This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
3 weeks ago

Nasty IPS update error

I'm experiencing a nasty IPS update error in one customer environment on R81.20 that started in July and couldn't be solved together with TAC yet.

The management successfully downloads the IPS update package and gets stuck at 10% trying to perform the update:
image.png

After 5 minutes this error is shown:
image.png

I already set up a test appliance in my lab, imported the management configuration and got the same result with this configuration.
Looks like a damaged IPS database to me.
I first thought about sk87960, but it's not valid for R8x environments.

I already checked this:

  • name resolution on management
  • internet access
  • NAT configuration
  • firewall logs
  • disk space
  • HTTPS inspection
  • proxy configuration
  • threat prevention policy
  • drop debug entries
  • valid contracts installed
  • eval license installed
  • deployment agent updated
  • leading threat prevention rule for the security management with Anti-Virus, Anti-Bot & Threat Emulation unchecked
  • deactivated outbound IPS -> solved update issues for App Control & URL filtering while IPS updates still fail

Any ideas?

0 Kudos
3 Replies
_Val_
Admin
Admin
3 weeks ago

Is the TAC ticket in escalation? Can you please share the SR with me via a PM?

 

0 Kudos
the_rock
Legend
Legend
3 weeks ago

I have a gut feeling its a known issue, since I had been seeing it for the last 2 days in my lab and never used to happen before.

Andy

0 Kudos
Timothy_Hall
Legend Legend
Legend
3 weeks ago

Prior to R80 I remember doing a brutal IPS reset for a customer that had repeated update failures, and it involved blowing away lots of files.  It's unlikely to work now with the PostgreSQL database, but there may be an alternate procedure.  I think this is now referred to as "IPS Clean" here: sk100404: IPS Protections - Database Recovery Suggestions

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events