This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
‎2023-10-23 03:23 PM
Jump to solution

Unable to install threat prevention policy after jumbo 38 install on R81.20

Hey guys,

Hope someone might be able to chime in on this and let me know what Im missing. Not sure if its a bug with latest R81.20 jumbo, but based on my tests and logic, does not appear to be and here is my reasoning.

So I have couple of labs in eve-ng (its FANTASTIC and no, they did not sponsor me or pay me to say this, they probably never even heard of me lol) and this is the case at the moment:

Lab 1 (with the issue) Btw, everything in both labs is on R81.20 jumbo 38

mgmt server managing cluster, another single gw and smart event

Lab 2 - no issues at all. Its standalone device managing another single firewall, EXACT same TP policy

So what happens is that regular access network policy works fine, but TP policy gives below errors and I literally applied all SKs I could find in KB, rebooted everything probably 3-4 times (at least), ran cpm script, checked cpm.elg file, but nothing really stands out.

I also attempted all the different TP profiles, but as soon as I disable IPS blade on both gateways, no issues at all. To add, policy was not changed since last week and verification works fine. Current threat prevention profile has IPS and AV on, but even with just ips, issue is exactly the same. I also tried disabling accelerated policy install, no joy.

If anyone has any ideas/suggestions, would be appreciated, of course.

And remember...ALWAYS be kind to one another!

Best regards,

Andy

 

 

Screenshot_1.png

 

 

 

 

Screenshot_2.png

 

Preview file
65 KB
0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2023-10-25 10:14 AM
Jump to solution

@MatanYanay and  all the guys from R&D who did remote with me, thank you very much, Im very greateful you took the time to even consider that, specially given the fact this is just my lab environment. Im fairly sure at this point this had nothing to do with latest jumbo, because I reinstalled the management and reconnected both cluster and single gw to it and all is fine now, even when using p2p peer sharing category.

Thanks again and please extend my best wishes to everyone who was on remote session.

Best regards,

Andy

View solution in original post

10 Replies
the_rock
Legend
Legend
‎2023-10-23 04:11 PM
Jump to solution

Even tried steps below, same issue...

https://community.checkpoint.com/t5/Threat-Prevention/can-t-install-ThreatPrevention-policy-after-ha...

0 Kudos
the_rock
Legend
Legend
‎2023-10-23 07:39 PM
Jump to solution

Another quick update...also uninstalled take 38 completelly, rebooted mgmt, tried, same issue...reinstalled latest jumbo, no luck. Ran ./policy_debug.sh script from $FWDIR/scripts dir, will review tomorrow. Very strange problem indeed...

Andy

0 Kudos
MatanYanay
Employee
Employee
‎2023-10-23 10:45 PM
In response to the_rock
Jump to solution

Hi @the_rock  we are checking it 

once we will have more info we will update 

Thanks 

Matan

0 Kudos
the_rock
Legend
Legend
‎2023-10-24 04:10 AM
In response to MatanYanay
Jump to solution

Thanks mate, really appreciate it. I will respond to emails by Tal.

Hope you are well and safe.

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-24 06:33 AM
In response to MatanYanay
Jump to solution

By the way, I will have remote tomorrow at 2 pm IL time (7 am EST). Your colleague Ofer was nice enough to accomodate that. Im still going through policy debug I generated yesterday.

Kind regards,

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-24 11:16 AM
Jump to solution

Further testing I had done today...just to see if it would make a difference, I deleted single gw from dashboard, created new object with same settings, but now, though I enabled IPS blade, it does not even show its enabled from ips stat command on the expert mode. To me, logically, that clearly would indicate this is mgmt problem, NOT the fw.

I could be mistaken, but just my logical thinking...

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-25 05:41 AM
Jump to solution

Thanks very much @Tal_Paz-Fridman for arranging a call with your colleagues from R&D for this issue, Im very grateful mate. So, to summarize, Daniel from R&D ran a debug on my affected lab mgmt server and saw that apparently something was missing with p2p file sharing object, which was used in the policy, but even after deleting it, same problem was there. He noticed that object was intact in the database of my R81.20 jhf 38 standalone device, so they will try reproduce it in their lab.

By the way, I will copy everything from working standalone device from dir $FWDIR/database onto my mgmt thats "broken" and reboot and see what happens.

Thanks again guys, it really means a lot you are willing to even do remote considering this is ajust a lab.

So, I would say, if anyone is thinking of installing jumbo 38, maybe dont do it yet, until they verify all this first.

Im very appreciative and PLEASE be safe 🙌

Andy

0 Kudos
the_rock
Legend
Legend
‎2023-10-25 10:14 AM
Jump to solution

@MatanYanay and  all the guys from R&D who did remote with me, thank you very much, Im very greateful you took the time to even consider that, specially given the fact this is just my lab environment. Im fairly sure at this point this had nothing to do with latest jumbo, because I reinstalled the management and reconnected both cluster and single gw to it and all is fine now, even when using p2p peer sharing category.

Thanks again and please extend my best wishes to everyone who was on remote session.

Best regards,

Andy

Scottc98
Advisor
‎2023-10-25 01:10 PM
In response to the_rock
Jump to solution

So....is there anything else from R&D or TAC on issues with this Take version that hasn't been reported?

I have a management still on Take 10 right now that I have been pushing to upgrade with my MSP.   Was going to go with Take 26 but with some of the bugs there (particularly the cloud vsec license issues), we held off.     

Every GW is on R81.10 so just focusing on patching Smart-1 here 

 

 

0 Kudos
the_rock
Legend
Legend
‎2023-10-25 01:55 PM
In response to Scottc98
Jump to solution

Nothing else reported that I know of or that they mentioned on the call.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events