This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Habib_Rahman_TX
Explorer
‎2021-12-23 08:54 AM

Best practice to add Geo Policy in R80.30 VSX

We added Geo Policy using default Profile and installed Policy on VS2.

IPS blade is enabled.

However Geo Policy is not enforced.

We started debugging using following SK (sk92823) and noticed Geo process is not running.

Can you confirm if using  Updatable object for Geo Policy in R80.30 only way to make Geo Policy work? 

 

We also tried using updatable object and it dropped traffic.

We can access user center using VS0 (not from VS2, and VS2 is our FW)

We can also perform DNS Lookup from VS0

We ran unified_dl UPDATE ONLINE_SERVICES, and it shows completed successfully but  last_revision.xml file has a July 2020 timestamp.

 

Can you share tips as how to update last_revision.xml successfully?

 

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2021-12-24 12:45 AM

Probably it is best to take it with TAC

0 Kudos
the_rock
Champion
Champion
‎2021-12-24 08:01 AM

I was under impression that geo policy would be the same regardless of platform you are running, but I could be mistaken...I know starting in R80.20, its recommended to use updatable objects in the policy, but if you are saying that process is not even running, then definitely worth considering TAC case. 

Below is what TAC gave me few months back when customer had issues with geo updates and it did fix it (you do this on mgmt server, just make sure you backup thise directories first, in case or even do backup quickly)

Procedure:
1. Change the name of the folder $MDS_FWDIR/conf/SMC_Files/uo to uo_original
2. Run cpstop && cpstart on the mgmt server
3. Re-open updatable object picker
4. Make sure the $FWDIR/conf/SMC_Files/uo was created again

These steps, should enforce the management server to re-download the Updatable Object package and should solve the issue. 

0 Kudos
Habib_Rahman_TX
Explorer
‎2022-01-03 08:25 AM
In response to the_rock

Thank you.  I have a case open with TAC.

0 Kudos