This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Aymen_Gasmi
Participant
‎2018-06-14 04:04 AM

Policy installation failed after upgrade from R75.40 to R80.10

Hi mates,

I upgraded the checkpoint SMS of my customer (VM) from R75.40 to R80.10 with the advanced upgrade ( exporting and importing the DB).

On the New VM, the SIC is okay with all the Gateways but when I try to install the policy from the new SMS with the version R80.10 I am encoutering lot of errors,

Please take a look on the file attached, there are the errors of the policy installation,

May some one had this problem?

But when I checked the result of ./pre_upgrade_verifier -p $FWDIR -c R75.40 -t R80.10 on the source i get that:

Action items before upgrade:
================================


Warnings: It is recommended to resolve the following problems.
==============================================================


Title: Legacy Default Profiles are not supported
-----
* Description: The Database has Legacy Default Profiles.

They will be deleted:
Read_Only,
Read-Write


==============================================================
Action items after upgrade, before first installation:
==============================================================


Warnings: It is recommended to resolve the following problems.
==============================================================


Title: OPSEC was modified in R80.
-----
* Description: The Database includes one or more OPSEC applications.

Please check your OPSEC vendor documentation for the following applications:

OPSEC_QRadar

Thank you for the help,

Aymen,

errors.log.zip
5 Replies
Timothy_Hall
Champion
Champion
‎2018-06-14 05:17 AM

If you are encountering rule hiding errors during policy installation after the management upgrade to R80.10, that is not completely unexpected.  The policy verification code was tightened up significantly in R80+ management, and policies that passed verification in R77.30 and earlier may not necessarily pass under R80+ management.  Just a matter of going through your policy layers and resolving the conflicts like usual...

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin
‎2018-06-14 05:32 AM

None of these errors in the pre_upgrade_verifier are related to your policy installation errors.

It would be helpful if you posted the actual errors you get during policy installation.

Like Tim Hall‌ said, the policy verification code has been tightened up in R80.10.

0 Kudos
Aymen_Gasmi
Participant
‎2018-06-14 07:32 AM

There is no errors  on the policy installation within the old SMS R75.40

I get those errors only on the R80.10  please see file attached and I still have the same error when I try to install the policy)

Here is the scrrenshot of the error

0 Kudos
Timothy_Hall
Champion
Champion
‎2018-06-14 08:18 AM
In response to Aymen_Gasmi

Force an update of your IPS signatures from the R80.10 SmartConsole.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
Aymen_Gasmi
Participant
‎2018-08-16 08:54 AM
In response to Timothy_Hall

Thank you Hall, that was a IPS signature  problem, after an update, the problem was solved.