This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LeeBingKang
Advisor
‎2022-05-26 03:50 PM
Jump to solution

Threat Prevent Policy installation failed with weird code

Hi All,

 

Recently, i have done an standalone firewall upgrade from R77.10 to R81.10 with this path (R77.10 , R80.30 , R81.10)

 

All upgrade process done successfully.

 

 But unfortunately, i get the error when I try to install the Threat Prevention policy to the firewall after installed firewall policy successfully.

IPS error.PNG

 

I did check on the license and the firewall blade itself, all is on as expected.

 

Meanwhile, i also did try to search on SK but no SK related to this error.

 

Hence, I appreciate if anyone can guide me on solving this issue. Thank you.

0 Kudos
2 Solutions

Accepted Solutions
Alex-
Leader Leader
Leader
‎2022-05-27 04:46 AM
In response to LeeBingKang
Jump to solution

Please note that R81 and above do not officially support that type of appliance anymore so that might be your issue here.

You may try R80.40 which is the last version supported on that hardware.

View solution in original post

the_rock
Legend
Legend
‎2022-05-27 05:20 AM
In response to LeeBingKang
Jump to solution

@Alex- is correct, that appliance cant run R81. Can you just try R80.40 and update us?

Andy

View solution in original post

14 Replies
the_rock
Legend
Legend
‎2022-05-26 03:58 PM
Jump to solution

What threat prevention blades are you using? If you are doing automated feature, maybe disable it and try just with IPS blade.

0 Kudos
LeeBingKang
Advisor
‎2022-05-26 04:52 PM
In response to the_rock
Jump to solution

Hi the_rock,

 

The current ThreatPrevention blade using is only IPS and currently using custom policy shown as below:

IPS policy.PNG

 

Meanwhile when i do cpstart after cpstop, i get these errors:
error_after_cpstat.PNG

 

As i check some link, they mentioned something like Dynamic ID but i don't think my firewall using that.

 

Below is the link i mentioned (need to translate into english if needed):

How To Troubleshoot Policy Installation Issues - Checkpoint - Network & Security (coskunsanli.net)

0 Kudos
the_rock
Legend
Legend
‎2022-05-26 04:55 PM
In response to LeeBingKang
Jump to solution

Yea, that may need some debugging, for sure. Just as an easy test, uncheck ips, push policy, recheck and try again, see what happens.

0 Kudos
LeeBingKang
Advisor
‎2022-05-26 05:26 PM
In response to the_rock
Jump to solution

Just tested the simple steps:

1. uncheck IPS from the firewall

2. publish and install policy to the firewall

3. re-check back the IPS blade from the firewall

4. publish and install policy to the firewall

5. install Threat Prevention policy to the firewall, but failed with same error

0 Kudos
the_rock
Legend
Legend
‎2022-05-26 07:28 PM
In response to LeeBingKang
Jump to solution

I would get in touch with TAC and see what they say. I never encountered that exact issue before, so not 100% sure whay it would happen, sorry. I dont want to give you steps that could cause major problems, specially given the fact its standalone config.

0 Kudos
LeeBingKang
Advisor
‎2022-05-26 07:43 PM
In response to the_rock
Jump to solution

Okay thanks a lot. @the_rock . I will wait for your update and I will try to check out other way if possible.

0 Kudos
LeeBingKang
Advisor
‎2022-05-26 09:07 PM
In response to LeeBingKang
Jump to solution

Hi @the_rock ,

 

Currently i have no findings on my site:

 

So the detail story about my upgrade is like this:

1. I do inplace upgrade from77.30 to R80.30 to R81.10 on same vm machine. once done upgrade, I use migrate server export and import the database into another fresh R81.10 physical 4800 appliance.

 

2. when i try install threat prevention policy on the 4800 appliance got that error, but it works fine when i do same things on the VM.

 

3. For now, i try export the VM database again with migrate export. import into the physical appliance to do same thing again.

 

4. If not work again, will try to do offline inplace upgrade from R77.30 to R81.10 on the appliance.

 

0 Kudos
LeeBingKang
Advisor
‎2022-05-26 10:44 PM
In response to LeeBingKang
Jump to solution

I did try to factory default and do migrate import again on the Check Point 4800 appliance, but same issue still persist.

 

Hence, i will do in-place upgrade on the checkpoint appliance start from R77.30.

 

Will update at here if have any.

0 Kudos
Alex-
Leader Leader
Leader
‎2022-05-27 04:46 AM
In response to LeeBingKang
Jump to solution

Please note that R81 and above do not officially support that type of appliance anymore so that might be your issue here.

You may try R80.40 which is the last version supported on that hardware.

the_rock
Legend
Legend
‎2022-05-27 05:20 AM
In response to LeeBingKang
Jump to solution

@Alex- is correct, that appliance cant run R81. Can you just try R80.40 and update us?

Andy

LeeBingKang
Advisor
‎2022-05-27 05:40 AM
In response to the_rock
Jump to solution

okay. Sure. I will update to you guys once i tested.

LeeBingKang
Advisor
‎2022-05-29 08:27 PM
In response to the_rock
Jump to solution

Thanks guys.

After i tested the upgrade from R77.30 to R80.40 and import the database to the 4800 appliance, all was working fine (able to install firewall policy and IPS policy). Meanwhile (FYI), I did test to do offline upgrade from R80.40 to R81.10 on the 4800 appliance and failed as R81.10 doesn't support 4800 Check Point appliance.

the_rock
Legend
Legend
‎2022-05-29 08:33 PM
In response to LeeBingKang
Jump to solution

Happy to hear that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events