Nasty IPS update error

Danny · ‎2025-08-20

I'm experiencing a nasty IPS update error in one customer environment on R81.20 that started in July and couldn't be solved together with TAC yet.

The management successfully downloads the IPS update package and gets stuck at 10% trying to perform the update:

After 5 minutes this error is shown:

I already set up a test appliance in my lab, imported the management configuration and got the same result with this configuration.
Looks like a damaged IPS database to me.
I first thought about sk87960, but it's not valid for R8x environments.

I already checked this:

name resolution on management
internet access
NAT configuration
firewall logs
disk space
HTTPS inspection
proxy configuration
threat prevention policy
drop debug entries
valid contracts installed
eval license installed
deployment agent updated
leading threat prevention rule for the security management with Anti-Virus, Anti-Bot & Threat Emulation unchecked
deactivated outbound IPS -> solved update issues for App Control & URL filtering while IPS updates still fail

Any ideas?

_Val_ · ‎2025-08-20

Is the TAC ticket in escalation? Can you please share the SR with me via a PM?

the_rock · ‎2025-08-20

I have a gut feeling its a known issue, since I had been seeing it for the last 2 days in my lab and never used to happen before.

Andy

Best,
Andy

Timothy_Hall · ‎2025-08-20

Prior to R80 I remember doing a brutal IPS reset for a customer that had repeated update failures, and it involved blowing away lots of files. It's unlikely to work now with the PostgreSQL database, but there may be an alternate procedure. I think this is now referred to as "IPS Clean" here: sk100404: IPS Protections - Database Recovery Suggestions

New Book: "Max Power 2026" Coming Soon
Check Point Firewall Performance Optimization

Are you a member of CheckMates?

Nasty IPS update error