This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
AkosBakos
Leader Leader
Leader
‎2024-12-04 08:45 AM

Threat Prevention policy installation error - internal error occured during the verification process

Hi Team,

Maybe I found a bug, can somebody confirm it in different environment ?

Symptoms:

The Threat Prevention policy install fails:

Internal error occured during the verificítion process

Policy verification failed

IPS_policy_error.png

in policy installation debug:

"color" : "black",
"statusCode" : "failed",
"statusDescription" : "Failed",
"taskNotification" : "5bde51fe-6c9b-419a-b533-22cc5ba43cd1",
"gatewayId" : "b8ff47bc-9816-4486-afb0-e92f680e98d3",
"policyId" : "41bccc6f-5498-45a4-856c-8aafeafa3634",
"fastInstallStatus" : {
"worksessionId" : "f7ac79a2-598a-40c2-b649-23d57b0e2e2a",
"gatewayId" : "b8ff47bc-9816-4486-afb0-e92f680e98d3",
"policyId" : "41bccc6f-5498-45a4-856c-8aafeafa3634",
"status" : "blade_not_supported",
"detailedReason" : [ ]

R81.20 take 84 MAESTRO

Investigation steps:

  • Enable/disable the IPS and ApplC URLf blade
    • issue still exists
  • In the IPS custom policy contains only one rule which was disabled
    • create a new rule
      • installation suceeded 
    • delete the newly created rule
      • installation failed

If the IPS Custom Policy has only rules whose are disabled, we got this error.

Can somebody you confirm this behavior?

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
8 Replies
the_rock
Legend
Legend
‎2024-12-04 09:10 AM

Hey bro,

I dont have maestro to test, but happy to try in R81.20 jhf 90 lab. Are you saying if I was to disable default ips rule under threat prevention custom policy, that error would appear?

Andy

0 Kudos
AkosBakos
Leader Leader
Leader
‎2024-12-04 09:29 AM
In response to the_rock

Hi,

Your LAB will be perfect. Thanks.   The one and only created IPS rule must be disabled. Something like this (this is a Demo Smartconsole)

ips_rule.png

Forgot the rule 1 (thats why I put a big red "X" onto)

And disable the one  and only existing rule. 

The policy install will fail.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend
‎2024-12-04 09:31 AM
In response to AkosBakos

I am happy to test it shortly. This time, cause I like you, its FREE, but next time, I charge...we take euros too ; - )

Just kidding, always happy to help my fellow IT brothers and sisters.

Will let you know in few mins.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-12-04 09:40 AM
In response to AkosBakos

Well, not sure if it is a bug or not, BUT...message I got on R81.20 makes way more sense than what I got on R82 (same as you).

Andy

 

R81.20:

 

Screenshot_1.png

 

 

R82:

 

 

Screenshot_2.png

Now, to me logically, error in R81.20 is a bit deceiving, well, partially and here is why I say that. I see why it would say there are no rules (though technically there is a rule, its just disabled) and btw, I did verify policy beforehand and it did succeed, so the fact it says policy verification failed is not actually true, at least thats the way I see it.

Andy

AkosBakos
Leader Leader
Leader
‎2024-12-04 10:05 AM
In response to the_rock

Thanks Andy,

I owe you. Now the HUF to EUR or USD rates are really terrible nowadays, please don't want me to pay EUR yet. 🙂

Greath to hear that this is not unique, but different messages.

To be honest, when the customer called me, I did't conclude to anything similar from this error message. Yes, I need more experiece. That's why I am here.

Unfortunately, the TAC misleaded us, with there is no internet access for SMO thats the problem. Now we will update them 🙂

Akos

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend
‎2024-12-04 10:11 AM
In response to AkosBakos

Im glad you asked me to test this, cause I learned something new today as well. I know this example will sound stupid, but things like this remind me when I was in Papua New Guinea one time and they advertised at the hotel there was Internet, so Im thinking, alright, one night, how bad can it be even if its not that fast...well, I show up and Internet does not work, I go to front desk and lady says to me "Well, you do realize since you booked this online, that online advertisements can be wrong? Yes, we do have Internet, but it never works or it works 1% of the time"

🤣🤣🤣🤣🤣🤣🤣

She defeated an IT person...I had no good comeback lol

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee
‎2024-12-26 05:56 AM
In response to the_rock

The expected behavior is as follows:

  1. The system should not fail with an "Internal Error," as this is not user-friendly.
  2. It should provide a meaningful and clear output. Specifically, instead of indicating that there are no rules, it should clarify that at least one rule needs to be enabled.

I will forward this to the relevant R&D owners for further action.

AkosBakos
Leader Leader
Leader
‎2024-12-26 08:13 AM
In response to Tal_Paz-Fridman

Great! Will I get for this a candy on CPX? 🙂

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top