Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chrominek
Contributor

R81.10 gateway LOST after policy install

Jump to solution

During a series of the TP policy changes and policy installations on a cluster R81.10 (30) at the end the policy have been NOT installed on one gateway, node restarted, loaded initial block policy and was (and is) no longer able to fetch policy.

...

================================ Start reporting messages for threadID: 218280 =================================

14:43:23 4000021 InternalMsg CmiUpdateInstallPolicyApp INFO cmi_update_install_policy_app.cpp 248 loadPrepare ===== CmiUpdate install policy App load prepare start ======
14:43:23 4000026 InternalMsg InstallPolicyMGR ERROR install_policy_mgr.cpp 595 threadFuncUM loadPrepare of InstallPolicyApp: (CMI), appType: (3) failed
================================ Finish reporting messages for threadID: 218280 =================================

================================ Start reporting messages for threadID: 218281 =================================

14:43:23 4000023 InternalMsg FW Install Policy App INFO fw_install_policy_app.cpp 146 loadPrepare ===== FW install policy App load prepare start ======
14:43:23 91 GuiMsg FW1 ERROR fwload.c 933 handle_rules_set_ex Policy installation failed due to missing IPS files. Please install Threat Prevention policy before re-installing Access Control policy.
..
14:43:24 4000042 InternalMsg Install Policy MGR ERROR install_policy_mgr.cpp 2142 loadPrepare usermode load prepare failed
14:43:24 2000204 InternalMsg InstallPolicyMgr ERROR install_policy_mgr.cpp 302 runInstallPolicy Load prepare failed
Messages End

 

So now the only available policy is "default block", after unoadlocal  unable to fetch policy, cpinfo crashes kernel and locks node again with default block all policy.

kernel: fwk0_dev_0[82139]: segfault at 28 ip 00007fc4866f2bd1 sp 00007fff479f3130 error 4 in libOS.so[7fc4866ad000+7b000]

By the way licenses reported as invalid for AppC and URLF - on both nodes installed general "the same" 16200 licenses, and after a failure (or as a cause)  reported as "N/A" on the license status page for this gateway (on the smart console).

 

Maybe someone knows, what is the reason of  the "missing IPS files"?

0 Kudos
4 Replies
This widget could not be displayed.