Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

install policy FAILED help!

I have the most unhelpful error message of all time - can anyone help me ?

 

I'm trying to push access policy . everything was working last time i checked which was a few days ago. now this.

 

If the problem persists contact Check Point support (Error code: 0-2000173-0)

 

MDS is running 80.40

 

gateway is running 80.20

0 Kudos
6 Replies
Maarten_Sjouw
Champion
Champion

What is the rest of the message? The text 'If the problem persists' also implicates there is more information above this message.
Regards, Maarten
0 Kudos
Timothy_Hall
Champion
Champion

Almost certainly a policy commit failure on the gateway, which provides practically zero information about the failure back to the SMS/SmartConsole.  Usually this is due to a memory shortage on an overloaded gateway and sometimes a reboot will fix it.  In other cases it is an error in the compiled policy that the SMS did not catch, see here for further reading:

sk33893: 'Installation failed. Reason: Load on Module failed - failed to load security policy' error...

sk101875: Policy installation fails with "Load on module failed - no memory" error

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
nflnetwork29
Advisor

Still having same issue

Here is the error i get when i try and fetch the policy from the gateway side of things.

[Expert@FW01]# fw fetch
Fetching Security Policy from '#.#.#.#'

Fetching Security Policy Succeeded.

Installing Security Policy...

Error loading policy.

Error: Failed to run policy installation wrapper.
sfw_fetch_callback: Failed to execute command '"/opt/fw1/bin/fw" fetchlocal -d "/opt/fw1/state/__tmp/FW1"'. rc=1, exit code =-1
Unable to install the Security Policy on the appliance
0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi 

I suggest opened a ticket with TAC but in the meantime:

Is the Security Gateway a Small Office Appliance?

Can you run the following command and send me the output:

fw -d fetchlocal -d /opt/CPsuite-R81/fw1/state/__tmp/FW1/

 

Thanks

Tal

tfridman@checkpoint.com

0 Kudos
nflnetwork29
Advisor

sent, thanks ,

 

on a better note i was able to push access control policy if i un-selected the "application control" & "url filtering" blades

 

as soon as i check them back off and try to push policy it fails again. 

 

 

 

0 Kudos
VAstakhov
Explorer

Hello all.

Faced the same problem.> From the SMS  SmartConsole "Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-2000173-0)". From the SMB 1570  "Last policy installation failed: Error reading IPS signatures." on "Fetch policy" button. 

There are 0 cases on this problem in the community and knowledge base. My solution to the problem:
1. On SMB Gateway put command /ips off ;
2. On SMB Gateway put command /reboot ;
3. On SMB Gateway put command /cpstop;cpstart
4. On SMS  Smartconsole disable IPS on object SMB Gateway ;
5. On SMS put command form ssh /reboot
6. On SMS  Smartconsole enable IPS on object SMB Gateway ;
7. Push policy from SMS SmartConsole to SMB Gateway. Installed successfully👨‍🔧

This helped me.
 
My config:
SMS R 81. 
SMB R 80.20.35

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events