Re: syslog generated during policy install

checkma_a · ‎2021-08-03

Hi all 🙂

When the policy is installed in GW, the following message is generated in GW /var/log/messages.

kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function CLIENT_ENCRYPT_SCV_W_SRVC_FUNC id0 x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function IPPOOLS_ENCRYPT_WITH_SRVC_FUNC id0 x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function ENCRYPT_WITH_SERVICE_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function RECORD_CONN_WITH_SCV_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function CLIENT_ENCRYPT_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function ENCRYPTION_FUNC id0x0a
kernel: [fw4_0];[ERROR]: up_fw_load_taditional_vpn_inspect_func_ids: failed to get inspect function IPPOOLS_ENCRYPTION_FUNC id0x0a

If you look at the above message, it looks like it is related to VPN, but

My customer is using GW blades only as 'Firewall'.

Do not use 'IPSec VPN' blades.

Has anyone seen messages like the above or know why they are generated?

Thank You.

PhoneBoy · ‎2021-08-05

These are related to Remote Access, I believe.
I assume you are also not using Mobile Access blade?
I see you've already opened a TAC case, which is what I would have suggested next.

checkma_a · ‎2021-08-05

As I wrote above, the blade is only using 'FireWall'.
As you said, I open a case to TAC and wait for an answer.

Ilya_Yusupov · ‎2021-08-08

Hi @checkma_a ,

can you please share what in which version you saw it?

Thanks,

Ilya

checkma_a · ‎2021-08-08

The OS version is R80.40, and the hotfix take is 94.

Timothy_Hall · ‎2021-08-08

Looks to me like your policy package is set to use VPN "Traditional Mode" instead of the newer "Simplified Mode" introduced in R52 (even though the syslog messages have a typo in them). Under Manage Policies & Layers do you have this checkbox set:

Also check this Global Properties screen:

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

checkma_a · ‎2021-08-08

Timothy_Hall As you say

It is set to Traditional mode.

PhoneBoy · ‎2021-08-08

If you're certain this policy does not contain any VPN rules (with action Encrypt) then you can change the policy to Simplified Mode using the procedure in: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

That said, the time to convert to Simplified Mode is long overdue.
Simplified mode was introduced in NG FP2 (aka R52) and was formally deprecated in R8x.
I assume we will remove support for this feature entirely in an upcoming version.

checkma_a · ‎2021-08-10

Thanks to everyone who posted replies.

After activating vpn traditonal mode, I tested in my lab whether symptoms replicated, but the symptoms were not replicated.

I think you should check the TAC answer as well.

thanks.

Are you a member of CheckMates?

syslog generated during policy install