This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aaron_Valenta
Participant
‎2018-01-29 02:38 PM

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server', Failed to convert web security parameters in asm.C, internal error occurred during the verification process, Policy verification failed after R77.30 db export and import into R80.10?

The issue is specific to the IPS SQL Injection protection and policy successfully pushes if this protection is inactivated but we would like to continue to use this protection.

Screenshot of the specific error attached.

Support is assisting and opening a case with R&D but wondering if others have encountered and hopefully even resolved this issue? This appears to be the only post-upgrade issue but it is preventing us from moving to the R80.10 management server.

Any and all assistance is appreciated.

0 Kudos
5 Replies
Michael_Lawrenc
Contributor
‎2018-01-29 04:08 PM

Long shot, especially if you're already escalated to level 3 - but have you looked at your rulebase order to make sure any rules using legacy application layer servers (like the HTTP security server) come *before* any rules that use the new application control and protocol inspection stuff?

0 Kudos
Aaron_Valenta
Participant
‎2018-01-31 08:01 AM

It looks like the error and issue is strictly related to the SQL Injection IPS protection. If I disable this protection, I can successfully push policy, however, we want to be able to utilize the SQL Injection protection.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-01-31 10:21 AM

Hi guys, a mid-way update on this issue - was an internal error with the policy installation engine. This does not relate to any kind of user misconfiguration. Aaron will be notified once a fix + SK arrive.

Michael_Lawrenc
Contributor
‎2018-01-31 12:26 PM
In response to Tomer_Sole

Good deal.  Please let us know when the SK is up.  I'd like to check in with my customers on this one.  Kind of surprised we didn't trip over this already. 

Tomer_Sole
Mentor
Mentor
‎2018-02-14 09:31 AM
In response to Tomer_Sole

Hi guys, the decision was that each time such thing happens, you would have to contact Check Point Support. The problem was an internal error with the policy installation engine, and that error does not currently repeat for other customers. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top