This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
luk89as
Participant
a month ago
Jump to solution

Errors detected after upgrading to R81.10.10 (996002845)

Hello,

I have detected several errors after upgrading CP 1530, 1550, 1535 (I have several devices in multiple locations) to the latest version R81.10.10 (996002845).

Error #1 When I try to change the excluded items in Threat Prevention and SSL Inspection (added earlier in firmware R81.10.08 (996001683) I get errors as in the screen attached to the post.

Error #2 is Unable to run SSL exclusion for MAC devices in SSL Inspection I get an error about not pressing the SAVE key. Despite performing this action. Unable to save selected Assets to bypass: macOS

Only a factory reset of version R81.10.10 (996002845) and entering the configuration by hand solved the problem. Restoring from a copy causes the same errors.

Please verify on your devices.

Preview file
14 KB
Preview file
12 KB
Preview file
15 KB
Preview file
30 KB
Preview file
30 KB
0 Kudos
1 Solution

Accepted Solutions
Dafna
Employee
Employee
a month ago
Jump to solution

The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.

View solution in original post

23 Replies
G_W_Albrecht
Legend
Legend
a month ago
Jump to solution

I would suggest to open a SR# with CP TAC !

CCSE CCTE CCSM SMB Specialist
the_rock
Legend
Legend
a month ago
Jump to solution

That seems like TAC case to me as well.

Andy

0 Kudos
luk89as
Participant
a month ago
In response to the_rock
Jump to solution

I will open SR# with CP TAC.

The strange thing is that the problem is ascending on every device, not just one.

The devices come from one distributor imported at different times directly from Israel.

I would understand one case but not on every device.

It looks like an obvious error arising during an upgrade from an earlier software version.

0 Kudos
G_W_Albrecht
Legend
Legend
a month ago
In response to luk89as
Jump to solution

Look like some configuration gets corrupted. So it is good if you have a backup of the non-working config...

CCSE CCTE CCSM SMB Specialist
0 Kudos
luk89as
Participant
a month ago
In response to G_W_Albrecht
Jump to solution

I have set up an SR# with CP TAC.

I solved the problem on only one device by restoring the factory settings and entering them from scratch by hand.

My private CP1570 is running in the configuration with errors. So I have a copy with a corrupted configuration.

0 Kudos
the_rock
Legend
Legend
a month ago
In response to luk89as
Jump to solution

All locally managed?

0 Kudos
luk89as
Participant
a month ago
In response to the_rock
Jump to solution

Yes all devices are managed locally.

0 Kudos
the_rock
Legend
Legend
a month ago
In response to luk89as
Jump to solution

Let us know what TAC says. I dont sadly have one myself to test, so cant say for sure why it happens, but sounds like a pretty serious issue.

Andy

0 Kudos
G_W_Albrecht
Legend
Legend
a month ago
In response to luk89as
Jump to solution

I doubt that CP will be able to explain the issue. I had similar experiences with customers, where reconfiguration from scratch after reset did resolve these issues. Using the backup made the issue reoccur...

 

CCSE CCTE CCSM SMB Specialist
David_Zak
Participant
Participant
a month ago
Jump to solution

Hi,

I had the same problem. Locally managed 1550W.
After upgrading from R81.10.08 to R81.10.10. It was not possible to delete or edit SSL inspection exception rules. It was only possible to create new rules.

Solution:
Do not import backups but create everything anew. If there are only a few rules and objects, this can be solved by completely manually creating new rules and objects.

If there are many objects and rules, I recommend to create a request to TAC.

In my case, problem solved by creating a TAC request. TAC created a new build and everything is now trouble free.
I expect there will be more of these cases.

David

the_rock
Legend
Legend
a month ago
In response to David_Zak
Jump to solution

Just curious, was it a custom build they gave you?

Andy

0 Kudos
David_Zak
Participant
Participant
a month ago
In response to the_rock
Jump to solution

Yes, R81.10.10 (996002870)

David

luk89as
Participant
a month ago
In response to David_Zak
Jump to solution

Can you make it available?

Maybe she will solve my problems without the need to restore factory settings and enter all by hand.

I myself am waiting for TAC's answer, they already have it assigned and have received the necessary information from me. It remains to wait.

0 Kudos
David_Zak
Participant
Participant
a month ago
In response to luk89as
Jump to solution

I understand, but I am not authorized to share this firmware.
I would recommend to urge TAC.

(1)
the_rock
Legend
Legend
a month ago
In response to luk89as
Jump to solution

Hey @luk89as , just my personal suggestion. If this is urgent, which it sounds like it would be, just call TAC number, update the case with this thread and tell them you need that image build as soon as possible, so they can provide it.

Best,

Andy

David_Evans
Contributor
a month ago
In response to the_rock
Jump to solution

I can add another one to this issue.   Its not a super critical box but I cannot edit policy at all, I get the "invalid text" message with any change to policy.   I'll watch for a new build for a while. 

0 Kudos
the_rock
Legend
Legend
a month ago
In response to David_Evans
Jump to solution

Invalid text if you try make any change or just add a comment?

0 Kudos
David_Evans
Contributor
a month ago
In response to the_rock
Jump to solution

any change to the current locally managed policy rules results in the error.     New rules add successfully.    I have nothing in the comments for any of my existing rules.

0 Kudos
David_Zak
Participant
Participant
a month ago
In response to David_Evans
Jump to solution

Yes, I can confirm, I had the same problem with editing rule comments, among other things. I recommend you to make a request to TAC.

0 Kudos
Dafna
Employee
Employee
a month ago
Jump to solution

The rulebase issue was already solved - we plan to release a JHF version which includes the fix next week.

luk89as
Participant
4 weeks ago
In response to Dafna
Jump to solution

Checkpoint technical support provided me with the firmware: R81.10.10 (996002878).

After the update, the problem disappeared and I can edit the TP and SSL exclusion tables without errors.

However, the error of not being able to save the configuration after selecting the "Assets to bypass: macOS" option in SSL exclusions has not been resolved.

I hope they will solve it in the next firmware version.

Zachi_Schnieder
Employee
Employee
4 weeks ago
In response to luk89as
Jump to solution

Hi,

We are planning to fix the macOS issue in our next release.

Thanks,

Chris_Atkinson
Employee Employee
Employee
2 weeks ago
In response to luk89as
Jump to solution

For awareness the current R81.10.10 build available from sk181080 is now: 996002906

For information regarding the fixes in this build please see: sk181134 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events