This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ruan_Kotze
Advisor
‎2020-03-10 06:24 AM

R80.30 SMS cannot push policy to 1100 appliance

Hi All,

I've inherited a site that has, amongst other things, a bunch of 1100's still running R75.20 (good news is they're slated for replacement within the next two months).

My issue is that, since upgrading the SMS from R80.10 -> R80.30, I cannot push policy to the 1100's anymore.  It fails with "The policy for the selected blades cannot be installed on Gateway". 

According to the R80.30 release notes, the 1100 / R75.20 combo should be supported, and apart from sk154212 I cannot find any reference to this error.  Should also be noted that the only blades enabled on these devices is the IPSEC one.

I know I'm dealing with a very old release that's been out of support for a a couple of years, yet it "should" work?  I'd be grateful for any ideas / suggestions.

Ruan.

 

0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-03-10 06:52 AM

Is Check Point R75.20 HFA 71 (R75.20.71) installed ? That was the latest firmware version...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Ruan_Kotze
Advisor
‎2020-03-11 01:52 AM
In response to G_W_Albrecht

Very good question, I will verify the actual R75.20 release as soon as I'm on-site.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-11 07:22 AM
In response to Ruan_Kotze

Have a feeling this is a bug and you should get the TAC involved.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-10 07:00 AM

What Software Blades are active on your 1100 (specifically on the object defined in SmartConsole)?
0 Kudos
Ruan_Kotze
Advisor
‎2020-03-11 01:53 AM
In response to PhoneBoy

Hi Dameon, just the firewall and IPSEC blades are active. Doubled-checked this after going through sk154212.
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-10 08:19 AM

Is there any layers in the policy, did someone make any changes like that?
Gateways with R7x.x do not support that.
Regards, Maarten
0 Kudos
Ruan_Kotze
Advisor
‎2020-03-11 01:56 AM
In response to Maarten_Sjouw

No layers, in fact policies are very simple access policies. I upgraded one appliance to R77.20 and policy pushed fine after that - as you correctly pointed out if this was the issue then push would have failed again.

Ideally I would upgrade all units, but they're deployed in rural areas behind slow / high latency VSAT links, so the risk is just too high at this point.  Kind of hoping I just need to flip a bit on the SMS:-)

0 Kudos
Ruan_Kotze
Advisor
‎2020-03-12 05:25 AM
In response to Ruan_Kotze

Thanks for the responses and suggestions.  We got the go-ahead from the business to upgrade all the remote units, testing shows that in every case the upgrade resolves the issue so this is the path we'll take.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events