Support Center > Search Results > SecureKnowledge Details
Policy installation fails with "Database conversion failed" when using an empty group in a NAT rule Technical Level
Symptoms
  • Policy installation on R76 / R77 Security Management Server fails with "Database conversion failed".

  • Policy Verification might fail with the following errors related to Application Control rulebase (refer to sk66042):

    • app_rulebase_read_rules: error getting '##<NAME_OF_POLICY>' set
    • gen_appi_rulebase_tables: error getting application rules set
    • Failed to load application rulebase
    • Failed to generate the rulebase
    • Operation ended with errors.
  • Debug of FWM daemon (per sk86186) during policy installation shows:

    Group doesn't have any members, impossible!
    ConverterIPv6Nat::CreateGroupWithoutIpv6
    Failed to create group without ipv6 objects
    ConverterIPv6Nat::ConvertObjForNatRule
    Failed to convert object in rule
    ConverterIPv6Nat::ConvertNatColumn
    ConverterIPv6Nat::RemoveIpv6ObjsFromNatRules
    Failed to remove ipv6 objects from NAT rules
    ConverterIPv6Nat::Convert
    
Cause

Starting in R76. new code was added to handle IPv6 traffic. This code assumes that it is not possible to have an empty group object in a NAT rule, disabled or not.


Solution
Note: To view this solution you need to Sign In .