Hi everybody
We updated this week our Cluster from R80.10 to R80.30. The Update itself wasn't a problem. The only thing that did not work, was the IPS. We were not able to install the policy. the installation always faild with the status:
It took me a while to figure the issue out. The following entry in the cpd.elg took me to the right track:
malware_policy_get_ips_new_protections_settings: incorrect new_protections_exclude_performance_impact
malware_policy_get_ips_settings: malware_policy_get_ips_new_protections_settings failed
malware_policy_config: Failed to read ips_config
configload_download: configload_gw_vtable_extra_data() failed
Fetching Threat Prevention policy failed
If you have the setting "Very Low" in the "IPS Staging Configuration", then the install will fail.
Every other setting is working. Feature or Bug? 😉 Maybe someone of Checkpoint is seeing this. I don't know if it's a known issue. I did not find anything about it in the knowledgebase.