If a compatibility issue is found between the device's blacklist and whitelist during the pre-upgrade check, the incompatible entries will be displayed in the Recommendation tooltip next to Installed in the Status column.

Error Detection and Fixing in the Frontend (Customer-Operable)

To fix the compatibility issue of the blacklist and whitelist, go to SOC > Blacklist/Whitelist > Whitelist.

Find the incompatible whitelist entries displayed in the Recommendation tooltip. If they are no longer needed for business, delete them. If they are still needed, disable them, upgrade the device, and then enable them again.

Configuration Query in the Backend

Prerequisites:

If the customer does not want to delete the incompatible whitelist entries and wants to disable them, and then enable them after the upgrade. If these entries cannot be disabled in the frontend, contact the service provider or Sangfor technical support to perform the following operations.

1. Run the following command to query all blacklist and whitelist entries: rw_cc -f /sfos/system/schema/config/afplatform/config.whiteblacklist.schema -q -s cfg.whiteblacklists -p $

2. Run the following command to query whether incompatible entries exist: rw_cc -f /sfos/system/schema/config/afplatform/config.whiteblacklist.schema -q -s cfg.whiteblacklists -p '$[?(@.url == "10.10.10.10/24")]' (Replace 10.10.10.10/24 in the command with the incompatible entries displayed in the Recommendation tooltip.)

3. If the query result in step 2 is not empty ([]), run the following command to change the value of the "enable" field to false: rw_cc -f /sfos/system/schema/config/afplatform/config.whiteblacklist.schema -m -s cfg.whiteblacklists -p '$[?(@.url~"10.10.10.10/24")][0]' -rs cfg.whiteblacklist -j '{"enable":false}' (Replace 10.10.10.10/24 in the command with the incompatible entries displayed in the Recommendation tooltip.)