cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

I am unable to install policy on my firewall with getting error

Getting the following errors:

Layer 'Network': Regardless of state synchronization, Cluster must have a trusted (secured) network defined for normal clustering operations - Policy verification failed. -

Layer 'Internet Access for Servers': Rule 1 will not be enforced properly, because of deprecated application(s) : YouTube Downloader , WebEx WebOffice , WebEx Connect IM -

Layer 'Internet Access for Servers': Rule 1 : Source and Destination are ANY, with Services & Applications set to specific applications. Best Practice: set Destination to Internet.

0 Kudos
2 Replies

Re: I am unable to install policy on my firewall with getting error

First message indicates you have some cluster without sync interface. This can be any cluster in your configuration and has nothing to do with the cluster/gateway you’re trying to install policy on.


0 Kudos
Admin
Admin

Re: I am unable to install policy on my firewall with getting error

I edited the title and content of your post to make it a little easier to read/understand.

Let's take the error messages you've highlighted:

  • Cluster must have a trusted (secured) network defined for normal clustering operations
  • Rule 1 will not be enforced properly, because of deprecated application(s)
    • This will not cause policy installation to fail, but is something you should probably address, specifically by removing these application definitions from your policy.
    • In R80.x, some Application Control categories were deprecated. See: Deprecated Categories in Application Control 
    • From time to time, we add/remove application definitions from the product. It is highly recommended you subscribe to the AppWiki Mailing List so you are informed of these changes.
  • Source and Destination are ANY, with Services & Applications set to specific applications.
    • This message will not cause policy installation to fail, but informs you that some of the application definitions in your rule will only make sense for traffic going toward the Internet.
    • Depending on the exact content of Rule 1 (in your example), it might be wise to split this into two or more rules. If you can provide a screenshot of this rule, more specific advice can be provided.