- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Integrity of the objects_5_0.C file
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Integrity of the objects_5_0.C file
Just finished a brief troubleshooting session using sk:
Policy installation fails with "Policy installation failed on gateway 0-2000040" error
While I am happy that there is an sk that was 100% on the mark, I'd like to ask Check Point a question as to why the "minor corruptions" or any other kinds of corruption are possible with no automatic correction?
Isn't it possible to maintain a "shadow" files with integrity verified by hashes and fall back on those if corruption is taking place for some reason (i.e. objects_5_0.C changing hash value is changing in the absence of publishing and installing a policy or installing a database?
This is a brand new installation of the Open Server VM with all the necessary prerequisites, including eager-zeroed, reserved highly-redundant storage and reserved memory and CPU resources.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have to think this is part of why we've largely moved to a database-backed configuration system.
There is still some parts of the product that use the legacy configuration files like objects_5_0.C.
Pretty sure the ultimate "fix" to this problem is to remove the dependency on these files.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
check and then uncheck all the unchecked server options in their order.
If an option is checked, do not change it.
Important Note: Do not perform step 2 for more than one server at a time. In our example, you should not check "Web Server", then check "Mail Server", then proceed to uncheck them both, but rather check "Web Server", then uncheck it, and proceed to the next one.
Awaiting similar "fixes" for R80.20 . . .
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The solution provided by https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... is unsafe and has chances of causing additional side effects. I wouldn't recommend running it by a customer.
While we work on a better phrasing of the SK, I suggest that you always contact support if you run into this problem.
We will work on preventive solutions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oops! It's done already and, for what its worth, it seem to solve the problem.
That being said, if this is a high risk scenario, perhaps it is better to update the SK before others run into it and suffer the consequences...
BTW, this is on R80.20.M1
