This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nflnetwork29
Advisor
‎2020-06-18 12:10 PM

install policy FAILED help!

I have the most unhelpful error message of all time - can anyone help me ?

 

I'm trying to push access policy . everything was working last time i checked which was a few days ago. now this.

 

If the problem persists contact Check Point support (Error code: 0-2000173-0)

 

MDS is running 80.40

 

gateway is running 80.20

0 Kudos
6 Replies
Maarten_Sjouw
Champion
Champion
‎2020-06-18 03:31 PM

What is the rest of the message? The text 'If the problem persists' also implicates there is more information above this message.
Regards, Maarten
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2020-06-19 08:39 AM

Almost certainly a policy commit failure on the gateway, which provides practically zero information about the failure back to the SMS/SmartConsole.  Usually this is due to a memory shortage on an overloaded gateway and sometimes a reboot will fix it.  In other cases it is an error in the compiled policy that the SMS did not catch, see here for further reading:

sk33893: 'Installation failed. Reason: Load on Module failed - failed to load security policy' error...

sk101875: Policy installation fails with "Load on module failed - no memory" error

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
nflnetwork29
Advisor
‎2020-06-22 08:55 AM
In response to Timothy_Hall

Still having same issue

Here is the error i get when i try and fetch the policy from the gateway side of things.

[Expert@FW01]# fw fetch
Fetching Security Policy from '#.#.#.#'

Fetching Security Policy Succeeded.

Installing Security Policy...

Error loading policy.

Error: Failed to run policy installation wrapper.
sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1
Unable to install the Security Policy on the appliance
0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2020-06-22 10:09 AM
In response to nflnetwork29

Hi 

I suggest opened a ticket with TAC but in the meantime:

Is the Security Gateway a Small Office Appliance?

Can you run the following command and send me the output:

fw -d fetchlocal -d /opt/CPsuite-R81/fw1/state/__tmp/FW1/

 

Thanks

Tal

tfridman@checkpoint.com

0 Kudos
nflnetwork29
Advisor
‎2020-06-22 11:54 AM
In response to Tal_Paz-Fridman

sent, thanks ,

 

on a better note i was able to push access control policy if i un-selected the "application control" & "url filtering" blades

 

as soon as i check them back off and try to push policy it fails again. 

 

 

 

0 Kudos
VAstakhov
Explorer
‎2024-02-06 03:42 AM

Hello all.

Faced the same problem.> From the SMS  SmartConsole "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000173-0)". From the SMB 1570  "Last policy installation failed: Error reading IPS signatures." on "Fetch policy" button. 

There are 0 cases on this problem in the community and knowledge base. My solution to the problem:
1. On SMB Gateway put command /ips off ;
2. On SMB Gateway put command /reboot ;
3. On SMB Gateway put command /cpstop;cpstart
4. On SMS  Smartconsole disable IPS on object SMB Gateway ;
5. On SMS put command form ssh /reboot
6. On SMS  Smartconsole enable IPS on object SMB Gateway ;
7. Push policy from SMS SmartConsole to SMB Gateway. Installed successfully👨‍🔧

This helped me.
 
My config:
SMS R 81. 
SMB R 80.20.35

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events