This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Exonix
Advisor
‎2025-02-17 10:51 AM
Jump to solution

Installation Policy Error 0-2000259

Hello everyone,

I've just added Appliance 1900 R81.10.15 to a virtual Management Server R81.20 via Internet.
The Status of the Connection is Connected
The Status in Management Console "" and I can't install any policies: Installation Policy Error 0-2000259.

Unfortunately I didn't find any Information about this Error.

Very appreciate any help!

Labels
0 Kudos
39 Replies
the_rock
Legend
Legend
‎2025-02-21 12:12 PM
In response to Exonix
Jump to solution

Thats expected, since its mgmt cli command.

Andy

0 Kudos
Exonix
Advisor
‎2025-02-24 12:11 AM
In response to the_rock
Jump to solution

and what should I do? I have other firewalls that were configured before me and there is no such problem there.

0 Kudos
Exonix
Advisor
‎2025-02-24 07:18 AM
Jump to solution

 

When I try to fetch the policy in the CLI, it really tries to fetch it from the local IP address. So, somehow I need to tell FW to fetch from Public IP. I didn't find any keys for "fw fetch" to specify a remote server...

fw fetch
Fetching Security Policy from '10.10.XXX.XXX'

Reason: TCP connectivity failure ( port = 18191 )( IP = 10.10.XXX.XXX )[ error no. 10 ].
Security Policy Fetch Failed.
Unable to fetch the Security Policy from the Management Server
Warning: Attemped to fetch policy from an IP address that is different than the one used to fetch the certificate. Please check the management object's IP address in the SmartDashboard.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-24 11:05 AM
In response to Exonix
Jump to solution

This points to a connectivity issue.
Confirm you can open a TCP connection on port 18191 (netcat "nc" can be used for this) from the gateway to the management.
Also, what is the relation between the IP listed in the error message versus the one listed in the Main tab of the Management object?

0 Kudos
Exonix
Advisor
‎2025-02-24 11:11 AM
In response to PhoneBoy
Jump to solution

Yes, port is open. Do you see the destination IP?

0 Kudos
the_rock
Legend
Legend
‎2025-02-24 11:07 AM
In response to Exonix
Jump to solution

Personally, ever since I been around CP back from R55 days, I had NEVER seen that error not be related to SIC issue. Now, here is the thing. Say you do SIC reset and it works and then you try push policy and it fails, its usually route missing somewhere along the lines, if you will.

Hope that helps.

Andy

0 Kudos
Exonix
Advisor
‎2025-02-24 11:13 AM
In response to the_rock
Jump to solution

Sure it is routing problem, because the security server in Internet tries to connect to another server in Internet via private IP... why? 

0 Kudos
the_rock
Legend
Legend
‎2025-02-24 11:15 AM
In response to Exonix
Jump to solution

Maybe verify NATing, as well as current routes. For example, do ip r g command to "affected" ip address. Something like ip r g 8.8.8.8, just change the IP address, to confirm if its correct.

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-02-24 12:23 PM
In response to Exonix
Jump to solution

check this one out:

How to configure Management behind NAT in Security Gateway - special for SPARK

https://support.checkpoint.com/results/sk/sk66381

-------
If you like this post please give a thumbs up(kudo)! 🙂
Exonix
Advisor
‎2025-02-25 07:01 AM
In response to Lesley
Jump to solution

thank you! it did help!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top