cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Problem to install policy

Jump to solution

Hi

I am trying to install a policy on my 1430/1450 GW with Smart Console. When i try to install the policy for gateway VPNbox1 I get the following error message:

Gateway: VPNbox1
Policy: Policy_VPNBox1
Status: Failed
    - Compatibility package is not properly installed or configured.
--------------------------------------------------------------------------------

The Gateways are according to the picture bellow:

On my 1430/1450 unit I get an error when I try to fetch the policy.

Is it possible that theses two errors is related?

I have created a policy so the DCP traffic allowed in the gw-833ff3.

In the fw monitor i get traffic between the eth interfaces on i,I,o and O

gw-833ff3> fw monitor -e "host(XXX.XXX.XXX.XXX), accept;"
 monitor: getting filter (from command line)
 monitor: compiling
monitorfilter:
Compiled OK.
 monitor: loading
 monitor: monitoring (control-C to stop)
[vs_0][fw_1] eth5:i[60]: XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX (TCP) len=60 id=16128
TCP: 50078 -> 18191 .S.... seq=bb411dba ack=00000000
[vs_0][fw_1] eth5:I[60]: XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX (TCP) len=60 id=16128
TCP: 50078 -> 18191 .S.... seq=bb411dba ack=00000000
[vs_0][fw_1] eth5:o[60]: XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX (TCP) len=60 id=0
TCP: 18191 -> 50078 .S..A. seq=d491f51f ack=bb411dbb
[vs_0][fw_1] eth5:O[60]: XXX.XXX.XXX.XXX -> XXX.XXX.XXX.XXX (TCP) len=60 id=0

And alot more packages that i are not including

1 Solution

Accepted Solutions
Admin
Admin

Re: Problem to install policy

Jump to solution

They are very much related.

SMB gateways require a different policy compilation process than a regular appliance.

This is provided through means of a compatibility package.

Because the system is not finding the correct compatibility package, no policy can be compiled for the gateway.

When the gateway tries to fetch said policy, it fails because none could be successfully compiled.

What's puzzling to me is why this isn't already installed as it should be by default.

You can verify it is installed by running the command from expert mode: rpm -q CPSFWR77CMP-R80

If this returns "package is not installed" then the package did not get installed. 

While you may be able to mount an installation CD/ISO, find the RPM, and install it using rpm -i, I suspect you'd be better off doing a fresh install on your 3000 series appliance.

5 Replies
Admin
Admin

Re: Problem to install policy

Jump to solution

They are very much related.

SMB gateways require a different policy compilation process than a regular appliance.

This is provided through means of a compatibility package.

Because the system is not finding the correct compatibility package, no policy can be compiled for the gateway.

When the gateway tries to fetch said policy, it fails because none could be successfully compiled.

What's puzzling to me is why this isn't already installed as it should be by default.

You can verify it is installed by running the command from expert mode: rpm -q CPSFWR77CMP-R80

If this returns "package is not installed" then the package did not get installed. 

While you may be able to mount an installation CD/ISO, find the RPM, and install it using rpm -i, I suspect you'd be better off doing a fresh install on your 3000 series appliance.

Re: Problem to install policy

Jump to solution

Agreed! Something isn't right with your SMS. I never needed to install anything else for R80.10 to work with the 1400 appliances. Are you running the latest version R77.20.70 on them?

0 Kudos

Re: Problem to install policy

Jump to solution

I did not have CPSFWR77CMP-R80 installed on my system. After installed this on my server it is working as expected.

Re: Problem to install policy

Jump to solution

Please make sure that you have a Check Point Support Request for it. We would like to have our future versions more clear when policy installations fail, and I agree with you that this message isn't very clear.

Re: Problem to install policy

Jump to solution

One of our customers just had the same issue today - after inline CPUSE upgrade of SMS from R77.30 to R80.20 (including R80 Upgrade Verification and Environment Simulation), policy install on SMB devices show the error: compatibility package is not properly installed. Strange that this rpm is not installed...

And the real bad thing is that this error is only found in sk37720 and this sk speaks of SPLAT only, but not of CPSFRW77CMP-R80.(20 ) .

0 Kudos