Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sijeel
Contributor

Unable to push threat prevention policy

Hi Experts.

 

After upgrading one of the cluster member to r80.30 from r77.30 im getting the error in attached file .So we have only upgraded the standby member  and the active member is still on r77.30, when we change the the cluster version in smart console from r77.30 to r80.30 we are presented with this error in the attached file and threat prevention policy fails for both gateways.

If we change the cluster version on back to r77.30 the threat prevention policy get partially installed on the gateway with r77.30 and failed on gateway with r80.30 with below error


Status: Failed
- Installation failed. Reason: Failed to connect to the module, or the connection was lost.
--------------------------------------------------------------------------------

Any idea what the issue can be ?

 

Regards,

Sijeel Malik 

 

0 Kudos
4 Replies
Timothy_Hall
Champion
Champion

Force an immediate update of IPS, then do an "Update Images" for Threat Emulation.

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Sijeel
Contributor

Hi Tim,

Updated the IPS but that doesn't help and  Threat Emulation is already updated (all green). I have a logged case with tac a they aren't sure about the issue. Changing the gateway versions in smart console from r80.30 to 77.30 (one member is on r77.30 and other on 80.30 ) allow me to push the  threat prevention policy on the gateway with r77.30. with  a warning in the threat updates "1 gateway is not updated " i.e is the upgraded one.

But if i change the version details in smart console to r80.30  the policy fails and an error below

 

Error: 'IPS' is not responding. Verify that 'IPS' is installed on the gateway. If 'IPS' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Gateway > General Properties > Check Point Products List).

 

Regardsm

Sijeel

 

 

 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi

In case you haven't used the latest R80.30 JHF please update and test again:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

HTH

Tal

 

0 Kudos
Sijeel
Contributor

Hi Tal, 

 

We are already on take -215 , should we move to take 217 ?

Reagrds,

Sijeel

0 Kudos