Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
luk89as
Participant
Jump to solution

Errors detected after upgrading to R81.10.10 (996002845)

Hello,

I have detected several errors after upgrading CP 1530, 1550, 1535 (I have several devices in multiple locations) to the latest version R81.10.10 (996002845).

Error #1 When I try to change the excluded items in Threat Prevention and SSL Inspection (added earlier in firmware R81.10.08 (996001683) I get errors as in the screen attached to the post.

Error #2 is Unable to run SSL exclusion for MAC devices in SSL Inspection I get an error about not pressing the SAVE key. Despite performing this action. Unable to save selected Assets to bypass: macOS

Only a factory reset of version R81.10.10 (996002845) and entering the configuration by hand solved the problem. Restoring from a copy causes the same errors.

Please verify on your devices.

0 Kudos
1 Solution

Accepted Solutions
Dafna
Employee
Employee

The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.

View solution in original post

23 Replies
G_W_Albrecht
Legend Legend
Legend

I would suggest to open a SR# with CP TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
the_rock
Legend
Legend

That seems like TAC case to me as well.

Andy

0 Kudos
luk89as
Participant

I will open SR# with CP TAC.

The strange thing is that the problem is ascending on every device, not just one.

The devices come from one distributor imported at different times directly from Israel.

I would understand one case but not on every device.

It looks like an obvious error arising during an upgrade from an earlier software version.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Look like some configuration gets corrupted. So it is good if you have a backup of the non-working config...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
luk89as
Participant

I have set up an SR# with CP TAC.

I solved the problem on only one device by restoring the factory settings and entering them from scratch by hand.

My private CP1570 is running in the configuration with errors. So I have a copy with a corrupted configuration.

0 Kudos
the_rock
Legend
Legend

All locally managed?

0 Kudos
luk89as
Participant

Yes all devices are managed locally.

0 Kudos
the_rock
Legend
Legend

Let us know what TAC says. I dont sadly have one myself to test, so cant say for sure why it happens, but sounds like a pretty serious issue.

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I doubt that CP will be able to explain the issue. I had similar experiences with customers, where reconfiguration from scratch after reset did resolve these issues. Using the backup made the issue reoccur...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
David_Zak
Participant
Participant

Hi,

I had the same problem. Locally managed 1550W.
After upgrading from R81.10.08 to R81.10.10. It was not possible to delete or edit SSL inspection exception rules. It was only possible to create new rules.

Solution:
Do not import backups but create everything anew. If there are only a few rules and objects, this can be solved by completely manually creating new rules and objects.

If there are many objects and rules, I recommend to create a request to TAC.

In my case, problem solved by creating a TAC request. TAC created a new build and everything is now trouble free.
I expect there will be more of these cases.

David

the_rock
Legend
Legend

Just curious, was it a custom build they gave you?

Andy

0 Kudos
David_Zak
Participant
Participant

Yes, R81.10.10 (996002870)

David

luk89as
Participant

Can you make it available?

Maybe she will solve my problems without the need to restore factory settings and enter all by hand.

I myself am waiting for TAC's answer, they already have it assigned and have received the necessary information from me. It remains to wait.

0 Kudos
David_Zak
Participant
Participant

I understand, but I am not authorized to share this firmware.
I would recommend to urge TAC.

(1)
the_rock
Legend
Legend

Hey @luk89as , just my personal suggestion. If this is urgent, which it sounds like it would be, just call TAC number, update the case with this thread and tell them you need that image build as soon as possible, so they can provide it.

Best,

Andy

David_Evans
Contributor

I can add another one to this issue.   Its not a super critical box but I cannot edit policy at all, I get the "invalid text" message with any change to policy.   I'll watch for a new build for a while. 

0 Kudos
the_rock
Legend
Legend

Invalid text if you try make any change or just add a comment?

0 Kudos
David_Evans
Contributor

any change to the current locally managed policy rules results in the error.     New rules add successfully.    I have nothing in the comments for any of my existing rules.

0 Kudos
David_Zak
Participant
Participant

Yes, I can confirm, I had the same problem with editing rule comments, among other things. I recommend you to make a request to TAC.

0 Kudos
Dafna
Employee
Employee

The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.

luk89as
Participant

Checkpoint technical support provided me with the firmware: R81.10.10 (996002878).

After the update, the problem disappeared and I can edit the TP and SSL exclusion tables without errors.

However, the error of not being able to save the configuration after selecting the "Assets to bypass: macOS" option in SSL exclusions has not been resolved.

I hope they will solve it in the next firmware version.

Zachi_Schnieder
Employee
Employee

Hi,

We are planning to fix the macOS issue in our next release.

Thanks,

Chris_Atkinson
Employee Employee
Employee

For awareness the current R81.10.10 build available from sk181080 is now: 996002906

For information regarding the fixes in this build please see: sk181134 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events