apply - Apply new settings
[1] apply [check | force | report | cancel]
When you use different commands to configure the system (or submit settings using the GUI) new settings are not immediately applied to the the running system but only program the system for a future new configuration considered as a whole. Most commands display both the running (current) and the new (net yet applied) configuration and the whole configuration can be displayed using the conf command.
To take effect, a new configuration should be applied to the system using the apply command. In the other hand the apply command replace the running configuration with the new configuration. The apply operation runs in background and as far as possible during its execution other commands and operations can be executed in parallel. If you modify the new configuration during the apply operation, there are chances that your new configuration would be taken into account. You can use the conf diff command after the termination of the apply operation to display differences between the running and the new configuration.
Before being applied to the system, the apply command verifies the integrity of the new configuration as a whole to make sure that all new parameters are both consistent. After this step and if all goes well, the user is invited to confirm the apply operation. The optional argument force allows you to bypass this confirmation step. If the optional check keyword is used, the operation finishes after the integrity checks and possibly integrity errors are displayed. The optional report keyword allows you to display a system report on the last apply command.
Finally it is possible to cancel (or abort) a running apply operation and get the previous configuration before launching the apply command. To cancel the current running apply operation, use the cancel keyword. However, please note that the apply of the following settings can’t be cancelled: settings that depend on the content of external files (for instance custom WAF rules), generated SSL certificates and administrators passwords. Note that some sub-operations attached to the apply program cannot be cancelled immediately. CAUTION: aborting some operations such as downloading the antivirus signatures may let the system in an inconsistent state. That’s why the cancellation of an apply operation should always be followed by a new apply operation.
Please note that:
• You have to wait for the termination of other asynchronous commands before running the apply command.
• If you load a backup file (see the system command) to restore a system and at the same time you manually modify the new configuration using the CLI (or the GUI), the new configuration included in the backup file erases the manually modified new configuration.
The apply report (mentioned above) may produce some additional runtime errors in different contexts. Meaningful runtime errors are as follows:
[ Antivirus signature base update context ]:
• Error 58: can’t read databases from remote servers.
• Error 59: mirrors are not fully synchronized (try again later).
• Error 101-109: can’t resolve remote servers names.
[ Antivirus extended signature index update context ]:
• Error 6: couldn’t resolve host. The given remote host was not resolved.
• Error 7: failed to connect to host.
• Error 28: operation timeout. The specified timeout period was reached according to the conditions.
• Error 67: the user name, password, or similar was not accepted and the client failed to log in.
• Error 68: file not found on file server.
• Error 78: the resource referenced in the URL does not exist.
• Error 101: the index file signature verification failed.
[ Antivirus white list integration context ]:
• Error 11: can’t compile the antivirus white list.
• Error 13: can’t integrate the antivirus white list.
• Error 15: can’t reload the antivirus DB files.
[ Appliance and license registration context ]:
• Error 2: failed to initialize.
• Error 6: couldn’t resolve host. The given remote host was not resolved.
• Error 7: failed to connect to host.
• Error 22: HTTP page not retrieved. The requested url was not found or returned another error with the HTTP error code being 400 or above.
• Error 26: read error. Various reading problems.
• Error 27: out of memory. A memory allocation request failed.
• Error 28: operation timeout. The specified timeout period was reached according to the conditions.
• Error 33: HTTP range error. The range "command" didn’t work.
• Error 34: HTTP post error. Internal post-request generation error.
• Error 35: SSL connect error. The SSL handshaking failed.
• Error 42: aborted by callback. An application told to abort the operation.
• Error 47: too many redirects. Hit the maximum amount when following redirects.
• Error 51: the peer’s SSL certificate or SSH MD5 fingerprint was not ok.
• Error 52: the service service didn’t reply anything, which here is considered an error.
• Error 53: SSL cryptographic engine not found.
• Error 54: cannot set SSL cryptographic engine as default.
• Error 55: failed sending network data.
• Error 56: failure in receiving network data.
• Error 58: problem with the local certificate.
• Error 59: couldn’t use specified SSL cipher.
• Error 60: peer certificate cannot be authenticated with known CA certificates.
• Error 61: unrecognised transfer encoding.
• Error 65: sending the data requires a rewind that failed.
• Error 66: failed to initialise SSL Engine.
• Error 75: character conversion failed.
• Error 76: character conversion functions required.
• Error 78: the resource referenced in the URL does not exist.
• Error 80: failed to shut down the SSL connection.
• Error 83: issuer check failed.
• Error 100: the registration service returned a non digit value code.
• Error 111-140: the appliance has sent an illegal appliance registration request.
• Error 141-143: an invalid email address has been used to register the appliance.
• Error 171-175: the appliance registration service is unavailable at this moment.
• Error 181: the appliance registration service returned an unknown state.
• Error 183: the transmitted OTP is not valid.
• Error 185: the OTP is transmitted by an IP address which is not allowed to register this appliance.
• Error 187: the appliance has never been registered.
• Error 189: an invalid passphrase has been transmitted by an already registered appliance.
• Error 191: the appliance has been already registered.
• Error 199: the appliance registration service returned an unknown code.
• Error 201-205: the registration service returned non conform values.
• Error 209: can’t add the S/N account.
• Error 211-227: the appliance has sent an unauthorized license registration request.
• Error 241-245: the license registration service is unavailable.
• Error 251: can’t register a license key for an unregistered appliance.
• Error 253: the appliance can’t be authenticated.
• Error 255: the license key is not intended to be install on this appliance for capacity incompatibility reasons.
• Error 257: the license key is revoked.
• Error 259: the license key has been already registered for another appliance.
• Error 261: can’t register the license key because no subscription exists for it.
• Error 265: the subscription associated to the license key has been canceled.
• Error 267: the subscription associated to the license key has been disabled.
• Error 268: the subscription associated to the license is pending.
• Error 269-289: errors due to registration service unavailability.
• Error 300: the registration service returned an unknown state value.
[ Checking the RAM capacity ]:
• Error 1: the RAM capacity of the appliance is not enough to simultaneously activate all configured features. This error is encountered because either some warnings have been ignored during the OS installation or the RAM capacity of the appliance has been reduced after the installation. To avoid this error you can either deactivate some RAM consuming features (like the caching, antivirus or compression) or upgrade the RAM capacity of your appliance. Also if you encounter this error because you activated the caching mode, you have the possibility to reinstall the OS and reduce the HDD capacity usage during the installation.
[ Custom WAF rules compilation context ]:
• Error 10: the maximum number of WAF rules per reverse website has been reached during a WAF rule compilation. In case the maximum number is reached, the compilation stops and rules limited to that maximum number are applied. Please note that this error should not occur in normal situation as the maximum number of WAF rules is verified during the WAF rules loading (see the command waf).
[ License key checking context ]:
• Error 11: the appliance is not yet registered and therefore does not have a S/N.
• Error 13: the specified license key is not valid.
[ SSL Mediation exceptions list compiling context]:
• Error 11: can’t convert the domain name list to dump format.
• Error 13: can’t convert the domain name list to db format.
• Error 15: can’t dump a URL list in db format.
• Error 17: can’t convert a URL list from dump format to db format.
• Error 19: can’t convert an exceptions list form db format to a flat format.
• Error 21: can’t remove subdomains from the exceptions list.
[ System restore operation context ]:
• Error 11-21: backup file corrupted.
• Error 23-25: can’t restore the loaded backup file on the present system because the OS version of the backup differs from the OS version of the present system.
• Error 27: can’t restore the loaded backup file because the backup has been been made on a machine that its hardware configurations and/or OS installation parameters differ from the present system.
[ System patch version matching context ]:
• Error 11-13: internal error during version matching verification.
• Error 15: the patch is not adequate.
[ System patch unpacking context ]:
• Error 11: the patch is not in a compressed format.
• Error 21: the patch is not in an archive format.
• Error 27: patch signature verification failed.
• Error 41: CPU architecture mismatch.
[ System patch applying context ]:
• Error 11: internal error in pre installation program.
• Error 13: internal error during patched component installation.
• Error 15: internal error in post installation program.
[ System patch machine retuning context ]:
• Error 1-255: these unexpected errors leave the appliance in an inconsistent state and you should re-install the OS using the the installation media.
[ TLS components loading context ]:
• Error 11: can’t add the signed certificate to the certificates index file.
• Error 13: can’t extract the certificate information from the loaded certificate.
• Error 15: can’t generate the certificate configuration file for the loaded TLS component file(s).
• Error 17: can’t remove the certificate from the certificates index to update the certificate.
• Error 61: can’t install the certificate information file.
• Error 63: can’t install the certificate configuration file.
• Error 65: can’t install the private key file.
• Error 67: can’t install the certificate file.
• Error 101: can’t generate the configuration file for the loaded CSR file.
• Error 103: can’t remove the certificate from the certificates index to sign the generated certificate.
• Error 105: can’t update the certificates index to generate the signed certificate with the system’s CA certificate.
• Error 107: can’t generate the signed certificate with the system’s CA certificate.
• Error 109: can’t install the generated signed certificate.
• Error 111: can’t install the CSR file.
[ System’s CA components loading context ]:
• Error 21: can’t generate the CA certificate information file.
• Error 31: can’t convert a root CA certificate from PEM format to DER format.
• Error 61: can’t install the CA certificate information file.
• Error 65: can’t install the private key file.
• Error 67: can’t install the CA certificate file in PEM format.
• Error 69: can’t link the CA certificate file for hashing.
• Error 71: can’t install the CA certificate file in DER format.
[ TLS server component generation context ]:
• Error 11: can’t generate the certificate configuration file.
• Error 13: can’t generate the private key.
• Error 15: can’t generate the CSR for the certificate configuration.
• Error 17: can’t remove the certificate from the certificates index.
• Error 19: can’t update the certificates index to sign the server certificate with the system’s CA certificate.
• Error 21: can’t generate and/or sign a certificate with the system’s CA certificate.
• Error 23: can’t update the certificate reference.
• Error 61: can’t install the server certificate information file.
• Error 63: can’t install the server certificate configuration file.
• Error 65: can’t install the private key file.
• Error 67: can’t install the server certificate file.
• Error 69: can’t install the server CSR file.
[ System’s CA components generation context ]:
• Error 11: can’t generate the CA configuration file.
• Error 13: can’t generate the private key for the system’s CA certificate.
• Error 15: can’t generate CA certificate.
• Error 17: can’t convert the CA public certificate from PEM format to DER format.
• Error 19: can’t link the CA certificate file for hashing.
• Error 21: can’t initialise the certificates index.
• Error 61: can’t install the CA certificate information file.
• Error 63: can’t install the CA certificate configuration file.
• Error 65: can’t install the private key file.
• Error 67: can’t install the CA certificate file in PEM format.
• Error 69: can’t install the CA certificate file in DER format.
[ Third party CA certificate loading context ]:
• Error 13: can’t install the third party CA certificate file.
[ Client certificates generation context ]:
• Error 11: can’t generate the client certificate configuration file.
• Error 13: can’t generate the client private key.
• Error 15: can’t generate the client certificate.
• Error 17: can’t remove the client certificate from the certificates index.
• Error 19: can’t update the certificates index to sign the client certificate with the system’s CA certificate.
• Error 21: can’t sign the client certificate with the system’s CA certificate.
• Error 23: can’t generate the PKCS12 client certificate bundle.
• Error 25: can’t base64 encode the PKCS12 client certificate bundle.
• Error 27: can’t install generated TLS components (private key, certificate...).
[ URL list building/updating context ]:
• Error 7: url list signature verification failed.
• Error 9: the url list is not in a gzip compressed format.
• Error 13: can’t uncompress the url list.
• Error 15: the uncompressed url list is not an ASCII file.
• Error 17: can’t create the new url list.
• Error 19: url list update failed because it has never been created before.
• Error 21: can’t apply the url list update.
In case where the new configuration to apply requires a DNS server restart, some name resolutions may fail during the apply operation. In this case you should wait for the apply operation end and run the apply command again.
cancel (1) conf (1) system (1)
CacheGuard Technologies Ltd <www.cacheguard.com>
Send bug reports or comments to the above author.
Copyright (C) 2009-2024 CacheGuard - All rights reserved