Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thin
Contributor

IPS update Failed :

Hello

I found some errors about ips update on my lab after revert to old revision.

MGMT R80.40

Logs :

09/07/20 15:06:42,476 INFO management.threat.IpsUpdateManager [qtp1700047396-80]: IPS update finished for domain xxxxxxxxxxxxxxxxxxxxx with status FAILED

09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: title before abbreviate and replace: IPS Management Update_Pre update checks failed
09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: title after abbreviate and replace: IPS_Management_Update_Pre_update_checks_failed
09/07/20 15:06:41,304 INFO dleserver.utils.LogSaverForFailedTasks [qtp1700047396-80]: failed task logs will be saved to $MDS_FWDIR/log/failed_tasks/Other

09/07/20 15:06:40,381 ERROR management.threat.IpsUpdateManager [qtp57206008-71]: Failed to find CpmiAsmPostInstallProcedure Object

 2020-07-10_14-46-02.png2020-07-10_14-44-18.png2020-07-10_14-43-10.png

What did I miss?

 

Thank you.

0 Kudos
6 Replies
HeikoAnkenbrand
Champion
Champion

Check this:

1) DNS server settings
2) f necessary proxy settings
3) default route to internet
4) correct hide NAT settings
5) access rules

# ping updates.checkpoint.com
# curl_cli https://updates.checkpoint.com

0 Kudos
Thin
Contributor

Everything is ok before revert revision. I don't think those list is matter and all of ips update connections are ok but

# curl_cli https://updates.checkpoint.com

curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. 

 

0 Kudos
G_W_Albrecht
Champion
Champion

You just missed out on the -k 😉

See sk113159 :

# curl_cli -v -k https://updates.checkpoint.com -x

0 Kudos
G_W_Albrecht
Champion
Champion

You did a revert for the SMS database, i assume ? Then i would go back to an older IPS version using SECURITY POLICIES > Threat Prevention > Updates > IPS > Switch to version... and try again to update IPS.

I think sk107580 Online IPS Update fails with "Internal Error: Failed to update Database object" does not look promising here.

 

0 Kudos
Thin
Contributor

There is no proxy in connection. I have switch to previous version but it show "IPS Update failed on assign Status:" 2020-07-10_16-56-36.png

0 Kudos
G_W_Albrecht
Champion
Champion

Strange... You could try sk107580  but i think you will need to contact TAC about this.

0 Kudos