Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Checkpoint Policy Installation failed on gateway. Error code: 0-2000240

Device Information

Appliance: CheckPoint 2200

OS: Gaia

Version R80.30

Type: Standalone gateway

 

Current Utilization: CPU= 3%; Memory 88%

 

Problem

When installing policy from Smart Console, I either got the following error and failed

  • Checkpoint Policy Installation failed on gateway. Error code: 0-2000240
  • Installation failed. Reason: Policy install commit function was unsuccessful due to timeout
  • Policy installation failed on gateway. If the problem persists contact Check Point support (Error code:0-2000108)

 

Appreciate your help in giving possible root cause.

0 Kudos
5 Replies
Highlighted

The 2200 is a box with very limited CPU and memory, what does output of these commands show:

free -m

enabled_blades

netstat -ni

The policy installation failure is probably caused by lack of free memory on the 2200 causing the commit/atomic load to fail.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Copper

hi @Timothy,

thanks for the feedback. see below

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.04.27 20:51:59 =~=~=~=~=~=~=~=~=~=~=~=
expert
Enter expert password:


Warning! All configurations should be done through clish
You are in expert mode now.

]0;admin@fw-csg-mid-J-HQ:~[Expert@fw-HQ:0]# free -m
total used free shared buffers cached
Mem: 1868 1856 11 0 5 187
-/+ buffers/cache: 1663 204
Swap: 4094 736 3358
]0;admin@fw-HQ:~[Expert@fw-HQ:0]# enabled_blades
fw vpn urlf av appi ips identityServer anti_bot vpn
]0;admin@fw-HQ:~[Expert@fw-HQ:0]# netstat -ni
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
Mgmt 1500 0 0 0 0 0 0 0 0 0 BMU
Mgmt:1 1500 0 - no statistics available - BMU
bond0 1500 0 15532130 0 238 0 14806305 0 0 0 BMmRU
bond0.2 1500 0 10825280 0 0 0 10394955 0 0 0 BMmRU
bond0.3 1500 0 2678458 0 0 0 2995841 0 0 0 BMmRU
bond0.4 1500 0 0 0 0 0 113022 0 0 0 BMmRU
bond0.5 1500 0 87150 0 0 0 334849 0 0 0 BMmRU
bond0.6 1500 0 898888 0 0 0 275932 0 0 0 BMmRU
bond0.8 1500 0 693274 0 0 0 691700 0 0 0 BMmRU
eth1 1500 0 24118473 0 62753 0 21087016 0 0 0 BMRU
eth3 1500 0 349078 0 0 0 0 0 0 0 BMsRU
eth4 1500 0 15183052 0 238 0 14806305 0 0 0 BMsRU
lo 16436 0 762450 0 0 0 762450 0 0 0 LRU
]0;admin@fw-HQ:~[Expert@fw-HQ:0]# fw ver
This is Check Point's software version R80.30 - Build 078
]0;admin@fw-HQ:~[Expert@fw-HQ:0]# exit
exit
fw-HQ> exit
0 Kudos
Highlighted

Yeah as I suspected, way short on memory for what you are asking the box to do.  You are 736MB into swap on a box that only has 2GB of RAM.  More RAM will help a lot, although the 2200's are not "officially" upgradeable as far as memory if you get my drift.  If you can't push policy, reboot the box to free up some memory and try again.  Not an ideal solution, but when the box is that far oversubscribed for memory there is not much you can do other than disabling features and occasional reboots.

A 3200 appliance is the recommended replacement...

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Copper

Upgrading is not an option at the moment. Stick on the current setup 🙂

Disabling some blades could help?
0 Kudos
Highlighted

Yes, try disabling IPS first and see how that impacts memory usage after a reboot.  Then perhaps AV.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos