Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thin
Contributor

IPS update Failed :

Hello

I found some errors about ips update on my lab after revert to old revision.

MGMT R80.40

Logs :

09/07/20 15:06:42,476 INFO management.threat.IpsUpdateManager [qtp1700047396-80]: IPS update finished for domain xxxxxxxxxxxxxxxxxxxxx with status FAILED

09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: title before abbreviate and replace: IPS Management Update_Pre update checks failed
09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: title after abbreviate and replace: IPS_Management_Update_Pre_update_checks_failed
09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: failed task logs will be saved to $MDS_FWDIR/log/failed_tasks/Other

09/07/20 15:06:40,381 ERROR management.threat.IpsUpdateManager [qtp57206008-71]: Failed to find CpmiAsmPostInstallProcedure Object

 2020-07-10_14-46-02.png2020-07-10_14-44-18.png2020-07-10_14-43-10.png

What did I miss?

 

Thank you.

0 Kudos
10 Replies
HeikoAnkenbrand
Champion Champion
Champion

Check this:

1) DNS server settings
2) f necessary proxy settings
3) default route to internet
4) correct hide NAT settings
5) access rules

# ping updates.checkpoint.com
# curl_cli https://updates.checkpoint.com


➜ CCSM Elite, CCME, CCTE
0 Kudos
Thin
Contributor

Everything is ok before revert revision. I don't think those list is matter and all of ips update connections are ok but

# curl_cli https://updates.checkpoint.com

curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. 

 

0 Kudos
G_W_Albrecht
Legend
Legend

You just missed out on the -k 😉

See sk113159 :

# curl_cli -v -k https://updates.checkpoint.com -x

CCSE CCTE CCSM SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend

You did a revert for the SMS database, i assume ? Then i would go back to an older IPS version using SECURITY POLICIES > Threat Prevention > Updates > IPS > Switch to version... and try again to update IPS.

I think sk107580 Online IPS Update fails with "Internal Error: Failed to update Database object" does not look promising here.

 

CCSE CCTE CCSM SMB Specialist
0 Kudos
Thin
Contributor

There is no proxy in connection. I have switch to previous version but it show "IPS Update failed on assign Status:" 2020-07-10_16-56-36.png

0 Kudos
G_W_Albrecht
Legend
Legend

Strange... You could try sk107580  but i think you will need to contact TAC about this.

CCSE CCTE CCSM SMB Specialist
0 Kudos
Daniel_Noel
Employee
Employee

Thanks for the thread, home LAB had experienced the trouble on the SMS, after going from .30 to .40 - walked through the SK107580 which resolved the trouble.  Checkmates Community - stay strong!

 

0 Kudos
motiami
Contributor

SK107580 worked for me as well, we had the same error message above and the fix was easy and worked like a charm... thanks a lot!

0 Kudos
Matlu
Advisor

Hello,

I have a similar problem.

These commands that you recommend to apply as discard, should be run on the GW, I guess, right?

Or is it in the MGMT?

Greetings.

0 Kudos
the_rock
Legend
Legend

Ola bro,

For IPS update, that all comes from the mgmt server, so the machine where smart console is installed has to have Internet connectivity for updates to work.

Andy

[Expert@QUANTUM-MANAGEMENT:0]# ping updates.checkpoint.com
PING e17340.dscd.akamaiedge.net (23.202.54.18) 56(84) bytes of data.
64 bytes from a23-202-54-18.deploy.static.akamaitechnologies.com (23.202.54.18): icmp_seq=1 ttl=49 time=18.2 ms
64 bytes from a23-202-54-18.deploy.static.akamaitechnologies.com (23.202.54.18): icmp_seq=2 ttl=49 time=18.1 ms
64 bytes from a23-202-54-18.deploy.static.akamaitechnologies.com (23.202.54.18): icmp_seq=3 ttl=49 time=17.9 ms
^C
--- e17340.dscd.akamaiedge.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 17.998/18.125/18.221/0.181 ms
[Expert@QUANTUM-MANAGEMENT:0]# curl_cli -k https://updates.checkpoint.com
Page not found![Expert@QUANTUM-MANAGEMENT:0]#

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events