Veeam Hardened Repository (Linux): wrong active zone name on firewall-cmd query

[Parnassus]

Hi all, an annoying error on /var/log/VeeamBackup/VeeamEnvironmentSvc.log (on a Linux Veeam Hardened Repository based on SLES 15 SP6) during recurring Firewall's port queries (Queries invoked in order to assess if a particular port - e.g. the 2506/tcp - is opened or not on the Guest OS firewall).

As far as I can see, a child process (FirewallInvoker) after invoking in sequence:

firewall-cmd --get-default-zone --> output is: public
firewall-cmd --get-active-zone ---> output is: public (default)

then invokes this firewall-cmd command (using the latter ouput) against the active zone's name it previously gathered:

firewall-cmd --zone=public (default) --query-port=2506/tcp

and the above, since a zone with a "public (default)" name doesn't exist (but a zone with the sole "public" name does instead), clearly generates a good "Invoke result: 112 Error: INVALID_ZONE: public (default)" error (two queries every three minutes at least).

OTOH a journalctl -f --unit=firewalld.service reports - about every 3 minutes - a pair of (example) these log lines:

Mar 24 16:40:24 vault firewalld[2020]: ERROR: INVALID_ZONE: public (default)
Mar 24 16:40:26 vault firewalld[2020]: ERROR: INVALID_ZONE: public (default)

not particularly nice to see.

Not sure about when this behaviour really popped up, I can only say that I'm observing it just after the Veeam B&R Server update to 12.3.1.1139 from 12.3.0.310 done today.

Cheers, Davide.

[HannesK]

Hello,
that sounds like an issue. Do you have a Veeam support case number with full logs so that we can verify it?

If not, can you please open a case, attach the logs and let me know the case number?

thanks,
Hannes