Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Checkdoll
Explorer

Failed to load Policy on Security Gateway

Hey Guys,

i got an Error trying to update the Policy.

Installation failed. Reason: Failed to load Policy on Security Gateway

Can someone tell me how i get more Information about the Error? Some Logs where i find more detailed information why it failed?

 

The System:

Devices: 2x 1490 Appliance, R77.20.87 (990173004)

CP Security Management: R80.10
Kernel: 2.6.18-92cpx86_64
Build: 462
Last Hotfix: Check_Point_R80_10_JUMBO_HF_Bundle_T279_sk116380_FULL.tgz

Kind regards,

Do

 

 

0 Kudos
3 Replies
Tal_Paz-Fridman
Employee
Employee

Can you share the output from $FWDIR/log/install_policy.elg for this flow?

0 Kudos
Checkdoll
Explorer

11/11/20 09:06:46,713 INFO com.checkpoint.management.dleserver.coresvc.internal.PolicyLoaderTask.executeLoadCommands:293 [taskExecutor-100]: Loader executions completed
11/11/20 09:06:46,713 INFO com.checkpoint.management.dleserver.coresvc.internal.PolicyLoaderTask.executeLoadCommands:273 [taskExecutor-100]: Command's full output:
------------------------------------------------
**##PERF_MSG_IDENTIFY##** {"duration_data":[{"duration":34.22656400000023,"name":"duration_of_legacy_verification"}]}

Standard.W: Security Policy Script generated into Standard.pf&SFWR77CMP
**##MSG_IDENTIFY##**2&0&Verification was successful.&50&<NULL>&1&SFWR77CMP
0&SFWR77CMP
export Standard.Set:&SFWR77CMP
Compiled OK.&SFWR77CMP
Standard:&SFWR77CMP
Compiled OK.&SFWR77CMP
Standard:&SFWR77CMP
Compiled OK.&SFWR77CMP
**##MSG_IDENTIFY##**3&0&Compilation was successful&50&<NULL>&1&SFWR77CMP
Installing Security Gateway policy on: FW-LL ...&SFWR77CMP
**##MSG_IDENTIFY##**5&0&Transfer was successful.&FW-LL-GW2&<NULL>&1&SFWR77CMP
**##MSG_IDENTIFY##**5&0&Transfer was successful.&FW-LL-GW1&<NULL>&1&SFWR77CMP
Security Gateway policy installation failed for Security Gateway FW-LL-GW2 (member of FW-LL)...&SFWR77CMP
Installation failed. Reason: Failed to load Policy on Security Gateway. &SFWR77CMP
**##MSG_IDENTIFY##**6&2&Installation failed. Reason: Failed to load Policy on Security Gateway. &FW-LL-GW2&FW-LL&0&SFWR77CMP
**##MSG_IDENTIFY##**6&2&&FW-LL-GW2&<NULL>&1&SFWR77CMP
**##MSG_IDENTIFY##**8&2&&FW-LL-GW2&<NULL>&1&SFWR77CMP
Security Gateway policy installation failed for Security Gateway FW-LL-GW1 (member of FW-LL)...&SFWR77CMP
Installation failed. Reason: Failed to load Policy on Security Gateway. &SFWR77CMP
**##MSG_IDENTIFY##**6&2&Installation failed. Reason: Failed to load Policy on Security Gateway. &FW-LL-GW1&FW-LL&0&SFWR77CMP
**##MSG_IDENTIFY##**6&2&&FW-LL-GW1&<NULL>&1&SFWR77CMP
**##MSG_IDENTIFY##**8&2&&FW-LL-GW1&<NULL>&1&SFWR77CMP
&SFWR77CMP
Security Gateway policy Installation for all modules was stopped.&SFWR77CMP
Security Gateway policy installation failed for:&SFWR77CMP
FW-LL-GW2 (member of FW-LL) FW-LL-GW1 (member of FW-LL) &SFWR77CMP
**##MSG_IDENTIFY##**10&0&&<NULL>&<NULL>&1&SFWR77CMP
------------------------------------------------

11/11/20 09:06:46,714 INFO com.checkpoint.management.dleserver.coresvc.internal.LegacyPolicyLoader$PolicyLoadTask.doWork:76 [taskExecutor-100]: Completed to load legacy policy for product 'Access'
11/11/20 09:07:07,916 INFO com.checkpoint.management.dleserver.coresvc.internal.PolicyInstallationSvcImpl.doInstallPolicy:21 [unboundedTaskExecutor-12]: Completed policy installation

0 Kudos
Tal_Paz-Fridman
Employee
Employee

Could you check if there is anything in $CPDIR/log/cpd.elg on any of the Cluster members?

If there is nothing useful there I suggest contact TAC.

0 Kudos