Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chrominek
Contributor
Jump to solution

R81.10 gateway LOST after policy install

During a series of the TP policy changes and policy installations on a cluster R81.10 (30) at the end the policy have been NOT installed on one gateway, node restarted, loaded initial block policy and was (and is) no longer able to fetch policy.

...

================================ Start reporting messages for threadID: 218280 =================================

14:43:23 4000021 InternalMsg CmiUpdateInstallPolicyApp INFO cmi_update_install_policy_app.cpp 248 loadPrepare ===== CmiUpdate install policy App load prepare start ======
14:43:23 4000026 InternalMsg InstallPolicyMGR ERROR install_policy_mgr.cpp 595 threadFuncUM loadPrepare of InstallPolicyApp: (CMI), appType: (3) failed
================================ Finish reporting messages for threadID: 218280 =================================

================================ Start reporting messages for threadID: 218281 =================================

14:43:23 4000023 InternalMsg FW Install Policy App INFO fw_install_policy_app.cpp 146 loadPrepare ===== FW install policy App load prepare start ======
14:43:23 91 GuiMsg FW1 ERROR fwload.c 933 handle_rules_set_ex Policy installation failed due to missing IPS files. Please install Threat Prevention policy before re-installing Access Control policy.
..
14:43:24 4000042 InternalMsg Install Policy MGR ERROR install_policy_mgr.cpp 2142 loadPrepare usermode load prepare failed
14:43:24 2000204 InternalMsg InstallPolicyMgr ERROR install_policy_mgr.cpp 302 runInstallPolicy Load prepare failed
Messages End

 

So now the only available policy is "default block", after unoadlocal  unable to fetch policy, cpinfo crashes kernel and locks node again with default block all policy.

kernel: fwk0_dev_0[82139]: segfault at 28 ip 00007fc4866f2bd1 sp 00007fff479f3130 error 4 in libOS.so[7fc4866ad000+7b000]

By the way licenses reported as invalid for AppC and URLF - on both nodes installed general "the same" 16200 licenses, and after a failure (or as a cause)  reported as "N/A" on the license status page for this gateway (on the smart console).

 

Maybe someone knows, what is the reason of  the "missing IPS files"?

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Have you reviewed the solution described in sk176386?

CCSM R77/R80/ELITE

View solution in original post

(1)
4 Replies
Chris_Atkinson
Employee Employee
Employee

Have you reviewed the solution described in sk176386?

CCSM R77/R80/ELITE
(1)
chrominek
Contributor

Now the answer is "yes" and applied, Active/Standby.Thank you very much!

0 Kudos
the_rock
Legend
Legend

I would do what Chris suggested. I had one customer with EXACT same errors and that sk fixed it. I can't guarantee you it would work in your case. but Im fairly confident it will.

0 Kudos
chrominek
Contributor

After a few minutes  this license problem disappeared too. The failed node, after cpstart, became active and the license status changed after a few minutes. This "missing" license was the cause or reaction ... 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events