Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

install policy FAILED help!

I have the most unhelpful error message of all time - can anyone help me ?

 

I'm trying to push access policy . everything was working last time i checked which was a few days ago. now this.

 

If the problem persists contact Check Point support (Error code: 0-2000173-0)

 

MDS is running 80.40

 

gateway is running 80.20

0 Kudos
5 Replies
Highlighted

What is the rest of the message? The text 'If the problem persists' also implicates there is more information above this message.
Regards, Maarten
0 Kudos
Highlighted

Almost certainly a policy commit failure on the gateway, which provides practically zero information about the failure back to the SMS/SmartConsole.  Usually this is due to a memory shortage on an overloaded gateway and sometimes a reboot will fix it.  In other cases it is an error in the compiled policy that the SMS did not catch, see here for further reading:

sk33893: 'Installation failed. Reason: Load on Module failed - failed to load security policy' error...

sk101875: Policy installation fails with "Load on module failed - no memory" error

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted

Still having same issue

Here is the error i get when i try and fetch the policy from the gateway side of things.

[Expert@FW01]# fw fetch
Fetching Security Policy from '#.#.#.#'

Fetching Security Policy Succeeded.

Installing Security Policy...

Error loading policy.

Error: Failed to run policy installation wrapper.
sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1
Unable to install the Security Policy on the appliance
0 Kudos
Highlighted
Employee++
Employee++

Hi 

I suggest opened a ticket with TAC but in the meantime:

Is the Security Gateway a Small Office Appliance?

Can you run the following command and send me the output:

fw -d fetchlocal -d /opt/CPsuite-R81/fw1/state/__tmp/FW1/

 

Thanks

Tal

tfridman@checkpoint.com

0 Kudos
Highlighted

sent, thanks ,

 

on a better note i was able to push access control policy if i un-selected the "application control" & "url filtering" blades

 

as soon as i check them back off and try to push policy it fails again. 

 

 

 

0 Kudos