Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Manoj_Kumar3
Participant
Jump to solution

Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

While installing the firewall policy (MDS on Gaia R80.10 and gateway on Gaia R77.30) I am getting below error : 
"Installation failed. Reason: Load on Module failed - failed to load Security Policy."
I tried to cpstop; cpstart but issue not resolved also when i reboot the firewall issue got resolved.

I do not want to reboot/ restart the services to resolve this issue.

When i have seen the cpd.elg file it give me below output:

Failed to Load Security Policy: Bad address

Followed sk33893->sk105708 but does not find any non-ASCII characters.

Can anyone help me how i can resolve this issue as reboot is not a solution.

1 Solution

Accepted Solutions
Ivan_Moore
Contributor

We had this problem plague us after upgrading our MGMT to 80.10.  Came to find out it was the strings dictionary table filling up.  For us at least that was the issue.  I think that somehow things got horked up with the upgrade and the entries were no longer lining up.  I would check that and see if it is your problem.  

fw -i 0 tab -t string_dictionary_table -s

fw -i 0 tab -t string_dictionary_table | grep limit

View solution in original post

6 Replies
PhoneBoy
Admin
Admin

There are several potential causes for this error documented here: 'Installation failed. Reason: Load on Module failed - failed to load security policy' erro... 

You may need to review multiple of these issues to find what is causing it.

The TAC should also be able to assist with this as well.

0 Kudos
Timothy_Hall
Champion
Champion

On the gateway (not SMS) where the policy load is failing, try this command to find any non-ASCII characters in the compiled policy located on the gateway, it will highlight the offending characters if there are any:

file $FWDIR/state/local/FW1/* | grep "ASCII text" | cut -d: -f1 | xargs grep --color='auto' -P -n "[\x80-\xFF]"

Also have you seen this SK: sk103511: "Failed to Load Security Policy: Bad address" error on policy installation failure

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Manoj_Kumar3
Participant

I tried to run "file $FWDIR/state/local/FW1/* | grep "ASCII text" | cut -d: -f1 | xargs grep --color='auto' -P -n "[\x80-\xFF]" this script on problematic gateway but no output.

0 Kudos
Timothy_Hall
Champion
Champion

All that means is that you don't have any non-ASCII characters in your compiled policy which can be one of the many causes of this issue. TAC will need to run a debug of the policy installation on the gateway to determine what problematic element of the compiled policy is aborting the load into the kernel.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Ivan_Moore
Contributor

We had this problem plague us after upgrading our MGMT to 80.10.  Came to find out it was the strings dictionary table filling up.  For us at least that was the issue.  I think that somehow things got horked up with the upgrade and the entries were no longer lining up.  I would check that and see if it is your problem.  

fw -i 0 tab -t string_dictionary_table -s

fw -i 0 tab -t string_dictionary_table | grep limit

Manoj_Kumar3
Participant

[Expert@Hostname:0]# fw -i 0 tab -t string_dictionary_table -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost string_dictionary_table 8135 64191 64191 64191
[Expert@Hostname:0]# fw -i 0 tab -t string_dictionary_table | grep limit
dynamic, id 8135, attributes: keep level 2, expires never, , hashsize 128, limit 65536

Looks like limit is 65536 and current & peak value are 64191. Can you put some light based upon output.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events