Hi everyone!

Setup: Newly installed ClusterXL+SMS (R81.20 JHF Take 84)

The standby member was not updating its IPS database, and in order make it work, I followed sk43807 and added the ports and protocols to the table.def file on the SMS. It worked perfectly fine and the standby member was able to update its IPS database to the same version as the active node.

Although the standby member can update its IPS version, the output of fw tab -t no_hide_services_ports -u does not show the ports and protocols that I added through the table.def file.

After that, I deleted the added ports and protocols from the table.def file and clicked on 'Install Policy'. It failed with the following error message:

"Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-1-2000096)."

I have already looked up the error code on support.checkpoint.com, and read the only two CheckMates links that it gave me (this and this). I also read all the seemingly similar SKs about policy installation errors. However there is no information about this specific error code.

Additionally, I tried replacing the table.def file from another newly installed setup, removed and reinstalled JHF package, used policy_debug.sh, manually debugged cpm, fwm, fwd and cpd processes while installing policy. I found nothing that seems useful.

Threat Prevention policy installs with no issues.

It is just a lab, but I wonder what I would do if one of our customers had a similar issue (before opening a TAC ticket). I don't think opening a TAC ticket for my case is currently necessary.

Where else can I look? Did anyone else encounter such an issue? 

Cheers!