This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_Riddleberger
Collaborator
Collaborator
‎2025-09-23 01:08 PM
Jump to solution

Policy installation fails with "Error code 2000025" and sk177710

Determined that Policy installation fails with "Error code 2000025" and for sk177710 this also applies to R81.20.

sk177710 notes applies to versions R80.20 (EOS), R80.30 (EOS), R80.40 (EOS), R81 (EOS) and R81.10 but experienced this for R81.20 (see attached).

Mgmt Server R81.20 HF-111

Gateways R81.20 HF-105

0 Kudos
2 Solutions

Accepted Solutions
D_Riddleberger
Collaborator
Collaborator
‎2026-03-13 08:42 AM
In response to ShemHunter
Jump to solution

ShemHunter

Sorry for now posting the detailed findings and resolution:

Determined the issue was with the "Check Point IPsec VPN services" application category:

Although this object was not being actively used in the policy, in its services was a group of services that an admin created/added to AppC Web Browsing services (in AppC and URLF blade settings).

After removing the group and adding the services individually, the policy is installing correctly.

View solution in original post

D_Riddleberger
Collaborator
Collaborator
‎2026-03-13 10:50 AM
In response to ShemHunter
Jump to solution

ShemHunter

We figured this out by reviewing the Audit Logs.

In Smart Console under Applications/Categories for 'Check Point IPsec VPN Services'. The admin edited that category under Match Settings>Customize and if I recall then added add group of services. Which was allowed to save and publish but failed at policy installation time.

View solution in original post

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-09-23 04:21 PM
Jump to solution

Did you forget the attachment?

You can verify further with TAC or submit feedback on the SK if you feel it needs updating.

CCSM R77/R80/ELITE
0 Kudos
D_Riddleberger
Collaborator
Collaborator
‎2025-09-23 06:25 PM
In response to Chris_Atkinson
Jump to solution

Hey Chris, when I submitted the post, I added the attachment which showed the version was R81.20 along with the failed policy install error code 2000025. I'm re-attaching it here to our convo. Let me know if you can view it now.

Preview file
228 KB
the_rock
MVP Diamond
MVP Diamond
‎2025-09-23 05:03 PM
Jump to solution

I just read the sk and you are correct, does not mention R81.20, but what I find really odd is that it mentions the issue can be with the service used. I had never seen that be the case with error like one you got. If I were you, would double check SIC, communication is fine between gw and mgmt, routing, etc.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
ShemHunter
Contributor
‎2026-03-13 08:17 AM
Jump to solution

Hello!

I'm getting a similar error in the test lab:

Gateway: GW-A
Policy: Standard
Status: Failed
- Policy installation failed on gateway. If the problem persists, contact Check Point support (Error code: 1-2-2000025).

This error occurs when the policy specifies an object in the Services & Applications column + Drop with Blocked Message. This happens in the test lab, so I'm having trouble submitting a ticket to TAC. Currently, version 81.20 takes 120.

 

0 Kudos
D_Riddleberger
Collaborator
Collaborator
‎2026-03-13 08:42 AM
In response to ShemHunter
Jump to solution

ShemHunter

Sorry for now posting the detailed findings and resolution:

Determined the issue was with the "Check Point IPsec VPN services" application category:

Although this object was not being actively used in the policy, in its services was a group of services that an admin created/added to AppC Web Browsing services (in AppC and URLF blade settings).

After removing the group and adding the services individually, the policy is installing correctly.

ShemHunter
Contributor
‎2026-03-13 09:50 AM
In response to D_Riddleberger
Jump to solution

Thank you!

I'll check this out and report back, but I think it'll definitely help. I've already sent feedback to this sk, and I hope they'll reply soon.

Could you tell me what services are installed by default? I know I can add them in the managenet&services settings.

0 Kudos
D_Riddleberger
Collaborator
Collaborator
‎2026-03-13 10:50 AM
In response to ShemHunter
Jump to solution

ShemHunter

We figured this out by reviewing the Audit Logs.

In Smart Console under Applications/Categories for 'Check Point IPsec VPN Services'. The admin edited that category under Match Settings>Customize and if I recall then added add group of services. Which was allowed to save and publish but failed at policy installation time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events