This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LeeBingKang
Contributor
‎2022-05-26 03:50 PM

Threat Prevent Policy installation failed with weird code

Jump to solution

Hi All,

 

Recently, i have done an standalone firewall upgrade from R77.10 to R81.10 with this path (R77.10 , R80.30 , R81.10)

 

All upgrade process done successfully.

 

 But unfortunately, i get the error when I try to install the Threat Prevention policy to the firewall after installed firewall policy successfully.

IPS error.PNG

 

I did check on the license and the firewall blade itself, all is on as expected.

 

Meanwhile, i also did try to search on SK but no SK related to this error.

 

Hence, I appreciate if anyone can guide me on solving this issue. Thank you.

0 Kudos
2 Solutions

Accepted Solutions
Alex-
Advisor
‎2022-05-27 04:46 AM
In response to LeeBingKang

Jump to solution

Please note that R81 and above do not officially support that type of appliance anymore so that might be your issue here.

You may try R80.40 which is the last version supported on that hardware.

View solution in original post

the_rock
Champion
Champion
‎2022-05-27 05:20 AM
In response to LeeBingKang

Jump to solution

@Alex- is correct, that appliance cant run R81. Can you just try R80.40 and update us?

Andy

View solution in original post

14 Replies
the_rock
Champion
Champion
‎2022-05-26 03:58 PM

Jump to solution

What threat prevention blades are you using? If you are doing automated feature, maybe disable it and try just with IPS blade.

0 Kudos
LeeBingKang
Contributor
‎2022-05-26 04:52 PM
In response to the_rock

Jump to solution

Hi the_rock,

 

The current ThreatPrevention blade using is only IPS and currently using custom policy shown as below:

IPS policy.PNG

 

Meanwhile when i do cpstart after cpstop, i get these errors:
error_after_cpstat.PNG

 

As i check some link, they mentioned something like Dynamic ID but i don't think my firewall using that.

 

Below is the link i mentioned (need to translate into english if needed):

How To Troubleshoot Policy Installation Issues - Checkpoint - Network & Security (coskunsanli.net)

0 Kudos
the_rock
Champion
Champion
‎2022-05-26 04:55 PM
In response to LeeBingKang

Jump to solution

Yea, that may need some debugging, for sure. Just as an easy test, uncheck ips, push policy, recheck and try again, see what happens.

0 Kudos
LeeBingKang
Contributor
‎2022-05-26 05:26 PM
In response to the_rock

Jump to solution

Just tested the simple steps:

1. uncheck IPS from the firewall

2. publish and install policy to the firewall

3. re-check back the IPS blade from the firewall

4. publish and install policy to the firewall

5. install Threat Prevention policy to the firewall, but failed with same error

0 Kudos
the_rock
Champion
Champion
‎2022-05-26 07:28 PM
In response to LeeBingKang

Jump to solution

I would get in touch with TAC and see what they say. I never encountered that exact issue before, so not 100% sure whay it would happen, sorry. I dont want to give you steps that could cause major problems, specially given the fact its standalone config.

0 Kudos
LeeBingKang
Contributor
‎2022-05-26 07:43 PM
In response to the_rock

Jump to solution

Okay thanks a lot. @the_rock . I will wait for your update and I will try to check out other way if possible.

0 Kudos
LeeBingKang
Contributor
‎2022-05-26 09:07 PM
In response to LeeBingKang

Jump to solution

Hi @the_rock ,

 

Currently i have no findings on my site:

 

So the detail story about my upgrade is like this:

1. I do inplace upgrade from77.30 to R80.30 to R81.10 on same vm machine. once done upgrade, I use migrate server export and import the database into another fresh R81.10 physical 4800 appliance.

 

2. when i try install threat prevention policy on the 4800 appliance got that error, but it works fine when i do same things on the VM.

 

3. For now, i try export the VM database again with migrate export. import into the physical appliance to do same thing again.

 

4. If not work again, will try to do offline inplace upgrade from R77.30 to R81.10 on the appliance.

 

0 Kudos
LeeBingKang
Contributor
‎2022-05-26 10:44 PM
In response to LeeBingKang

Jump to solution

I did try to factory default and do migrate import again on the Check Point 4800 appliance, but same issue still persist.

 

Hence, i will do in-place upgrade on the checkpoint appliance start from R77.30.

 

Will update at here if have any.

0 Kudos
Alex-
Advisor
‎2022-05-27 04:46 AM
In response to LeeBingKang

Jump to solution

Please note that R81 and above do not officially support that type of appliance anymore so that might be your issue here.

You may try R80.40 which is the last version supported on that hardware.

the_rock
Champion
Champion
‎2022-05-27 05:20 AM
In response to LeeBingKang

Jump to solution

@Alex- is correct, that appliance cant run R81. Can you just try R80.40 and update us?

Andy

LeeBingKang
Contributor
‎2022-05-27 05:40 AM
In response to the_rock

Jump to solution

okay. Sure. I will update to you guys once i tested.

LeeBingKang
Contributor
‎2022-05-29 08:27 PM
In response to the_rock

Jump to solution

Thanks guys.

After i tested the upgrade from R77.30 to R80.40 and import the database to the 4800 appliance, all was working fine (able to install firewall policy and IPS policy). Meanwhile (FYI), I did test to do offline upgrade from R80.40 to R81.10 on the 4800 appliance and failed as R81.10 doesn't support 4800 Check Point appliance.

the_rock
Champion
Champion
‎2022-05-29 08:33 PM
In response to LeeBingKang

Jump to solution

Happy to hear that.

0 Kudos