Solved: 2200 appliacne R80.20 failure

Wolfgang · ‎2019-06-13

Dear folks,

we are running R80.20 on an 2200 appliance since 2 month without problems.

This week some problems occurs. We got a lot of errors like these:

Jun 13 11:19:25 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)

If we do a restart of the appliance they can't install policy (policy install failed) and default policy is loaded.

A manual fw fetch after restart loads the actual policy, but the shown errors occurs again after some minutes.

Any ideas or seen this error anywhere?

Wolfgang

Thomas_Eichelbu · ‎2019-06-20

Hello i have the same issue on a fresh installed 5200 appliance with R80.20 and take 80:
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15);

but i dont feel any negative impact so far ...

please provide us with the outcome of your Tace case!

best regards
Thomas.

View solution in original post

NSerrao · ‎2019-06-14

Hi.

I'm having this same issue on our R80.20.

It started a few days ago, right after Take 80 update instalation:

Jun 14 11:13:14 SPA-GW kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:16 SPA-GW kernel: [fw4_1];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:17 SPA-GW kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:17 SPA-GW kernel:
Jun 14 11:13:17 SPA-GW kernel: FW-1: stopping debug messages for the next 43 seconds
Jun 14 11:13:17 SPA-GW kernel: [fw4_1];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jun 14 11:13:21 SPA-GW last message repeated 4 times
Jun 14 11:13:21 SPA-GW kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)

It's spaming our syslog...

Our support created a ticket on checkpoint and the answer was:

"We have few other customers who have reported same messages after upgrading the machine. The issue is currently under investigation of the R&D team, will update you with more information as and when received."

(12/06/2019 - 14:17)

I can say that there's no negative impact so far.

Hope checkpoint solve this soon.

Best regards.

Nserrao

Wolfgang · ‎2019-06-14

Nserrao,

makes sense. We installed take 80 to solve sk149413 issue.
I'll contact TAC for the problem.

Thanks for your information
Wolfgang

Thomas_Eichelbu · ‎2019-06-20

Hello i have the same issue on a fresh installed 5200 appliance with R80.20 and take 80:
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15);
@;105811;[cpu_1];[fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15);

but i dont feel any negative impact so far ...

please provide us with the outcome of your Tace case!

best regards
Thomas.

View solution in original post

NSerrao · ‎2019-06-21

Hello.

Our local support team reply me the following as solution:

Install the latest build of CPUSE Agent from sk92449.
Connect to command line on target Gaia OS.
Log in to Clish.
Acquire the lock over Gaia configuration database:
HostName:0> lock database override
Import the package from the hard disk:
Note: When import completes, this package is deleted from the original location.
HostName:0> installer import local /.TGZ_or_TAR
Show the imported packages:
Note: Refer to the top section "Hotfixes" - refer to "Check Point R80.20 Jumbo hotfix T<number> for sk137592"
HostName:0> show installer packages imported
Verify that this R80 Jumbo Hotfix Accumulator package can be installed without conflicts:
HostName:0> installer verify
Install the imported package:
HostName:0> installer install

Didn't test it yet but I'll came back with news when it's done.

Best regards.

Nelson

Shawn_Fletcher · ‎2019-07-11

Just upgrade to R80.20 Take 87 per TAC.

Also seeing the messages , several per second

Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_9];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_6];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_7];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_7];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:36 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_11];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_11];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_2];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:37 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
Jul 11 18:40:38 2019 SJHFW1 kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=2 flags=1 opcode=15)
Jul 11 18:40:38 2019 SJHFW1 kernel: [fw4_4];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)
(END)

Ophir_Grinstein · ‎2019-07-25

Hello,

I would like to bring clarity into this thread discussion

After installing R80.20 Jumbo HFA Take 80, the following error messages can appear in dmesg:
- fwmutlik_do_sequence_accounting_on_entry: bad dir
This issue is cosmetic and can be ignored. There is no impact to the system
Fix for this is integrated into R80_20 Jumbo Hotfix starting from take 91
See sk158312 for more reference

Thanks,

Ophir

NSerrao · ‎2019-07-25

Hello.

Thank you for your reply.

We also updated R80.20 into take 87 last week but it's still spamming our syslog.

We'll ignore those messages and wait for take 91.

Best regards.

Nelson

Shawn_Fletcher · ‎2019-07-25

i had to request a hotfix for take 87, so one is available through tac

Raj_Khatri · ‎2019-07-30

What version did you upgrade from? I am trying to upgrade from R77.30 to R80.20 and while the upgrade wizard says to use this file, it fails to upload via offline CPUSE and says not compatible.

Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Management.tgz

Wolfgang · ‎2019-07-30

Raj,

you used the image with security management software only.

2200 appliances supports only gateway with R80.xx. (shown in your screenshot)

R80.20 Fresh Install and Upgrade for Security Gateway and Standalone

regards

Wolfgang

Raj_Khatri · ‎2019-07-30

Ah, good catch. Thanks for that, too early for me! Appreciate it....