Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
Jump to solution

2200 appliacne R80.20 failure

Dear folks,

we are running R80.20 on an 2200 appliance since 2 month without problems.

This week some problems occurs. We got a lot of errors like these:

Jun 13 11:19:25 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)

If we do a restart of the appliance they can't install policy (policy install failed) and default policy is loaded.

A manual fw fetch after restart loads the actual policy, but the shown errors occurs again after some minutes.

Any ideas or seen this error anywhere?

Wolfgang

 

0 Kudos
1 Solution

Accepted Solutions
Thomas_Eichelbu
Advisor
Hello i have the same issue on a fresh installed 5200 appliance with R80.20 and take 80:
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15);

but i dont feel any negative impact so far ...

please provide us with the outcome of your Tace case!

best regards
Thomas.

View solution in original post

0 Kudos
11 Replies
NSerrao
Explorer

Hi.

I'm having this same issue on our R80.20.

It started a few days ago, right after Take 80 update instalation:

Jun 14 11:13:14 SPA-GW kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:16 SPA-GW kernel: [fw4_1];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:17 SPA-GW kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:17 SPA-GW kernel:
Jun 14 11:13:17 SPA-GW kernel: FW-1: stopping debug messages for the next 43 seconds
Jun 14 11:13:17 SPA-GW kernel: [fw4_1];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:21 SPA-GW last message repeated 4 times
Jun 14 11:13:21 SPA-GW kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)

It's spaming our syslog...

Our support created a ticket on checkpoint and the answer was:

"We have few other customers who have reported same messages after upgrading the machine. The issue is currently under investigation of the R&D team, will update you with more information as and when received."

(12/06/2019 - 14:17)

I can say that there's no negative impact so far.

Hope checkpoint solve this soon.

Best regards.

Nserrao

 

 

0 Kudos
Wolfgang
Authority
Authority
Nserrao,

makes sense. We installed take 80 to solve sk149413 issue.
I'll contact TAC for the problem.

Thanks for your information
Wolfgang
0 Kudos
Thomas_Eichelbu
Advisor
Hello i have the same issue on a fresh installed 5200 appliance with R80.20 and take 80:
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15);

but i dont feel any negative impact so far ...

please provide us with the outcome of your Tace case!

best regards
Thomas.
0 Kudos
NSerrao
Explorer

Hello.

 

Our local support team reply me the following as solution:

 

  1. Install the latest build of CPUSE Agent from sk92449.
  2. Connect to command line on target Gaia OS.
  3. Log in to Clish.
  4. Acquire the lock over Gaia configuration database:
    HostName:0> lock database override
  5. Import the package from the hard disk:
    Note: When import completes, this package is deleted from the original location.
    HostName:0> installer import local /.TGZ_or_TAR
  6. Show the imported packages:
    Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
    HostName:0> show installer packages imported
  7. Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
    HostName:0> installer verify
  8. Install the imported package:
    HostName:0> installer install

 

Didn't test it yet but I'll came back with news when it's done.

Best regards.

Nelson

0 Kudos
Shawn_Fletcher
Contributor

Just upgrade to R80.20 Take 87 per TAC.

 

Also seeing the messages , several per second

 


Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_7];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_7];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_11];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_11];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:38 2019 SJHFW1 kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:38 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
(END)

0 Kudos
Ophir_Grinstein
Employee Alumnus
Employee Alumnus

Hello,

I would like to bring clarity into this thread discussion

  • After installing R80.20 Jumbo HFA Take 80, the following error messages can appear in dmesg:
    • fwmutlik_do_sequence_accounting_on_entry: bad dir
  • This issue is cosmetic and can be ignored. There is no impact to the system
  • Fix for this is integrated into R80_20 Jumbo Hotfix starting from take 91
  • See sk158312 for more reference

 

Thanks,

Ophir

0 Kudos
NSerrao
Explorer

Hello.

Thank you for your reply.

We also updated R80.20 into take 87 last week but it's still spamming our syslog.

We'll ignore those messages and wait for take 91.

Best regards.

Nelson

0 Kudos
Shawn_Fletcher
Contributor

i had to request a hotfix for take 87, so one is available through tac

0 Kudos
Raj_Khatri
Advisor

What version did you upgrade from?  I am trying to upgrade from R77.30 to R80.20 and while the upgrade wizard says to use this file, it fails to upload via offline CPUSE and says not compatible.

Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Management.tgz

0 Kudos
Wolfgang
Authority
Authority

Raj,

you used the image with security management software only.

2200 appliances supports only gateway with R80.xx. (shown in your screenshot)

R80.20 Fresh Install and Upgrade for Security Gateway and Standalone

regards

Wolfgang

 

 

0 Kudos
Raj_Khatri
Advisor

Ah, good catch.  Thanks for that, too early for me!  Appreciate it....

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events