This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Aaron_Valenta
Participant
‎2018-01-29 02:38 PM

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server'?

Has anyone run into (and hopefully resolved) 'convert_asm_web_security: failed to create 'http_enforce_sql_injection' from 'HTTP_security_server', Failed to convert web security parameters in asm.C, internal error occurred during the verification process, Policy verification failed after R77.30 db export and import into R80.10?

The issue is specific to the IPS SQL Injection protection and policy successfully pushes if this protection is inactivated but we would like to continue to use this protection.

Screenshot of the specific error attached.

Support is assisting and opening a case with R&D but wondering if others have encountered and hopefully even resolved this issue? This appears to be the only post-upgrade issue but it is preventing us from moving to the R80.10 management server.

Any and all assistance is appreciated.

Preview file
32 KB
0 Kudos
Reply
5 Replies
Michael_Lawrenc
Contributor
‎2018-01-29 04:08 PM

Long shot, especially if you're already escalated to level 3 - but have you looked at your rulebase order to make sure any rules using legacy application layer servers (like the HTTP security server) come *before* any rules that use the new application control and protocol inspection stuff?

0 Kudos
Reply
Aaron_Valenta
Participant
‎2018-01-31 08:01 AM

It looks like the error and issue is strictly related to the SQL Injection IPS protection. If I disable this protection, I can successfully push policy, however, we want to be able to utilize the SQL Injection protection.

0 Kudos
Reply
Tomer_Sole
Mod
Mod
‎2018-01-31 10:21 AM

Hi guys, a mid-way update on this issue - was an internal error with the policy installation engine. This does not relate to any kind of user misconfiguration. Aaron will be notified once a fix + SK arrive.

Reply
Michael_Lawrenc
Contributor
‎2018-01-31 12:26 PM
In response to Tomer_Sole

Good deal.  Please let us know when the SK is up.  I'd like to check in with my customers on this one.  Kind of surprised we didn't trip over this already. 

Reply
Tomer_Sole
Mod
Mod
‎2018-02-14 09:31 AM
In response to Tomer_Sole

Hi guys, the decision was that each time such thing happens, you would have to contact Check Point Support. The problem was an internal error with the policy installation engine, and that error does not currently repeat for other customers. 

Reply