unable to install policies or database in standalo...

Kul · ‎2019-01-04

Dear Sir/Madam,

I tried to install policies and database and got this error message. "TCP connectivity failure ( port = 18191 )( IP = X.X.X.X )[ error no. 10 ] Policy installation canceled."

This is a standalone setup with gaia r77.30 Matthew Do Uri Bialik Kyle Reynolds Avigdor Sharon Igal Nahimovski Ofir Agasi Kyle Reynolds Bob Bent Kristen Kenedy

Please assist with what I could do.

Kind regards,

kul@

Vladimir · ‎2019-01-04

If you have the ability to connect to the console of your standalone gateway, check if the CPD is running.

If not, lookup one of the posts describing how to troubleshoot it on the platform and the version you are running.

Kul · ‎2019-01-04

I checked cpd,ita running fine o

Vladimir · ‎2019-01-04

If it is a non-production environment, or if you have a maintenance window, try fw unloadlocal and reinstall the policy.

Any chance something changed in your policy that will block your communication with the unit if it is successfully installed?

Kul · ‎2019-01-04

Okay will do that the device is under production. is it possible to back up policies before I do fw unloadlocal ??

And also one more question, if I do freshinstallatiion is it possible to back up policies, Nat, route and interfaces. So that after fresh installation I can just load the Config files.

Vladimir · ‎2019-01-04

You can backup the current state of the unit in WebUI as well as perform a snapshot there.

You can perform migrate export to get the objects and rulebase in a portable format.

You can separately backup Gaia config in CLI.

Good idea to download backups and snapshots of the unit.

The problem is that if the unit is failing to install the current policy, restoring it to the same state may not fix your issues.

Why not try TAC SR? It may be something simple they will be able to spot and fix in a short remote session.

Kul · ‎2019-01-04

I tried to get support from TAC,they asked me to do fresh installation. I assume there is a possible way to rectify the issue.

They said the issue is change of IP of the device IP,which got the database ti be corrupted.

Sometimes TAC people make mistake as well so I am here getting possible help from you guys.

Thank you very much for getting on with this discussion.

PhoneBoy · ‎2019-01-04

Did you change the IP of the device at all?

Is the IP in the error message what you expect it to be?

PhoneBoy · ‎2019-01-04

fw unloadlocal does not change the policy configuration, it merely unloads it from the firewall kernel.

Kul · ‎2019-01-04

I haven't Changed the ip.

PhoneBoy · ‎2019-01-04

If you opened a TAC case, please send me the SR# privately.

Kul · ‎2019-01-04

They said I need to do fresh installation.

Any idea can I copy objects, route, policies from current configuration so it gets easier for me when I do fresh installation.

PhoneBoy · ‎2019-01-05

Please send me the SR number privately so I can review the basis for this recommendation.

As far as migrating the security policy configuration, if there is corruption, it might be best to use cp_merge to export/import the configuration (assuming you want to stay on R77.30): Using cp_merge utility

The OS-specific settings can be exported/imported as described here: Export / Import configuration / partial configuration in Gaia

Kul · ‎2019-01-05

Sure will do, thanks alot

Are you a member of CheckMates?

unable to install policies or database in standalone setup