This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
chrominek
Contributor
‎2022-01-26 07:40 AM

R81.10 gateway LOST after policy install

Jump to solution

During a series of the TP policy changes and policy installations on a cluster R81.10 (30) at the end the policy have been NOT installed on one gateway, node restarted, loaded initial block policy and was (and is) no longer able to fetch policy.

...

================================ Start reporting messages for threadID: 218280 =================================

14:43:23 4000021 InternalMsg CmiUpdateInstallPolicyApp INFO cmi_update_install_policy_app.cpp 248 loadPrepare ===== CmiUpdate install policy App load prepare start ======
14:43:23 4000026 InternalMsg InstallPolicyMGR ERROR install_policy_mgr.cpp 595 threadFuncUM loadPrepare of InstallPolicyApp: (CMI), appType: (3) failed
================================ Finish reporting messages for threadID: 218280 =================================

================================ Start reporting messages for threadID: 218281 =================================

14:43:23 4000023 InternalMsg FW Install Policy App INFO fw_install_policy_app.cpp 146 loadPrepare ===== FW install policy App load prepare start ======
14:43:23 91 GuiMsg FW1 ERROR fwload.c 933 handle_rules_set_ex Policy installation failed due to missing IPS files. Please install Threat Prevention policy before re-installing Access Control policy.
..
14:43:24 4000042 InternalMsg Install Policy MGR ERROR install_policy_mgr.cpp 2142 loadPrepare usermode load prepare failed
14:43:24 2000204 InternalMsg InstallPolicyMgr ERROR install_policy_mgr.cpp 302 runInstallPolicy Load prepare failed
Messages End

 

So now the only available policy is "default block", after unoadlocal  unable to fetch policy, cpinfo crashes kernel and locks node again with default block all policy.

kernel: fwk0_dev_0[82139]: segfault at 28 ip 00007fc4866f2bd1 sp 00007fff479f3130 error 4 in libOS.so[7fc4866ad000+7b000]

By the way licenses reported as invalid for AppC and URLF - on both nodes installed general "the same" 16200 licenses, and after a failure (or as a cause)  reported as "N/A" on the license status page for this gateway (on the smart console).

 

Maybe someone knows, what is the reason of  the "missing IPS files"?

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee
Employee
‎2022-01-26 08:00 AM

Jump to solution

Have you reviewed the solution described in sk176386?

View solution in original post

(1)
4 Replies
Chris_Atkinson
Employee
Employee
‎2022-01-26 08:00 AM

Jump to solution

Have you reviewed the solution described in sk176386?

(1)
chrominek
Contributor
‎2022-01-26 08:49 AM
In response to Chris_Atkinson

Jump to solution

Now the answer is "yes" and applied, Active/Standby.Thank you very much!

0 Kudos
the_rock
Champion
Champion
‎2022-01-26 08:50 AM

Jump to solution

I would do what Chris suggested. I had one customer with EXACT same errors and that sk fixed it. I can't guarantee you it would work in your case. but Im fairly confident it will.

0 Kudos
chrominek
Contributor
‎2022-01-26 09:17 AM
In response to the_rock

Jump to solution

After a few minutes  this license problem disappeared too. The failed node, after cpstart, became active and the license status changed after a few minutes. This "missing" license was the cause or reaction ...