cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Policy installation failed after upgrade from R75.40 to R80.10

Hi mates,

I upgraded the checkpoint SMS of my customer (VM) from R75.40 to R80.10 with the advanced upgrade ( exporting and importing the DB).

On the New VM, the SIC is okay with all the Gateways but when I try to install the policy from the new SMS with the version R80.10 I am encoutering lot of errors,

Please take a look on the file attached, there are the errors of the policy installation,

May some one had this problem?

But when I checked the result of ./pre_upgrade_verifier -p $FWDIR -c R75.40 -t R80.10 on the source i get that:

Action items before upgrade:
================================


Warnings: It is recommended to resolve the following problems.
==============================================================


Title: Legacy Default Profiles are not supported
-----
* Description: The Database has Legacy Default Profiles.

They will be deleted:
Read_Only,
Read-Write


==============================================================
Action items after upgrade, before first installation:
==============================================================


Warnings: It is recommended to resolve the following problems.
==============================================================


Title: OPSEC was modified in R80.
-----
* Description: The Database includes one or more OPSEC applications.

Please check your OPSEC vendor documentation for the following applications:

OPSEC_QRadar

Thank you for the help,

Aymen,

5 Replies

Re: Policy installation failed after upgrade from R75.40 to R80.10

If you are encountering rule hiding errors during policy installation after the management upgrade to R80.10, that is not completely unexpected.  The policy verification code was tightened up significantly in R80+ management, and policies that passed verification in R77.30 and earlier may not necessarily pass under R80+ management.  Just a matter of going through your policy layers and resolving the conflicts like usual...

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos
Admin
Admin

Re: Policy installation failed after upgrade from R75.40 to R80.10

None of these errors in the pre_upgrade_verifier are related to your policy installation errors.

It would be helpful if you posted the actual errors you get during policy installation.

Like Tim Hall‌ said, the policy verification code has been tightened up in R80.10.

0 Kudos

Re: Policy installation failed after upgrade from R75.40 to R80.10

There is no errors  on the policy installation within the old SMS R75.40

I get those errors only on the R80.10  please see file attached and I still have the same error when I try to install the policy)

Here is the scrrenshot of the error

0 Kudos

Re: Policy installation failed after upgrade from R75.40 to R80.10

Force an update of your IPS signatures from the R80.10 SmartConsole.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
Highlighted

Re: Policy installation failed after upgrade from R75.40 to R80.10

Thank you Hall, that was a IPS signature  problem, after an update, the problem was solved.