This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
M7md91
Explorer
‎2019-11-15 07:13 PM

Issue with R80.20 upgrade via CDT

Hi team,

 

i am having an issue while using CDT 1.7 to upgrade standalone security gateways from R77.30 to R80.20. The error is occurring when CDT decides to create a new policy. Is there a way to bypass that step in the main CDT xml file? Or any other resolution?

0 Kudos
4 Replies
Vadim9
Employee Alumnus
Employee Alumnus
‎2019-11-17 02:41 AM

Hi,

What is the error you get? 

0 Kudos
M7md91
Explorer
‎2019-11-17 04:36 PM
In response to Vadim9

The issue is when i am executing the deployment plan. It fails after getting to prepare a new policy step. Which i think it is setting up a new base policy and then it failed because after that it loses access to the management server. I know that if i have a smart dashboard instance open for the CMA it will fail because it can't read from database but i tried sometimes and made sure that no other instance is running but still fails after creating a new policy. I don't want CDT to create a new policy. is there a way to have it fetch my policy? or it's not possible since i am upgrading to a new OS (R77.30 to R80.20? or if i can even bypass that step?

 

This is the error it is thinking there is an instance is running on smart dashboard for that CMA.

 

************************************************

An error has occurred in stage Prepare new post policy of machine xXXX001-FW:

 

Error code 43 - Failed to prepare and compile new firewall policy for the target machine's version. Make sure that the policy is saved and that no SmartDashboard sessions are connected to this server or update the policy manually via SmartDashboard and try again.

 

Additional Information:

-----------------------

              

************************************************

               DB Operations error has occurred:

              

               Error code 19 - Error querying the management database.

               Make sure that the policy is saved and that no SmartDashboard sessions are connected to this server.

              

               Details:

               --------

               Error modifiying network object:

              

               Command Summary:

               Command = /bin/echo -e "modify network_objects xXXX001-FW cpver 9.0

                update_all

                savedb

                -q

               " | dbedit -local -globallock

               Return code = 190

               Output = Database is already open

              

              

              

************************************************

 

************************************************

 

For additional details see the status and log files.

               Status file name: /opt/CPcdt/CDT_status_CMA_XXX-CMA-PR1.txt

               The relevant log files are attached to this email and can also be found in this directory: /var/log/CPcdt/logs_2019-11-16-09-50-26/

               ** This is an automatic message. Do not reply. **

0 Kudos
Vadim9
Employee Alumnus
Employee Alumnus
‎2019-11-17 11:41 PM
In response to M7md91

There is no supported way to skip this stage. What do you get when you go to "Manage and settings" -> "Sessions" -> "View Sessions" in SmartConsole(CMA). How many open sessions do you see? Do you see sessions other than "Current Session"?

0 Kudos
Charles_Singlet
Employee Employee
Employee
‎2020-10-22 06:54 AM
In response to M7md91

Just had this same error and found that the R77.30 had IPS enabled as expected but the R80.40 policy had Threat Prevention disabled.  Enabling Threat Prevent worked.  Prior to this, Strangely, policy push from GUI was successful.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events