Hi.

It's in R82, JHF take44.

Hi,

I did that. I'm just trying to see if anyone experienced something like this to share knowledge. 

Thanks.

Hi,

I'm sharing the .elg file. I've just changed the Domains and VS names.

Kind regards

Thanks! will check shortly

I have a gut feeling below is why you had the problem...now why it happened, its another question. Did you send this to TAC?

		Starting Policy compilation
MyCommandCB started
***Reply is : (
	:note ("		firewall_application Policy installation/compilation for MARSFW01: '/opt/CPmds-R82/customers/SFCDMS01/CPsuite-R82/fw1/tmp/install_policy/ead9f43d-d7dc-49c4-b2d5-c2c22fcd5cfe/FW1/conf/MARSFW01.pf', line 9345: ERROR: table <zp_dummy_interface_ip> undefined( message from member VSX-GW02_MARSFW01 )")
	:format (line)
	:vsx_status_code (0)
	:vsx_operation_result (0)
	:message_type (1)
	:AdminInfo (
		:cpmi_cmd_status_code (0)
		:subject (operation-note)
		:operation (changever-vsx)
	)
)

		firewall_application Policy installation/compilation for MARSFW01: '/opt/CPmds-R82/customers/SFCDMS01/CPsuite-R82/fw1/tmp/install_policy/ead9f43d-d7dc-49c4-b2d5-c2c22fcd5cfe/FW1/conf/MARSFW01.pf', line 9345: ERROR: table <zp_dummy_interface_ip> undefined( message from member VSX-GW02_MARSFW01 )
MyCommandCB started
***Reply is : (
	:note ("		firewall_application Policy installation/compilation for MARSFW01: Error compiling IPv6 flavor.( message from member VSX-GW02_MARSFW01 )")
	:format (line)
	:vsx_status_code (0)
	:vsx_operation_result (0)
	:message_type (1)
	:AdminInfo (
		:cpmi_cmd_status_code (0)
		:subject (operation-note)
		:operation (changever-vsx)

HI,

.Yup. I'm waiting for them to reply back. 

Thanks. 

Here is what Im wondering though...did you have an issue at all pushing policy BEFORE upgrade attempt?

Not as far as I can remember. 

But I'm far away of be the only one pushing policies in this deployment. 

Thanks. 

I would ask TAC specifically about below.

firewall_application Policy installation/compilation for MARSFW01: '/opt/CPmds-R82/customers/SFCDMS01/CPsuite-R82/fw1/tmp/install_policy/ead9f43d-d7dc-49c4-b2d5-c2c22fcd5cfe/FW1/conf/MARSFW01.pf', line 9345: ERROR: table <zp_dummy_interface_ip> undefined( message from member VSX-GW02_MARSFW01 )
MyCommandCB started
***Reply is : (
	:note ("		firewall_application Policy installation/compilation for MARSFW01: Error compiling IPv6 flavor.( message from member VSX-GW02_MARSFW01 )")

I think zp is for zero physical (could only happen in VSX..)  

It may be a case where there was a VS deleted but it was not fully cleaned up on the cluster member. 

Maybe a vspurge would help.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/VSX...

That command rings a bell...might have seen someone do it back in R77.30 version.

Maybe the Zero-Phishing blade is activated, which creates a dummy interface causing the issue here.

Due to constraints, I never activated it on VSX, though so can't check if this configuration bit is present on VSX clusters.

Thats actually very good thinking, @Alex- 

It's an R81.10 gateway and Zph is R81.20 onwards only. 

It'll be a VSX specific thing where it has zero physical because of virtual interfaces or something else specific to VSX. 

The IPv6 part may be a red herring but it implies interface. 

Thats what sort of threw me off, those ipv6 errors, but as you said Don, it could be red herring.

It may be worth disabling Zero Phishing and trying again, I've had issues with this in the past, but realistically this should not cause a problem.

For sure, worth trying.

Correct, I overlooked the initial state was R81.10. To be followed with TAC then.

Excellent idea Chris, for sure.

I recall seeing something like that in older versions too. Mind you not with VSX, but could be related, for sure.