This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nflnetwork29
Advisor
‎2020-12-19 12:24 AM

Installation failed. Reason: Memory allocation problem in Policy installation function.

we have a centrally managed 1550 Cluster XL running R80.20.15 - Build 682

when i try to install policy it always fails on the active member and installs on the standby no issues.

The message is indicating a memory error but the boxes do not seem to be running out of memory.

 

[Expert@GW1]# free -m
total used free shared buffers cached
Mem: 2000884 1677392 323492 46460 12196 516604
-/+ buffers/cache: 1148592 852292
Swap: 0 0 0

 

I've had a ticket open with TAC for about 10 days with still no resolution . Though I would check in the forums for any ideas?

0 Kudos
9 Replies
nflnetwork29
Advisor
‎2020-12-19 12:28 AM

[Expert@GW2]# free -m
total used free shared buffers cached
Mem: 2000884 1738000 262884 56924 8056 560276
-/+ buffers/cache: 1169668 831216
Swap: 0 0 0

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-19 12:59 AM
In response to nflnetwork29

This post should be in SMB ! What happens if you do a policy pull on the active node ? What happens after a failover ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
nflnetwork29
Advisor
‎2020-12-19 09:00 AM

 

I've manually forced a failover and tried that as well. again it will ONLY fail on the active member of the ClusterXL.

 

I've only tried pushing policy from the  MDS

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-19 09:37 AM
In response to nflnetwork29

Connect using SSH to each node and issue

 # fetch policy mgmt-ipv4-address <sms IP>

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
nflnetwork29
Advisor
‎2020-12-19 10:14 AM

 

 

same message on both :

 

HQ-FW2> fetch policy mgmt-ipv4-address x.x.x.x
Fetching policy from x.x.x.x
Fetching Security Policy from 'x.x.x.x'

Local Security Policy is Up-To-Date.

Installing Security Policy...
IPS package: Compiled OK.

Installing Security Policy Succeeded.
Done.


sfw_mac_filtering_config: ioctl SFW_MAC_FILTERING failed.
ioctl 43 to the sim device failed (ppak_id=0, rc=-1, errno=22)
sim_arp_spoofing: ioctl to the SecureXL device failed -1
Unable to configure anti ARP spoofing

 

sk167416 - "sfw_mac_filtering_config: ioctl SFW_MAC_FILTERING failed" message when pushing policy on a 1500 device

Cause
This is a cosmetic issue. MAC filtering is not supported on 1500 appliances.
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-12-19 01:21 PM

Both nodes have the current policy - alter the policy, install and try on the failing node again.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nflnetwork29
Advisor
‎2020-12-19 02:49 PM
In response to G_W_Albrecht

install via fetch or via sms push?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-12-19 11:44 PM

What version/JHF are you pushing from?
Also, has TAC asked you to debug the policy installation process yet?
Send the SR number in a PM.

0 Kudos
nflnetwork29
Advisor
‎2020-12-20 08:53 AM

80.40 take 89

yes they have taken a debug during policy push and nothing has been resolved yet. 

i will send the SR in a PM 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events