Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Duminda_SAT
Contributor

Policy Installation fail on gateway Error 1-2000012

Jump to solution

Hi Need Urgent Advice for this, Policy Installation fail and we can have below output 

 

[Expert@FW02:0]# dynamic_objects -l

File is empty

 

any one have any idea. 

 

* Which level create this object DB, Example : SIC Initiation etc. *

can we recreate this DB without install policy?

 

 

Thank you,

Duminda Lakmal

0 Kudos
1 Solution

Accepted Solutions
Tal_Paz-Fridman
Employee
Employee

Hi

1| Have you also checked sk154435 - 

"Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: X-XXXXXXX)" error during policy installation

 

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

 

2| What is the output in $FWDIR/log/install_policy.elg for this specific flow?

 

 

View solution in original post

6 Replies
the_rock
Champion
Champion
0 Kudos
Duminda_SAT
Contributor

I Tried, But Failed. no luck. 

0 Kudos
PhoneBoy
Admin
Admin

Initially creating dynamic objects requires an install policy, as I recall.
Updating said objects does not require a policy install.

Tal_Paz-Fridman
Employee
Employee

Hi

1| Have you also checked sk154435 - 

"Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: X-XXXXXXX)" error during policy installation

 

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve...

 

2| What is the output in $FWDIR/log/install_policy.elg for this specific flow?

 

 

the_rock
Champion
Champion

I think what @Tal_Paz-Fridman said makes total sense. Maybe check that file and see what you get...have you confirmed if SIC state is good and if fw fetch works at all? You can also attempt to push policy using mgmt_cli as well, but Im afraid result would be the same.

https://sc1.checkpoint.com/documents/latest/APIs/#cli/install-policy~v1.8%20

0 Kudos
Duminda_SAT
Contributor

Hi Team,

 

I Really Appreciate Given Advice on This Critical Senario.  According to Sk154435 and TAC Team Help us to resolve this issue. 

  1. Stop CPD process with the command:

    # cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

  2. Stop FWD process with the command:

    # cpwd_admin stop -name FWD -path "$FWDIR/bin/fw" -command "fw kill fwd"

  3. On the Gaeway environment remove the Online Services directory using the following command:

    # rm -rf $CPDIR/database/downloads/ONLINE_SERVICES/

  4. Start CPD process: # cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

  5. Start FWD process: # cpwd_admin start -name FWD -path "$FWDIR/bin/fwd" -command "fwd"

  6. Install the Security policy.

Above mentioned Resolution not Succeed then we have re-initiate the SIC & stop all firewall service and logged through console and run

# rm -rf $CPDIR/database/downloads/ONLINE_SERVICES/

 

Issue Resolved, also I have notified this issue came with Dynamic Country Object, once  removed from rule base 1-2000012 issue fixed. 

0 Kudos