cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server', Failed to convert web security parameters in asm.C, internal error occurred during the verification process, Policy verification failed after R77.30 db export and import into R80.10?

The issue is specific to the IPS SQL Injection protection and policy successfully pushes if this protection is inactivated but we would like to continue to use this protection.

Screenshot of the specific error attached.

Support is assisting and opening a case with R&D but wondering if others have encountered and hopefully even resolved this issue? This appears to be the only post-upgrade issue but it is preventing us from moving to the R80.10 management server.

Any and all assistance is appreciated.

0 Kudos
5 Replies

Re: Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Long shot, especially if you're already escalated to level 3 - but have you looked at your rulebase order to make sure any rules using legacy application layer servers (like the HTTP security server) come *before* any rules that use the new application control and protocol inspection stuff?

0 Kudos
Highlighted

Re: Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

It looks like the error and issue is strictly related to the SQL Injection IPS protection. If I disable this protection, I can successfully push policy, however, we want to be able to utilize the SQL Injection protection.

0 Kudos

Re: Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Hi guys, a mid-way update on this issue - was an internal error with the policy installation engine. This does not relate to any kind of user misconfiguration. Aaron will be notified once a fix + SK arrive.

Re: Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Good deal.  Please let us know when the SK is up.  I'd like to check in with my customers on this one.  Kind of surprised we didn't trip over this already. 

Re: Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Hi guys, the decision was that each time such thing happens, you would have to contact Check Point Support. The problem was an internal error with the policy installation engine, and that error does not currently repeat for other customers.