Re: Error during install policy

Tarzan · ‎2024-03-06

Hello Everyone,

Can someone please explain the following warning message?

It was observed during policy install. The mentioned object was just renamed.

Thank you in advance for the time and help! 🙂

G_W_Albrecht · ‎2024-03-06

Better contact CP TAC!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2024-03-06

On your mgmt server from expert:

cd $FWDIR/conf

cat asm_profiles.C

Look for line its complaining about

Best,

Andy

Tarzan · ‎2024-03-06

Thank you for your help! Will try it tomorrow and let you know! 🙂

the_rock · ‎2024-03-06

Also, check guidbedit for that name as well.

Best,

Andy

Zolo · ‎2024-07-05

Hello Tarzan,

Same problem here:

Gateway: EXTERNALGW
Policy: EXTERNALGW_Policy
Status: Succeeded
- Failed to load objects in asm_profiles.C:
- "asm_profiles.C", line 11204: ERROR: Cannot use <::HUCA1_32.81>: Not in Scope
--------------------------------------------------------------------------------

Do you have any update?

Thank you.

the_rock · ‎2024-07-05

Can you try what I suggested to @Tarzan back in March? Just cat that file on mgmt and see the line its complaining about and if object does exist, but not needed, see if you can find it in guidbedit and delete.

Andy

Zolo · ‎2024-07-05

Hello Andy,

Unfortunately I do not find in guidbedit.

I searched in Auditlog and the host object was configured as "Web Server" and has been deleted.

Maybe I can delete those lines (that contains te host object name) from file. What do you think?

Tal_Paz-Fridman · ‎2024-07-06

1] I would really recommend contacting Check Point TAC before editing files by yourself.

2] If you do decide to try make sure you have backup of all the files and a snapshot of the machine

3] Another option would be to use Revision Control to go back to the point were everything worked and to try the flow again.

Lesley · ‎2024-07-06

I would follow this advise. If you change stuff in your own in database it can have big impact.

-------
If you like this post please give a thumbs up(kudo)! 🙂

the_rock · ‎2024-07-06

I mean, I see what @Tal_Paz-Fridman is saying, it can be risky. Put it this way, if you do that, its really at your own risk, as I had seen cases where people try it, they make backup of the file, stuff is still broken afterwards, then you have more issues and trying original file does not help.

So, again, I would be very careful...

Andy

the_rock · ‎2024-07-06

Forgot to mention, if you want, send me policy export and maybe I can tets in my lab.

Andy

Tarzan · ‎2024-07-12

Hello Zolo,

Apologies for the delayed response. I actually didnt finish the case myself, as I was away. Right now, I cant really remember what happened. Im very sorry.

Itall · ‎2024-09-26

We registered today similar warning after unused (exited) server has been deleted from object database/policy.

Gateway: gw-test
Policy: Pol-gw-test
Status: Succeeded
- Failed to load objects in asm_profiles.C:
- "asm_profiles.C", line 11634: ERROR: Cannot use <::serverXY>: Not in Scope
--------------------------------------------------------------------------------

we performed the following

cd $FWDIR/conf

cp asm_profiles.C asm_profiles.C_ORIG

edit (vi) asm_profiles.C , delete section with problem (rule)

:rule (
:src (
:op ()
: (Any)
)
:dst (
:op ()
: serverXY
)
:services (
:op ()
: HTTP_and_HTTPS_proxy
)
:install (
:op ()
: (Any)
)
)

save asm_profiles.C

Install policy

the problem went away

Are you a member of CheckMates?

Error during install policy