- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: Errors detected after upgrading to R81.10.10 (...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Errors detected after upgrading to R81.10.10 (996002845)
Hello,
I have detected several errors after upgrading CP 1530, 1550, 1535 (I have several devices in multiple locations) to the latest version R81.10.10 (996002845).
Error #1 When I try to change the excluded items in Threat Prevention and SSL Inspection (added earlier in firmware R81.10.08 (996001683) I get errors as in the screen attached to the post.
Error #2 is Unable to run SSL exclusion for MAC devices in SSL Inspection I get an error about not pressing the SAVE key. Despite performing this action. Unable to save selected Assets to bypass: macOS
Only a factory reset of version R81.10.10 (996002845) and entering the configuration by hand solved the problem. Restoring from a copy causes the same errors.
Please verify on your devices.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest to open a SR# with CP TAC !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That seems like TAC case to me as well.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I will open SR# with CP TAC.
The strange thing is that the problem is ascending on every device, not just one.
The devices come from one distributor imported at different times directly from Israel.
I would understand one case but not on every device.
It looks like an obvious error arising during an upgrade from an earlier software version.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Look like some configuration gets corrupted. So it is good if you have a backup of the non-working config...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have set up an SR# with CP TAC.
I solved the problem on only one device by restoring the factory settings and entering them from scratch by hand.
My private CP1570 is running in the configuration with errors. So I have a copy with a corrupted configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All locally managed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes all devices are managed locally.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Let us know what TAC says. I dont sadly have one myself to test, so cant say for sure why it happens, but sounds like a pretty serious issue.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I doubt that CP will be able to explain the issue. I had similar experiences with customers, where reconfiguration from scratch after reset did resolve these issues. Using the backup made the issue reoccur...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I had the same problem. Locally managed 1550W.
After upgrading from R81.10.08 to R81.10.10. It was not possible to delete or edit SSL inspection exception rules. It was only possible to create new rules.
Solution:
Do not import backups but create everything anew. If there are only a few rules and objects, this can be solved by completely manually creating new rules and objects.
If there are many objects and rules, I recommend to create a request to TAC.
In my case, problem solved by creating a TAC request. TAC created a new build and everything is now trouble free.
I expect there will be more of these cases.
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just curious, was it a custom build they gave you?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, R81.10.10 (996002870)
David
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you make it available?
Maybe she will solve my problems without the need to restore factory settings and enter all by hand.
I myself am waiting for TAC's answer, they already have it assigned and have received the necessary information from me. It remains to wait.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I understand, but I am not authorized to share this firmware.
I would recommend to urge TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @luk89as , just my personal suggestion. If this is urgent, which it sounds like it would be, just call TAC number, update the case with this thread and tell them you need that image build as soon as possible, so they can provide it.
Best,
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I can add another one to this issue. Its not a super critical box but I cannot edit policy at all, I get the "invalid text" message with any change to policy. I'll watch for a new build for a while.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Invalid text if you try make any change or just add a comment?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
any change to the current locally managed policy rules results in the error. New rules add successfully. I have nothing in the comments for any of my existing rules.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I can confirm, I had the same problem with editing rule comments, among other things. I recommend you to make a request to TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint technical support provided me with the firmware: R81.10.10 (996002878).
After the update, the problem disappeared and I can edit the TP and SSL exclusion tables without errors.
However, the error of not being able to save the configuration after selecting the "Assets to bypass: macOS" option in SSL exclusions has not been resolved.
I hope they will solve it in the next firmware version.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
We are planning to fix the macOS issue in our next release.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content