George可曾看過support center中有相關的kb參考嗎？

這個問題會發生在很多版本上，正確的說，這個訊息只是一個 normal message，而發生的原因，就要逐一拆解才有機會知道是什麼狀況了。

ps. normal message 的意思是如同 debug vpn 時，常常會看到 invalid sa 的訊息一樣，但實際並不會一定 sa 有誤造成的。

可以參考 Policy installation fails with "Load on module failed - no memory" error

之前幾次的經驗是：

• Gateway 硬碟空間不足
• Policy Rule name 欄位用到中文字。(comment可以是中文，section title也可以是中文，就是 Rule name 不行)
• 此次的 log uuid 問題。(fw tab 中要增加 string dictionary 來做 log uuid 的對應)
• 不可考原因。(reboot 就解了)

但是，Disable log rulebase uuid之后，好像rulebase中的hit count的就不能用了？

之前我们也是碰到中文字的问题，显示这个message。

感謝 Dawei Ye 兄的回報，確實，我剛上系統看了一下，disable uid 後的 install policy 確實造成 hit count 無法更新了，我來研究一下二全齊美的方法。

剛在找 rulebase_uid_in_log 與 string_dictionary_table 時，看到 (sk101875) 有寫到：

This error can also be corrected by:

• Updating the SmartDefense / IPS signatures.
  
  
• Removing the non-ASCII character(s) such as "à" or "Ö" from the rule name and re-installing the security policy (refer to sk105708 - How to check Check Point objects and rules for non-ASCII characters).

• Make sure to remove the long hyphen character ' ? ' as well from rule names and/or comments , which is created automatically by Microsoft Word.

• To verify whether the problem is caused by the non-ASCII (international) character, follow these steps:

  1. On a Security Gateway, run: fw ctl zdebug filter > /var/log/debug.txt.
  2. Install the security policy in SmartDashboard.
  3. Analyze the /var/log/debug.txt file.

  If this error is indeed caused by the non-ASCII (international) character, the the following message will appear in the output file:
  fw_rules_uid_handle_uid: couldn't allocate dictionary string id for rule no. <N>

今天用以下這篇治好公司80.10的hit count問題:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 心得:

1.uid不能亡

2.Clear console cache

3.到80.10還是會,超靠悲

你才靠悲，你全家都靠悲