, check Management Server ap_dvcp events, or enable logging to file (C:\ProgramData\WatchGuard\logs\wmserver\ap_dvcp.log), and look for error messages similar to: app="ap_dvcp".....msg="Error (10281), Invalid configuration. Error line 845:Element 'cache': Missing child element(s). Expected is one of ( size, proxy-enabled )." /> app="ap_dvcp".....msg="Debug (10268), DVCP DEBUG: Failed to apply template" /> app="ap_dvcp".....msg="Error (8349), unable to process dvcp.apply_template_to_devices request from peer 127.0.0.1 (unable to validate configuration)" /> This issue does not appear to affect new templates created in v12.6 or higher.
Workaround/Solution
Open the template configuration.Select Subscription Services > WebBlocker > Configure.Click Global Settings. Click OKSave the template to the Management Server.Apply the template to the Firebox.
