cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

While installing the firewall policy (MDS on Gaia R80.10 and gateway on Gaia R77.30) I am getting below error : 
"Installation failed. Reason: Load on Module failed - failed to load Security Policy."
I tried to cpstop; cpstart but issue not resolved also when i reboot the firewall issue got resolved.

I do not want to reboot/ restart the services to resolve this issue.

When i have seen the cpd.elg file it give me below output:

Failed to Load Security Policy: Bad address

Followed sk33893->sk105708 but does not find any non-ASCII characters.

Can anyone help me how i can resolve this issue as reboot is not a solution.

6 Replies
Admin
Admin

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

There are several potential causes for this error documented here: 'Installation failed. Reason: Load on Module failed - failed to load security policy' erro... 

You may need to review multiple of these issues to find what is causing it.

The TAC should also be able to assist with this as well.

0 Kudos

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

On the gateway (not SMS) where the policy load is failing, try this command to find any non-ASCII characters in the compiled policy located on the gateway, it will highlight the offending characters if there are any:

file $FWDIR/state/local/FW1/* | grep "ASCII text" | cut -d: -f1 | xargs grep --color='auto' -P -n "[\x80-\xFF]"

Also have you seen this SK: sk103511: "Failed to Load Security Policy: Bad address" error on policy installation failure

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

I tried to run "file $FWDIR/state/local/FW1/* | grep "ASCII text" | cut -d: -f1 | xargs grep --color='auto' -P -n "[\x80-\xFF]" this script on problematic gateway but no output.

0 Kudos

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

All that means is that you don't have any non-ASCII characters in your compiled policy which can be one of the many causes of this issue. TAC will need to run a debug of the policy installation on the gateway to determine what problematic element of the compiled policy is aborting the load into the kernel.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Ivan_Moore
Nickel

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

We had this problem plague us after upgrading our MGMT to 80.10.  Came to find out it was the strings dictionary table filling up.  For us at least that was the issue.  I think that somehow things got horked up with the upgrade and the entries were no longer lining up.  I would check that and see if it is your problem.  

fw -i 0 tab -t string_dictionary_table -s

fw -i 0 tab -t string_dictionary_table | grep limit

0 Kudos

Re: Installation failed on one of Active gateway: Failed - Installation failed. Reason: Load on Module failed - failed to load Security Policy.

[Expert@Hostname:0]# fw -i 0 tab -t string_dictionary_table -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost string_dictionary_table 8135 64191 64191 64191
[Expert@Hostname:0]# fw -i 0 tab -t string_dictionary_table | grep limit
dynamic, id 8135, attributes: keep level 2, expires never, , hashsize 128, limit 65536

Looks like limit is 65536 and current & peak value are 64191. Can you put some light based upon output.

0 Kudos