Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AkosBakos
MVP Silver
MVP Silver

Threat Prevention policy installation error - internal error occured during the verification process

Hi Team,

Maybe I found a bug, can somebody confirm it in different environment ?

Symptoms:

The Threat Prevention policy install fails:

Internal error occured during the verificítion process

Policy verification failed

IPS_policy_error.png

in policy installation debug:

"color" : "black",
"statusCode" : "failed",
"statusDescription" : "Failed",
"taskNotification" : "5bde51fe-6c9b-419a-b533-22cc5ba43cd1",
"gatewayId" : "b8ff47bc-9816-4486-afb0-e92f680e98d3",
"policyId" : "41bccc6f-5498-45a4-856c-8aafeafa3634",
"fastInstallStatus" : {
"worksessionId" : "f7ac79a2-598a-40c2-b649-23d57b0e2e2a",
"gatewayId" : "b8ff47bc-9816-4486-afb0-e92f680e98d3",
"policyId" : "41bccc6f-5498-45a4-856c-8aafeafa3634",
"status" : "blade_not_supported",
"detailedReason" : [ ]

R81.20 take 84 MAESTRO

Investigation steps:

  • Enable/disable the IPS and ApplC URLf blade
    • issue still exists
  • In the IPS custom policy contains only one rule which was disabled
    • create a new rule
      • installation suceeded 
    • delete the newly created rule
      • installation failed

If the IPS Custom Policy has only rules whose are disabled, we got this error.

Can somebody you confirm this behavior?

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
8 Replies
the_rock
MVP Gold
MVP Gold

Hey bro,

I dont have maestro to test, but happy to try in R81.20 jhf 90 lab. Are you saying if I was to disable default ips rule under threat prevention custom policy, that error would appear?

Andy

Best,
Andy
0 Kudos
AkosBakos
MVP Silver
MVP Silver

Hi,

Your LAB will be perfect. Thanks.   The one and only created IPS rule must be disabled. Something like this (this is a Demo Smartconsole)

ips_rule.png

Forgot the rule 1 (thats why I put a big red "X" onto)

And disable the one  and only existing rule. 

The policy install will fail.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
MVP Gold
MVP Gold

I am happy to test it shortly. This time, cause I like you, its FREE, but next time, I charge...we take euros too ; - )

Just kidding, always happy to help my fellow IT brothers and sisters.

Will let you know in few mins.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold

Well, not sure if it is a bug or not, BUT...message I got on R81.20 makes way more sense than what I got on R82 (same as you).

Andy

 

R81.20:

 

Screenshot_1.png

 

 

R82:

 

 

Screenshot_2.png

Now, to me logically, error in R81.20 is a bit deceiving, well, partially and here is why I say that. I see why it would say there are no rules (though technically there is a rule, its just disabled) and btw, I did verify policy beforehand and it did succeed, so the fact it says policy verification failed is not actually true, at least thats the way I see it.

Andy

Best,
Andy
AkosBakos
MVP Silver
MVP Silver

Thanks Andy,

I owe you. Now the HUF to EUR or USD rates are really terrible nowadays, please don't want me to pay EUR yet. 🙂

Greath to hear that this is not unique, but different messages.

To be honest, when the customer called me, I did't conclude to anything similar from this error message. Yes, I need more experiece. That's why I am here.

Unfortunately, the TAC misleaded us, with there is no internet access for SMO thats the problem. Now we will update them 🙂

Akos

----------------
\m/_(>_<)_\m/
(1)
the_rock
MVP Gold
MVP Gold

Im glad you asked me to test this, cause I learned something new today as well. I know this example will sound stupid, but things like this remind me when I was in Papua New Guinea one time and they advertised at the hotel there was Internet, so Im thinking, alright, one night, how bad can it be even if its not that fast...well, I show up and Internet does not work, I go to front desk and lady says to me "Well, you do realize since you booked this online, that online advertisements can be wrong? Yes, we do have Internet, but it never works or it works 1% of the time"

🤣🤣🤣🤣🤣🤣🤣

She defeated an IT person...I had no good comeback lol

Andy

Best,
Andy
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP

The expected behavior is as follows:

  1. The system should not fail with an "Internal Error," as this is not user-friendly.
  2. It should provide a meaningful and clear output. Specifically, instead of indicating that there are no rules, it should clarify that at least one rule needs to be enabled.

I will forward this to the relevant R&D owners for further action.

AkosBakos
MVP Silver
MVP Silver

Great! Will I get for this a candy on CPX? 🙂

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events