Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ruan_Kotze
Advisor

R80.30 SMS cannot push policy to 1100 appliance

Hi All,

I've inherited a site that has, amongst other things, a bunch of 1100's still running R75.20 (good news is they're slated for replacement within the next two months).

My issue is that, since upgrading the SMS from R80.10 -> R80.30, I cannot push policy to the 1100's anymore.  It fails with "The policy for the selected blades cannot be installed on Gateway". 

According to the R80.30 release notes, the 1100 / R75.20 combo should be supported, and apart from sk154212 I cannot find any reference to this error.  Should also be noted that the only blades enabled on these devices is the IPSEC one.

I know I'm dealing with a very old release that's been out of support for a a couple of years, yet it "should" work?  I'd be grateful for any ideas / suggestions.

Ruan.

 

0 Kudos
8 Replies
G_W_Albrecht
Legend
Legend

Is Check Point R75.20 HFA 71 (R75.20.71) installed ? That was the latest firmware version...

0 Kudos
Ruan_Kotze
Advisor

Very good question, I will verify the actual R75.20 release as soon as I'm on-site.
0 Kudos
PhoneBoy
Admin
Admin

Have a feeling this is a bug and you should get the TAC involved.
0 Kudos
PhoneBoy
Admin
Admin

What Software Blades are active on your 1100 (specifically on the object defined in SmartConsole)?
0 Kudos
Ruan_Kotze
Advisor

Hi Dameon, just the firewall and IPSEC blades are active. Doubled-checked this after going through sk154212.
0 Kudos
Maarten_Sjouw
Champion
Champion

Is there any layers in the policy, did someone make any changes like that?
Gateways with R7x.x do not support that.
Regards, Maarten
0 Kudos
Ruan_Kotze
Advisor

No layers, in fact policies are very simple access policies. I upgraded one appliance to R77.20 and policy pushed fine after that - as you correctly pointed out if this was the issue then push would have failed again.

Ideally I would upgrade all units, but they're deployed in rural areas behind slow / high latency VSAT links, so the risk is just too high at this point.  Kind of hoping I just need to flip a bit on the SMS:-)

0 Kudos
Ruan_Kotze
Advisor

Thanks for the responses and suggestions.  We got the go-ahead from the business to upgrade all the remote units, testing shows that in every case the upgrade resolves the issue so this is the path we'll take.

0 Kudos