https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86856#M3652 <P>The policy is pushed when the autoconf.clish script runs. Nevertheless it creates a log file with this error message.</P><P>If I apply the configuration in clish I don't receive any error message.</P> Sun, 31 May 2020 10:22:11 GMT Antonio_Martins 2020-05-31T10:22:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86420#M3636 <DIV class="lia-message-body lia-component-message-view-widget-body lia-component-body-signature-highlight-escalation lia-component-message-view-widget-body-signature-highlight-escalation"><DIV class="lia-message-body-content"><P>Hi CheckMates,</P><P>Everytime I use autoconf.clish to load the policy I receive this kind of errors:</P><P>_________________________________________________________________________________</P><P>Installing Security Policy...</P><P>sfw_make_policy_id: Warning: returning a dummy policy ID.</P><P>[ 17610 1999798272]@GW000[21 May 17:44:16]</P><P>sfw_load: Error loading security policy</P><P><BR />Error loading policy.</P><P>sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1</P><P>Unable to install the Security Policy on the appliance</P><P>line 36: Autoconfiguration CLI script failed, clish return code = 1</P><P>_________________________________________________________________________________<BR />Strangely the policy is fetched!</P><P>What can be wrong here?</P></DIV></DIV> Wed, 27 May 2020 00:44:08 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86420#M3636 Antonio_Martins 2020-05-27T00:44:08Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86754#M3650 If you execute the precise command you've specified above in expert mode, does it work? Fri, 29 May 2020 19:26:30 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86754#M3650 PhoneBoy 2020-05-29T19:26:30Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86856#M3652 <P>The policy is pushed when the autoconf.clish script runs. Nevertheless it creates a log file with this error message.</P><P>If I apply the configuration in clish I don't receive any error message.</P> Sun, 31 May 2020 10:22:11 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/86856#M3652 Antonio_Martins 2020-05-31T10:22:11Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87137#M3658 <P>I have often used&nbsp;autoconf.clish to configure IPs, Networks and WLAN, but these basic config never did push a security policy (as i did not define one in there). My questions:</P> <P>- in which state of the box&nbsp;autoconf.clish is run (completely reset?)</P> <P>- is it locally or centrally managed ?</P> Wed, 03 Jun 2020 07:35:41 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87137#M3658 G_W_Albrecht 2020-06-03T07:35:41Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87146#M3660 <P>Yes, the gateway configuration was reverted to factory defaults before test.</P><P>The purpose is to automatically register it in Management Server (centrally managed).</P><P>I'm using this three commands at the end of the autoconf.clish:</P><P>&nbsp;</P><P>set sic_init password &lt;sic pass&gt;<BR />fetch certificate mgmt-ipv4-address &lt;mgmt server ip&gt; gateway-name &lt;gateway name&gt;<BR />fetch policy mgmt-ipv4-address &lt;mgmt server ip&gt;</P><P>&nbsp;</P><P>The script is working as the gateway is able to obtain the policy. I'm just curious about the error message.</P><P>&nbsp;</P> Wed, 03 Jun 2020 08:12:33 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87146#M3660 Antonio_Martins 2020-06-03T08:12:33Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87152#M3661 <P>You are using clish commands, but these are calling others like:</P> <TABLE class="tableintopic" border="0" width="636" cellspacing="0" cellpadding="2"> <TBODY> <TR align="left" valign="top"> <TD width="221"> <P class="tablebodytext"><CODE class="monospace">fw fetch</CODE></P> </TD> <TD width="415"> <P class="tablebodytext">Fetch last policy</P> </TD> </TR> <TR align="left" valign="top"> <TD width="221"> <P class="tablebodytext"><CODE class="monospace">fw fetchdefault [-h]</CODE></P> </TD> <TD width="415"> <P class="tablebodytext">Fetch default policy</P> </TD> </TR> <TR align="left" valign="top"> <TD width="221"> <P class="tablebodytext"><CODE class="monospace">fw fetchlocal [-h]</CODE></P> </TD> <TD width="415"> <P class="tablebodytext">Fetch local policy</P> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>In Managed GWs, the GW will after reboot read both local policy and current policy from SMS; if they are the same, local copy will be installed, otherwise, fetched policy will be installed. Maybe when fetching policy from SMS, the unit found that the local policy is missing and issues an error - understandable after a reset to factory...</P> Wed, 03 Jun 2020 08:42:33 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Pushing-Security-Policy-using-autoconf-clish-error/m-p/87152#M3661 G_W_Albrecht 2020-06-03T08:42:33Z