Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aaron_Valenta
Participant

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server', Failed to convert web security parameters in asm.C, internal error occurred during the verification process, Policy verification failed after R77.30 db export and import into R80.10?

The issue is specific to the IPS SQL Injection protection and policy successfully pushes if this protection is inactivated but we would like to continue to use this protection.

Screenshot of the specific error attached.

Support is assisting and opening a case with R&D but wondering if others have encountered and hopefully even resolved this issue? This appears to be the only post-upgrade issue but it is preventing us from moving to the R80.10 management server.

Any and all assistance is appreciated.

0 Kudos
5 Replies
Michael_Lawrenc
Contributor

Long shot, especially if you're already escalated to level 3 - but have you looked at your rulebase order to make sure any rules using legacy application layer servers (like the HTTP security server) come *before* any rules that use the new application control and protocol inspection stuff?

0 Kudos
Aaron_Valenta
Participant

It looks like the error and issue is strictly related to the SQL Injection IPS protection. If I disable this protection, I can successfully push policy, however, we want to be able to utilize the SQL Injection protection.

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi guys, a mid-way update on this issue - was an internal error with the policy installation engine. This does not relate to any kind of user misconfiguration. Aaron will be notified once a fix + SK arrive.

Michael_Lawrenc
Contributor

Good deal.  Please let us know when the SK is up.  I'd like to check in with my customers on this one.  Kind of surprised we didn't trip over this already. 

Tomer_Sole
Mentor
Mentor

Hi guys, the decision was that each time such thing happens, you would have to contact Check Point Support. The problem was an internal error with the policy installation engine, and that error does not currently repeat for other customers. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events