- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Checkpoint 1570 Appliance upgrade to 81.10 fai...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint 1570 Appliance upgrade to 81.10 fail with No profile defined on GW
Upgraded our management server to 81.10 , pushed policy to test if all ok and all was ok.
Then took a small office and upgraded the 1570 appliance to 81.10 and tried to push policy.
Standard policy was ok but Threat Prevention fails miserably .
Gateway: DCUK-xxxx
Policy: Standard
Status: Failed
- No profile defined on GW DCUK-xxxx
- gen_amw_rulebase_tables: gen_gw_profiles_set failed
- Operation was unsuccessful.
--------------------------------------------------------------------------------
I tested the solution suggested here on sk165935 but it does not work or I do not understand the article correctly ..
I am a bit uncertain of this statement "Assign the IPS profile on the relevant Security Gateway" ... I can only assign a profile on the GW general properties and in this case I can only assign "Custom" ... as Autonomous is not supported by 1500 series.
Am I missing something ?
- Tags:
- 1570
- quantum spark
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well , mistery SOLVED.
After upgrading to 81.10 , the respective gateway was automatically REMOVED from my IPS / Threat prevention policy ????
I just upgraded another one and I noticed that the gateway was removed from the IPS policy after upgrade ?
Pushed policy ... fail.
Checked the IPS / Threat prevention policies and the gateway was NOT on any policy.
Added the gateway to the policy again , pushed policy and all went fine.
I have a policy for the small appliances and the next upgraded gateway vanished from the targets for that policy ... so no wonder the management server came and told me "No profile defined on GW" .. as there was no policy defined for that gateway so there was nothing to push..
I guess this can be defined as a Bug ? Why should a gateway remove itself from the policy after upgrade without any warnings ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, Autonomous Threat Prevention is not supported on SMB appliances.
"IPS Profile" only applies to pre-R80 gateways, for everything else not using ATP, it will depend on the Threat Prevention > Custom Settings rules.
What precise rules are there?
Screenshots (with sensitive details redacted) will help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this Gateway running R81.10.07 (996001397) or other version/build?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gateway runing Version: R81.10 (996000575)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well , mistery SOLVED.
After upgrading to 81.10 , the respective gateway was automatically REMOVED from my IPS / Threat prevention policy ????
I just upgraded another one and I noticed that the gateway was removed from the IPS policy after upgrade ?
Pushed policy ... fail.
Checked the IPS / Threat prevention policies and the gateway was NOT on any policy.
Added the gateway to the policy again , pushed policy and all went fine.
I have a policy for the small appliances and the next upgraded gateway vanished from the targets for that policy ... so no wonder the management server came and told me "No profile defined on GW" .. as there was no policy defined for that gateway so there was nothing to push..
I guess this can be defined as a Bug ? Why should a gateway remove itself from the policy after upgrade without any warnings ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes sounds like a bug. Do you have a TAC case as a reference?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No , no TAC case for this, we work with a checkpoint partner which did not open a TAC case I believe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please ask them to report this to TAC, this is the only way to get it fixed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will do , thanks.