- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
"The OVF package is invalid and cannot be deployed" error when deploying the WAF OVA
12/20/2019 
17 People found this article helpful
35,983 Views
Description
NOTE: ESXi server versions before 6.5.0 do not support OVF/OVA files with a SHA256 hash.
VMware provides a tool to convert the OVA to SHA1 and allow installation on these older ESXi systems.
The failure is indicated with an error pop up: "The OVF package is invalid and cannot be deployed"
"The following manifest file entry (line 1) is invalid: SHA256(SonicWall_WAF_2_0.0.0-17waf.ova)=..."
Cause
This OVA was released with a SHA256 hash. This is the current standard practice for all applications.
NOTE: The 6.0.0 and 5.5.0 versions of ESXi do not support SHA256 and require the OVA to be hashed with SHA1.
Resolution
Convert the SHA256 OVA to a SHA1 hashed OVA.
VMware upgraded the default hash algorithm to SHA256 for OVA generation. The older vSphere/ESXi clients only support the SHA1 hash.
The conversion is documented in a KB article from VMware: https://kb.vmware.com/s/article/2151537.
To download OVF Tool, please visit:Open Virtualization Format Tool.When installed on a Windows machine the ovftool.exe is not added to the path so it needs to be executed in the directory where it is installed.
NOTE: The above link, to download ovftool.exe, is on a VMware company web page. It may change. If the link becomes broken, navigate to VMware site (https://www.vmware.com/)and search for ovftool to download .)
EXAMPLE:The process to convert an OVA to SHA1 for compatibility with the 6.0 and 5.5 vSphere or ESXi systems:
Open a CMD window (as administrator)
cd C:\Program Files\VMware\VMware OVF Tool
ovftool.exe --shaAlgorithm=SHA1 C:\Users\username\Downloads\SonicWall_WAF_2_0.0.0-17waf.ova C:\Users\username\Downloads\SonicWall_WAF_2_0.0.0-17waf-SHA1.ova
Related Articles
- How to enable and configure NTP?
- Cannot edit App Control Signatures, "Error: property 'value' can't be empty value"
- SSL-VPN 2FA: How to unbind TOTP for a single user or multiple users
YES
NO