Hi @G_W_Albrecht ,

No luck, still we cannot push the policy from smartconsole. As observer from the gateway we can fetch the policy but i am not sure whether its new or old one. Is there any thing that we could try here ?.

Thank You.

What is shown if you just verify the policy ? What is the error if the old errors have been fixed ? And please provide a screenshot with all lines from the Policy install window...

This could be more than warnings as we do not see all lines right of Access policy, but top line policy verification failed is a grave error that will make the policy not installable...

So show all lines please!

@AkosBakos is right actually, seems like its related to threat prevention policy, but yes, agree, we need to see all the lines.

Andy

Where do you see that he wanted to install the Threat Prevention policy only ? That selection is not shown. As TP policy install has succeeded, it is the enlarged Access policy part that is mostly hidden and has warnings in the shown lines, and you see that Access policy install failed on top...

See below. Though based on the message, appears its failing for a different gateway.

Andy

That is wrong.The line for TP policy Succeeded is only one line without warnings, or else it would look like:

but the Access policy line is expanded, see the 

- from Policy Installation failed down the warnings belong to Access Policy...

I do not really understand how you as a long-time CP specialist make such mistakes, this is all obvious from the screenshot...

Its not really clear to me, sorry. Im simply going by what I see and what I see it shows threat prevention policy. Unless I look at the whole thing, I cant tell. 

Btw, Im not any type of guru or specialist, not even close haha

Andy

If it is succeeding, it has no warnings, as in the screenshot. In my screenshot, it succeeds with warnings, this is shown differently. As it just succeeds, the warning below Policy Install failed belong to the Access Policy.

But blunder or not, we will need to see all lines for any suggestions.

I agree. You are right its most likely regular policy, since even verification would only work for access policy, not threat prevention one, but lets see if @Rabin can send us the exact failure, will be easier to help.

Andy

Hu @G_W_Albrecht 

I linked this issue to this behind the scenes.

Akos

So where do the warnings come from if TP is installed successfully (that is, without warnings and errors) ?

You can see all in the screenshot (except the access policy line and further lines right from it, that would be the most important lines to show)

Hi @AkosBakos ,

I could not follow up these cases as i am stuck with another issue which EOS and probably EOL. Will definately update you on this.

Rabindra

Hi Everyone,

Regarding this issus, just wanted to provide the quick update on this issue. The current checkpoint appliances are in R80.30 version with the latest hotfix take 255 and same goes for another cluster which has R81.10 version with latest hotfix take 172 with same issue. 

We have verified the policy before installing the policies which get successfully verified. We checked the resource utilization seems normal, collected the cpd.elg logs for furhter analysis. As far as the screenshot is concerned there are only warning for application blades for https inspection and some source and destination with any which are not recommended. 

Will post the detailed screenshot shortly.

Thank You.

That would 100% help us. Its a bit odd if you only see warnings, since policy would never fail due to those.  Anyway, once you send the full error, Im sure we will fix it quick.

Andy

Dear All,

Please find the attached screenshot here:

Seems this is the solution. I did see this once in the lab in R81.10 and after rebooting the mgmt, it got solved.

Andy

https://support.checkpoint.com/results/sk/sk149093

In viber_image_2025-01-07_19-47-47-349.jpg you could have clicked more... before taking a screenshot.

But as viber_image_2025-01-07_19-47-23-546.jpg shows an internal error i would suggest to cantact CP TAC asap to get this resolved !

There are more and more warning which are just for policies, which were working before, I have verified all those so it's the same, anyway thank you. We have TAC support aligned and as POA : reboot, hotfix  but not resolved and further debugs has been collected. This is critical issue since we are not able to make any changes, I had to seek some support from the community as well.

Thank You all for the insight, I will keep posting if this issue gets resolved.

Regards,

Rabindra.

Seeking support from community is always good ! It is just that we can not suggest much here (would need debugs) - and most posts are only misinterpreting your screenshot 😉

Could well be a database corruption as policies were working before, did TAC run cpm_doctor yet ?

Can you please try below from support site? I have a good feeling it would solve the problem.

Andy

https://support.checkpoint.com/results/sk/sk149093

Hi @the_rock ,

We have latest hotfix take 255 for R80.30 version which should have fix the issue and rebooted several times with no luck. Sure will try pretending not having hotfixes go for workaround solution mentioned in the sk, let's see.😜

Thank you for the support😊

Fair enough. Ultimately, as @Chris_Atkinson said, R80.30 is eol, so you should upgrade, for sure. Now, if you cant do so any time soon, we will do our best to help you fix it. Im happy to do remote if you are allowed.

Andy

Actually we could upgrade but at the peak hours, memory and CPU utilization exceed over 100% but for another cluster we have managed to upgrade to R81.10. Even though R80.30 has no support we, somehow managed to get support from TAC.  Thank You so much for the support 🙌. Sure I will let you know if TAC team can not resolve it.

Once again thank you so much, appreciate it. 😊

Hi for the last chance:

What does 

• hcp https://support.checkpoint.com/results/sk/sk171436
• run_cpmdoc.sh  https://community.checkpoint.com/t5/Management/CPM-Doctor-script/m-p/129561#M28087

say?