Can't import the CSV file of the Socket Filter List

Document ID : KB000117992
Last Modified Date : 23/10/2018
Show Technical Document Details
Question:
When I try to import the some socket filter list records in the csv file, the message says it succeeded to import. However, some socket filter lists are not imported. 

Here is the background I encountered the problem. 
  • I imports a lot of socket filter list records by the import feature for example 1000 records. 
  • After that, I added 10 records to the csv file. Then, the csv file will have the 1010 records(1000+10). 
  • I did import the csv file. My expectation is the original 1000 records will be imported as the update, and new 10 records will be imported as new socket filter list records.
Answer:
It may cause the import feature's design.

It already has added, either manually or via a previous import, a socket filter list with name A. 
A contains one or more hosts. Then it tries to import a csv file that also contains a socket filter list with the same name A. Our code determines this is a duplicate and ignores that socket filter list. So any additional hosts in the csv file for a socket filter list already in PAM will be ignored. 

Why do we do it this way and why do we not import the additional records? Consider the following scenarios: 

PAM current configuration 
 
List Name IP Address Port 
A 1.2.3.4 80 
A 2.3.4.5 80 

csv file: 
A 1.2.3.4 80 
A 2.3.4.5 80 
A 3.4.5.6 80 

It would appear obvious to have the import simply add 3.4.5.6/80 to the socket filter list A. 

However, what if the PAM configuration stayed the same and the csv file ONLY contained: 
 
A 1.2.3.4 80 
A 3.4.5.6 80 

What should the import do in this case? Add 3.4.5.6/80 seems reasonable but what about 2.3.4.5/80? Should it remain in the configuration or be deleted? 

Then consider this set up: 

PAM current configuration 
 
List Name IP Address Port :
A 1.2.3.4 80 
A 1.2.3.4 83 

csv file: 
A 1.2.3.4 81 

What is the import supposed to do in this case? Add port 81 to 1.2.3.4 or replace 80 and 83 with 81? 

So in order to make the import as consistent as possible, the decision made was to search the csv file for NEW list names only and only import those from the csv file.