The sk115874 is not available for us. As the issue started only recently, it can either be the effect of a firmware upgrade (e.g. R77.20.52 --> R77.20.75) or of changes to the central management.

Most common reason for this issue was that the SMS is NATed behind the Main GW - see e.g. sk66381 and sk90361. Another issue was with low disk space when using self-configured IPS profiles. But i would look into sk90361 and sk105217 first!

none of them apply.

this firewalls haven't been updated, just the management.

it happens for older firewalls with DAIP and new install firewall with DAIP, they all get the same error.

[Expert@name]# fw fetch ***.***.***.***
Fetching Security Policy from ***.***.***.***

Management rejected fetch for this module - version matching problem.
Security Policy Fetch Failed.
Unable to fetch the Security Policy from the Management Server

on the masters file the IP is also set but still nothing.

tried to replace the fw_loader and still the same issue.

Hello guys,  I have solved by changing the version on the gateway object from R77.20 to R75.20, installed the policies via SmartConsole. Changed the version from R75.20 to R77.20 again and installed the policies via SmartConsole. At this point the fetch was successful.

hi all

managed to solved this problem.

looks like in one of the patches they modified the binary file fw_loader.

checkpoint provided another binary and since then i had no further problems.

Regards 

Hello, we had the same problem after upgrading from take 56 to take 103. We solved the problem with installing the ongoing take 112 on the management node.

Hi,

we have similar problems here.

Last week we upgraded our management server from 77.x to 80.10 Take 154

Since then we have problems with installing policies on our 1120er Check Points (one cluster R77.20.80 and the other R77.20.75).

Before the upgrade we had absolutely no problems!

We have some branch locations with different internet access.

Business connect with VPN connection

MPLS with at least 10 mbit synchronous internet

MPLS locations has 1120er cluster.

When I am installing a policy the CPU load is on both about 100%.

Normal on that devices and that was also before.

But now the policy won't install.

I get: Gateway: CHP1120
Policy: Policy Name
Status: Failed
    - Installation failed. Reason: IP = "IP address" is not available right now
--------------------------------------------------------------------------------
Checkpoint has heavy load and the website isn't working well.

But the checkpoint is available all the time (ICMP test)

When I am rebooting the machine the policy will be fetched during the reboot.

When I am fetching the policy on the website the checkpoint is rebooting.

Really annoying.

This isn't working:

Policy installation on Centrally Managed 1100 appliance fails with "Installation failed. Reason: IP ... 

Has anyone an advice?

Thanks

Okay an update ...

Disabled IPS on the cluster and the installation succeeded..

Will try that with the other checkpoints tomorrow...

Maybe the small checkpoints are too slow for IPS now?

Edit: Ok, was curious about that and disabled IPS on the second cluster and voila it's working without any problems now ...

So IPS is a way to heavy for the little ones. Good to know.