Solved

Cannot enable CoPilot Security Group Management

  • 28 June 2023
  • 4 replies
  • 80 views
Bigo
Userlevel 2
Badge +4
  • Bigo
  • Second Officer
  • 13 replies

Following the CoPilot startup guide, I’m trying to enable the feature “CoPilot Security Group Management” from the Controller, but I got the following error:

Add rule for [] failed:

How can I enable this feature?

 

Controller version: UserConnect-7.1.1710

CoPilot version: v3.13.0 | Appliance v3

Both Controller and CoPilot are deployed in the same Azure VNET, in different subnets

icon

Best answer by Josh 28 June 2023, 22:59

View original

4 replies

J

Hey Bigo! 

I would reccommend checking to make sure that the license for Distributed Firewalling is enabled in CoPilot

You can do this by going to 

 

Settings > Configuration > License 

 

If it is enabled it will look like this:
 


Once it is enabled if you navigate to Security > Distributed Firewalling > Settings
 


you can manage Security Group Orchestration from here. Any Policies you create in your rules section that are applicable will be pushed down to your security groups at that time. 

If you continue running into issues though please don’t hesitate to reach out to our Support Team! 

https://support.aviatrix.com/ is a great resource for getting guidance on any issues you run into!

 

Thanks, ​​​​​​​

 

Josh

Bigo
Userlevel 2
Badge +4

Hi @Josh 

I confirm the license for Distributed Firewalling is enabled in CoPilot.

However I thought that is a differetn feature with respect to the one I was trying to enable. I thought “CoPilot Security Group Management” could be used to “automatically add rules for new gateways to contact CoPilot”. Is my understanding wrong?

By the way, after

  1. changing the CoPilot service account to be the same as the one used for login into CoPilot
  2. switching on a similar feature under CoPilot > Settings > Configuration > Controller Security Group Management 
  3. trying to save again the setting under Controller  > Settings > CoPilot > CoPilot Security Group Management

     

The error disappeared, and I was able to save it.

B
Badge +1

Hey Bigo,

You’re right that CoPilot Security Group management works with security group settings for CoPilot itself.

I’ve received this error myself and upon checking with engineering it was found that we changed the way that this feature works, and in doing so there is a bug where you get this error if you enable the feature when there are no gateways deployed yet.

Did you get this error when you had not deployed gateways yet?

UPDATE: The bug fix is in 7.1.1804 which has not been released for GA yet. Should be soon.

Bigo
Userlevel 2
Badge +4

Hey Bigo,

You’re right that CoPilot Security Group management works with security group settings for CoPilot itself.

I’ve received this error myself and upon checking with engineering it was found that we changed the way that this feature works, and in doing so there is a bug where you get this error if you enable the feature when there are no gateways deployed yet.

Did you get this error when you had not deployed gateways yet?

UPDATE: The bug fix is in 7.1.1804 which has not been released for GA yet. Should be soon.

Thanks for the feedback, I’m not 100% sure, but it is very likely that I tried before creating a Gateway, so the reason should be the bug you found.

Once the correction will be released, I should upgrade Copilot? Or even the controller? 

Reply


Terms & Conditions