This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nishanthan
Explorer
‎2025-04-29 12:25 AM

Upgrade Firmware

After upgrading Check Point, the cleanup rule was moved to the top of the rulebase, which blocked access to the management portal. How can this issue be resolved?

0 Kudos
7 Replies
_Val_
Admin
Admin
‎2025-04-29 03:03 AM

Please specify the sowftware versions, and some more details about your setup

0 Kudos
Nishanthan
Explorer
‎2025-04-29 03:09 AM
In response to _Val_

The issue occurred after we upgraded from R81.10 to R81.20

0 Kudos
_Val_
Admin
Admin
‎2025-04-29 03:19 AM
In response to Nishanthan

Still not enough information. Do you use on-prem management or Smart-1 cloud? Did you push policy after upgrade? 

0 Kudos
Nishanthan
Explorer
‎2025-04-29 03:29 AM
In response to _Val_

I tried to upgrade the on-premises device, but I couldn’t push the policy because the firewall upgrade disabled login access while upgrade.

0 Kudos
the_rock
Legend
Legend
‎2025-04-29 04:31 AM
In response to Nishanthan

In all my years dealing with CP, I personally had NEVER heard of something like that. If I were you, I would check the audit logs to be 100% sure that someone inadvertenaly did not make such a change.

Andy

Lesley
Authority Authority
Authority
‎2025-04-29 04:42 AM

I assume you mean it went back to the initial policy? This can be checked with the CLI command cpstat fw

It should show your normal policy name. It could happen that it is unable to fetch the policy during bootup. Did you changed the version in SmartConsole and did a publish? Did you enable MVC? What Check Point guide you followed for upgrade? clean install or inplace upgrade?

 

Search for errors like this during boot:

 

going to fetch policy from MGMT...

Fetching FW1 Security Policy From: <IP>


Installing Security Policy <policy name>

Failed to Load Security Policy

Failed to Load Security Policy: Module version as defined by FW object,

does not match actual version installed

Fetching Security Policy Failed

Failed to fetch policy from masters in masters file

Fetching Threat Prevention Security Policy From: <IP>

Threat Prevention Security Policy wasn't loaded

Fetching Threat Prevention policy failed

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
‎2025-04-29 04:46 AM
In response to Lesley

All super valid points @Lesley . Though this is what really surprised me what @Nishanthan said...

After upgrading Check Point, the cleanup rule was moved to the top of the rulebase...

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events