This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FireMage
Participant
‎2023-03-15 11:53 AM
Jump to solution

unable to install policy per mgmt_cli - error incompatible policy

hello @All

i am quite new here and hope you can help me.

i have a huge problem. i have a Gaia R80.20 as single deployment (management & enforcement together) in use. this has booted at once and after reboot it had my required policy no longer loaded. the default policy (fw stat) gave me but no way to get to the checkpoint. neither to the gaia nor via smart dashboard to the management. so i went directly to the console and tried to reload it via mgmt_cli install-policy policy-package work (work is the name of the policy). unfortunately this went wrong. the following error message appeared:

... policy version are incompatible. disable accelerated install policy ... see SK168055

well, i thought. there must be an option in mgmt_cli to disable the acceleration. just like in dashboard. but unfortunately i didn't see anything.

therefore 2 questions:

- how can i change the defaultpolicy so that i have at least the minimal rules in there to restore a backup and get to the management? i created my own policy (emergency). how can i make sure that it is ALWAYS loaded in case of doubt.

- how do i get my policy loaded when this incompatibility error occurs?

thank you very much
jeff

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-03-15 12:03 PM
Jump to solution

DefaultFilter and InitialPolicy cannot be changed.

Ensure the gateway is not connected to the Internet and do an "fw unloadlocal" to unload the policy temporarily.
Note: this means no access policy is being enforced!
You should then be able to connect with SmartConsole and make the required changes to install the policy successfully.

View solution in original post

(1)
3 Replies
PhoneBoy
Admin
Admin
‎2023-03-15 12:03 PM
Jump to solution

DefaultFilter and InitialPolicy cannot be changed.

Ensure the gateway is not connected to the Internet and do an "fw unloadlocal" to unload the policy temporarily.
Note: this means no access policy is being enforced!
You should then be able to connect with SmartConsole and make the required changes to install the policy successfully.

(1)
FireMage
Participant
‎2023-03-15 12:48 PM
In response to PhoneBoy
Jump to solution

Hello PhoneBoy,

 

that's great.

thank's so much.

jeff

0 Kudos
the_rock
Legend
Legend
‎2023-03-15 12:38 PM
Jump to solution

Phoneboy brings up a very good point. If you unload the policy, you can then make necessary changes from smart console, which would be accessible at that time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events