This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2025-04-04 08:11 AM

Policy installation failed on gateway. (Error code: 0-1-2000229)

I was setting up a lab with vsnext/elasticxl with R82 and sort of got things working but I noticed i lost connectivity to GAIA.

Somehow the policy with explicit access was not matched. So I want to fix that with a more explict rule.

But on policy install I now hit this dreaded error:

Gateway: fw01-0
Policy: Standard
Status: Failed
- Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 0-1-2000229).
--------------------------------------------------------------------------------

 

Not sur if it is part of a design issue or just me breaking new stuff.

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
6 Replies
the_rock
MVP Gold
MVP Gold
‎2025-04-04 08:43 AM

Could not find anything on support site about it, but below is what came from AI Copilot.

Andy

The error code 0-1-2000229 during policy installation typically indicates an issue with the policy installation process on the gateway. Here are some steps you can take to troubleshoot and resolve this issue:

  1. Check the Policy Installation Logs:

    • Connect to the command line on the Security Gateway.
    • Review the$FWDIR/log/install_policy_report.txtfile for any specific error messages or indications of what might be causing the failure.

  2. Verify Object Configuration:

    • Ensure that all objects referenced in the policy are correctly configured and do not contain any invalid or missing information.
    • Check for any objects with invalid IP addresses or other configuration errors.

  3. Dynamic Objects:

    • If you are using dynamic objects, run thedynamic_objects -lcommand on the Security Gateway to ensure there are no empty or incorrectly configured dynamic objects.

  4. Custom Scripts:

    • If you are using custom scripts to collect and translate URLs to IP addresses, verify that these scripts are functioning correctly and not introducing any invalid data into the dynamic objects list.

  5. Corrupted Files:

    • Sometimes, policy installation issues can be caused by corrupted files on the Security Gateway. You can try to fetch the policy again using the command: 
      fw fetch <IP Address of Management Server>
    • If fetching the policy fails, you may need to investigate further for any corrupted files or configurations.

  6. Contact Check Point Support:

    • If the problem persists after performing the above steps, it is recommended to contact Check Point Support for further assistance. Provide them with the error code and any relevant log files to help diagnose the issue.

For more detailed troubleshooting steps, you can refer to the Check Point Support Knowledge Base or open a support ticket at Check Point Support Center.

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-04-05 02:52 AM

Is it related to a specific rule you created (explicit rule)?

Can you give additional details so that I can try reproducing it internally?

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2025-04-05 03:02 AM
In response to Tal_Paz-Fridman

I did a fresh install of R82.

Configured it as ElasticXL + vsnext machine in FTW.

eth0 is management, eth1 is sync, eth2 is shared between VS0 and VS2, eth3 is for VS0, eth4 is for VS2.

Initial setup is 192.168.2.21 for SmartCenter, 192.168.2.211 for VS0 and 192.168.2.212 for VS2.

The blooper I made was use NONE instead of ANY in the added rule on top to allow net 192.168.2.0/24 acess to all Check Point machines.

So I shut myself out for anything but the console of the machine. When I noticed the mistake and tried to correct the rule to go from NONE to ANY the installation failed. However it also failed when I switch back to NONE as service.

It's a lab so if needed I can redo it but this time use the proper rule.

 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-05 04:46 AM
In response to Hugo_vd_Kooij

Hey @Hugo_vd_Kooij 

Just to make sure we got this right, are you saying same error happens regardless if NONE or ANY is used?

Andy

0 Kudos
Tal_Paz-Fridman
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2025-04-05 05:13 AM
In response to Hugo_vd_Kooij

So if you unload the policy (from the machine) change the setting to Any (or a Network Object or Services & Applications) and Install Policy again it should work.

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2025-05-02 01:11 AM
In response to Tal_Paz-Fridman

I am unable to unload the policy. Thanks to VSNEXT being active.

Need to schedule a lab day to get this tested properly.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events