Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
checkma_a
Explorer

syslog generated during policy install

Hi all 🙂

 

When the policy is installed in GW, the following message is generated in GW /var/log/messages.

 

kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function CLIENT_ENCRYPT_SCV_W_SRVC_FUNC id0 x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function IPPOOLS_ENCRYPT_WITH_SRVC_FUNC id0 x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function ENCRYPT_WITH_SERVICE_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function RECORD_CONN_WITH_SCV_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function CLIENT_ENCRYPT_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function ENCRYPTION_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function IPPOOLS_ENCRYPTION_FUNC id0x0a

 

 

 

If you look at the above message, it looks like it is related to VPN, but

My customer is using GW blades only as 'Firewall'.

Do not use 'IPSec VPN' blades.

Has anyone seen messages like the above or know why they are generated?

 

Thank You.

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

These are related to Remote Access, I believe.
I assume you are also not using Mobile Access blade?
I see you've already opened a TAC case, which is what I would have suggested next. 

0 Kudos
checkma_a
Explorer

As I wrote above, the blade is only using 'FireWall'.
As you said, I open a case to TAC and wait for an answer.

0 Kudos
Ilya_Yusupov
Employee
Employee

Hi @checkma_a ,

 

can you please share what in which version you saw it?

 

Thanks,

Ilya 

0 Kudos
checkma_a
Explorer

The OS version is R80.40, and the hotfix take is 94.

0 Kudos
Timothy_Hall
Champion
Champion

Looks to me like your policy package is set to use VPN "Traditional Mode" instead of the newer "Simplified Mode" introduced in R52 (even though the syslog messages have a typo in them).  Under Manage Policies & Layers do you have this checkbox set:

traditional.png

Also check this Global Properties screen:

traditional2.png

 

 

"Max Capture: Know Your Packets" Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
checkma_a
Explorer

Timothy_Hall As you say

It is set to Traditional mode.

 

image.pngimage.png

0 Kudos
PhoneBoy
Admin
Admin

If you're certain this policy does not contain any VPN rules (with action Encrypt) then you can change the policy to Simplified Mode using the procedure in: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

That said, the time to convert to Simplified Mode is long overdue.
Simplified mode was introduced in NG FP2 (aka R52) and was formally deprecated in R8x.
I assume we will remove support for this feature entirely in an upcoming version. 

0 Kudos
checkma_a
Explorer

Thanks to everyone who posted replies.

After activating vpn traditonal mode, I tested in my lab whether symptoms replicated, but the symptoms were not replicated.

I think you should check the TAC answer as well.

thanks.

0 Kudos