Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sasac
Explorer

sk100610-Error has occurred while applying the Firewall settings (error 00351)

I am trying to SNMP poll a checkpoint 600 from a LibreNMS (connected to local LAN of the applicance) and even with the firewall policy switched off the firewall log reports the SNMP traffic is "Blocked on rule 0 Outgoing policy violation".

Any changes to the appliance cause a system Notification pop-up with  "Error has occurred while applying the Network Objects settings (error 00362). If the problem persists, contact Check Point Technical Assistance Center"

The Check Point 600 appliance (L50) is running factory default firmware version: R75.20.40 (983003847), with firewall blade license expiration=Never.

It is EOL hardware, and it is not under any maintenance agreement, and there is no plan to put it under support as it was planned to be donated to a volunteer organisation to replace their even older 500 appliance......if it would actually work normally.

The assumption is the blocking issue and the cause of the pop-up is linked and the solutions would be explained by sk100610, but without support I don't have access to the document.

Any suggestions?

 

0 Kudos
30 Replies
PhoneBoy
Admin
Admin

I can't copy/paste the solution here.
That said, it doesn't seem like this particular solution should require a support agreement to see.

What I can say is that the error appears to be caused by the same name being used in multiple places in your configuration.
Once you resolve that issue, the error should go away.

Note the most current firmware for the 600 appliance is actually R77.20.80, which you would need a support agreement to obtain.
0 Kudos
sasac
Explorer

I couldnt figure out where the duplication in the configuration was, so I accessed the Embedded Boot Menu, and restored device to factory defaults.

Whilst it did resolve the issue, it also reverted the licences to 30 day evaluation.

When it had a support agreement I could re-activate it but alas it is not commercially viable to do that again for this device, of for the people I am giving it to.

I have access to another 600 device, (also now redundant and out of support contract), that is running firmware R77.20.80 but with firewall; Identity Awareness; IPSec and advanced networking blades set to expiration:Never.

I understand the licenses for these blades are perpetually licensed when the hardware is purchased.

As the normal activation route is not possible because it is not under support, is there a way to clone the licence from one to the other, or indeed just clone the NAND memory blocks from one to the other?

 

 

0 Kudos
PhoneBoy
Admin
Admin

Cloning the license is not possible as the license is tied to the hardware.
Possible Account Services may be able to help here but if you’re not the original purchaser of said device, you may be out of luck.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

A backup (needs the identical firmware version!) also contains the active license - usually, the hardware bound license will be updated after connection to userCenter, but here it should prevail 😎.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Antimatt3r
Participant

I have the same error, can you please be more specific about the solution. What exactly do you mean by "same name being used in multiple places in your configuration", same name of what?

0 Kudos
MartinTzvetanov
Advisor

For an object I believe. I have the same situation - when set the Firewall blade to strict and put a rule for Remote Access it pops up the error, setting the Firewall to a lower level of restriction, the rules for VPN are installed automatically and no error is shown. It's a new deployment with 3 IP objects and few Network objects...
0 Kudos
Thomas_Fischer
Explorer

Appliance 1550

Software r80.20.05

Thomas_Fischer_0-1588953095185.png

 

Always the same Problems

MiloJawo
Contributor
Contributor

Appliance 1590W

Software r80.20.05

Same error any slolution please ?

error-1.PNG

0 Kudos
Antimatt3r
Participant

Not very helpful, but the "solution" for me was the replacement of the entire Firewall lol. 

It was in warranty and Checkpoint said it was a memory problem or something like that, at least based on what my re-seller said after talking to them...

To be honest, I'm still not entirely convinced that it was a hardware problem, but yeah...

Still curious about the exact cause though, because my new replacement Firewall had the same exact error on a couple of occasions, but thankfully it went away after a regular reboot.

0 Kudos
Alexey_Dagil
Participant

Hi guys! Tech support gave me a solution. You need to reinstall the system from USB to version 80.20.10 (1433). For me, this was not a problem, because the device was "only out of the box". If you have any settings, make backups.

0 Kudos
kaanyenilmez
Participant

Dear All,

We had the same issue with 1570 appliance. We solved it by reinitializing internal certificates.

0 Kudos
SriniKrish
Collaborator

unfortunately even that failed for me. " Failed to initialize cert"

0 Kudos
PhoneBoy
Admin
Admin

What precise device is having this issue?
Because that issue is consistent with older versions of R77.20.x (and earlier versions) firmware, described here: https://community.checkpoint.com/t5/SMB-Gateways-Spark/error-after-reset-L-50WD/m-p/61683#M2363 

0 Kudos
SriniKrish
Collaborator

Its with a 1530 appliance running R80.20.40. I did raise a case with support and have recommended me to move to R81.10.

I will see how I go !

0 Kudos
SriniKrish
Collaborator

The upgrade to R81.10 made no difference and it still throws the same 00351 Error.

0 Kudos
Amir_Ayalon
Employee
Employee

Hi

351 is usually related to an object or duplicate object that result in a rulebase problem.

please open an SR and ask to open a Task.

we will look into it.

 

thanks

 

0 Kudos
SriniKrish
Collaborator

Hi Amir,

I did raise one and was told to upgrade the firmware but made no difference to the error.

Case reference below.

6-0003322725

best regards

Srini

0 Kudos
Amir_Ayalon
Employee
Employee

i asked the support Eng to open an R&D Task.

we will look into it.

0 Kudos
serch-jhai
Explorer

como lo solucionaste siempre ? tengo el mismo codigo de error. Help!!

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Not easy, but our customer solved it by first solution with:

- take notes / screenshots for all settings configured

- either use a fresh appliance, same model, configure from source above, take a backup and restore it to the SMB showing the issue, or Restore factory default settings and configure from source above

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
henfii
Participant

Hello, I have same problem with 1550 Appliance, 

Every change I make causes this error message. Can I somehow solve this situation remotely since I don't have physical access to the firewall? the problem is on versions R80.20.40 as well as on the updated R81.10.00, re-initializing the certificate gives me the message Failed to initialize cert



ckp.png

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Better involve CP TAC !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Amir_Ayalon
Employee
Employee

Hi

There was an SR with support (not a Task) but support say Partner instructed engineer to close the case.

Please reopen and Ask for a Task, and we will look into it, (i asked Support Eng. as well)

0 Kudos
serch-jhai
Explorer

como solucionaste siempre tu error (00362) ?

0 Kudos
_Val_
Admin
Admin

@serch-jhai please be advised, English is the language of this board. Questions in Spanish can be asked here: https://community.checkpoint.com/t5/Espa%C3%B1ol/bd-p/spanish


0 Kudos
_Val_
Admin
Admin

@serch-jhai Please look into sk175503

0 Kudos
chen_jingwen
Explorer

I solved the problem by deleting one of the expired certificates called in sslvpn

0 Kudos
DorianGrey
Explorer

Dear Chen, can you please advise how you managed to delete the expired certificate called in sslvpn?
I am facing the same issue with two 1570 appliances and I am stuck..!

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You better open an SR# with CP or try one of the workarounds i wrote about:

- take notes / screenshots for all settings configured

- either use a fresh appliance, same model, configure from source above, take a backup and restore it to the SMB showing the issue, or Restore factory default settings and freshly configure it from source above

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events