This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority
Monday
Jump to solution

ElasticXL Policy Push Debug?

I'm trying out ElasticXL in a lab. I can't seem to push policy to one of my clusters (currently with one site and one member). The policy push debug script in sk159452 shows all clear on the management, and the files appear to make it into $FWDIR/state/__tmp/FW1/. When I run the script on the firewall side, it successfully loads the policy. When I push with the policy loaded, it still fails. When I reboot the member, it goes back to InitialPolicy.

I get the same results when I add a second member, which seems expected if pushing to a single member fails. I've tried with the 15-day PnP eval, a manually-generated 30-day eval, and a real, permanent license with the same results in all those cases.

These are lab boxes, so I can rebuild and try anything at any time. What I can't do is call support, since the lab management wasn't part of our most recent renewal, and the firewalls aren't supported with ElasticXL.

Any advice on what I should look at or try?

0 Kudos
1 Solution

Accepted Solutions
Bob_Zimmerman
Authority
Authority
Monday
In response to the_rock
Jump to solution

I guess I should have mentioned, but it's one of the most unhelpful error messages in the history of error messages:

Installation failed. Reason: Failed to load Policy on Security Gateway.

That is the full extent of what it tells me in the task.

I also just discovered that while the member accepts the permanent license (and is even able to fetch the associated contracts), it removes it after a few minutes. I decided to try switching the sixth interface back from the name "eth-01" (which is included in magg1 by default) to the name Mgmt. Rebooted, ran this in gclish via serial console:

add bonding group 1 interface Mgmt

and presto. My license stopped getting removed, and now policy installation works. Weird, but I'll take it.

View solution in original post

3 Replies
the_rock
Legend
Legend
Monday
Jump to solution

What is the error you get? Does it complain about the licence?

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority
Monday
In response to the_rock
Jump to solution

I guess I should have mentioned, but it's one of the most unhelpful error messages in the history of error messages:

Installation failed. Reason: Failed to load Policy on Security Gateway.

That is the full extent of what it tells me in the task.

I also just discovered that while the member accepts the permanent license (and is even able to fetch the associated contracts), it removes it after a few minutes. I decided to try switching the sixth interface back from the name "eth-01" (which is included in magg1 by default) to the name Mgmt. Rebooted, ran this in gclish via serial console:

add bonding group 1 interface Mgmt

and presto. My license stopped getting removed, and now policy installation works. Weird, but I'll take it.

the_rock
Legend
Legend
Monday
In response to Bob_Zimmerman
Jump to solution

I recall that message a lot back in R76 and R77 versions. Anyway, glad you got it working.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events