Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jakub_Rutynowsk
Explorer
Jump to solution

[Problem] R80.10 Policy Installation fails

Hello,

I have a virtual lab with Multi Domain Server with 3 domains:

Domain A (DMS1): VSX and virtual router
Domain B (DMS2): 2 virtual firewalls and R80.10
Domain C (DMS3): 1 virtual firewall

All other firewalls except of R88.10 are working fine.

R80.10, just basic installation:

GAiA 64bit standalone
Build 991310423
Branch name : hugo1
4gb memory
4 cores

[Expert@CPGW80-1:0]# df -kh
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
19G 4.6G 13G 27% /
/dev/sda1 289M 24M 251M 9% /boot
tmpfs 1.9G 0 1.9G 0% /dev/shm
/dev/mapper/vg_splat-lv_log
4.9G 350M 4.3G 8% /var/log

All licenses are in place and work fine.


The R80.10 gateway established SIC with its CMA, policy was created allowing any traffic.
Unfortunately, I can't install the basic policy and I get the error attached.

I did a fwm debug on DMS2 and found out this:

FWM 17116 4052629200]@mds-primary[1 Jun 8:40:41][] CLogFile::Open: Smart fflush enabled in log file
[FWM 17116 4052629200]@mds-primary[1 Jun 8:40:41][] pfopen: failed to open /opt/CPmds-R80/customers/DMS2/CPsuite-R80/fw1/conf/fwm.adtlog: No such file or directory
[FWM 17116 4052629200]@mds-primary[1 Jun 8:40:41][] CBinaryFile::Open: failed to open /opt/CPmds-R80/customers/DMS2/CPsuite-R80/fw1/conf/fwm.adtlog (For reading): No such file or directory

All CP processes are working and don't get stuck.


Also the command fwm -d shows the following:

[FWM 9612 4053010128]@mds-primary[1 Jun 9:45:08] CPPRODIS_init_error_logging_ex: initialized error logging for product 'FW1' application 'FWM'. Log file is not set.


From this command fw -d fetchlocal -d $FWDIR/state/__tmp/FW1 I get the following error:

[11882 4049438416]@mds-primary[1 Jun 9:48:08] Error opening file /opt/CPmds-R80/customers/DMS2/CPshrd-R80/database//authkeys.C:: No such file or directory


Running debugs gives me this:

fw ctl debug 0
fw ctl debug -buf 32000
fw ctl debug -m fw + memory filter
fw ctl kdebug -f 1>> /var/log/debug.txt 2>> /var/log/debug.txt &
fw -d fetchlocal -d $FWDIR/state/__tmp/FW1 1>> /var/log/policydebug.txt 2>> /var/log/policydebug.txt
fw ctl debug 0
kill %1


[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] fw_cmi_loader_init: registering load_params hook
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] fwobj_obj_initmode: mode=3
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] fwobj_obj_initmode: MOD R/W mode (fwd?)
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] muting debug...
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] DEBUG: fwd_reload_database_file: Start
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] in fwd_reload_database(do_database=0, dir=database, fn=objects.C
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] fwobj_destroy_reference_hash: reference_resolving_hash_users<0
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] reference_resolving_hash created
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] CachedObject::SetObject: small size, modifying (0 --> 10)
[13905 4015409040]@CPGW80-1[1 Jun 10:00:07] CachedObject::CreateHash: Created internal hashtable, size: 10
Fetching Security Policy Failed

[13905 4015409040]@CPGW80-1[1 Jun 10:00:08] destroy_rand_mutex: destroy
[13905 4015409040]@CPGW80-1[1 Jun 10:00:08] cpKeyTaskManager::~cpKeyTaskManager: called.


Solution steps I've made so far:

1) Fetched initial policy from local host - works ok
2) Added the missing file fwm.adtlog in the path stated above - no luck
3) Recreated SIC succesfully - no luck
4) Recreated the gateway object with new name - no luck
5) Followed sk33893 and found some errors referring to missing files, but not straight to the issues described there.
6) Restarted Domain Management Server (DMS2) - no luck
7) Monitored GW and DMS processes - no signs of corruption


What I'm going to do:

1) Install new R80.10 Gateway and verify if the same issue occurs.

Did someone already see this policy installation problem?

Thank you.

Best
Jakub

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

Hi Jakub, for this kind of issue I encourage you to open a task with Check Point support in parallel to this thread. While the community might be able to assist with others overcoming similar issues, through support we hope to gather all the required files for the analysis, so that we can achieve the solution, add documentation on the root cause, and have the action item to prevent such things in the future.

View solution in original post

0 Kudos
(1)
2 Replies
Jakub_Rutynowsk
Explorer

I forgot to mention that MDS is R80. 

0 Kudos
Tomer_Sole
Mentor
Mentor

Hi Jakub, for this kind of issue I encourage you to open a task with Check Point support in parallel to this thread. While the community might be able to assist with others overcoming similar issues, through support we hope to gather all the required files for the analysis, so that we can achieve the solution, add documentation on the root cause, and have the action item to prevent such things in the future.

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events