This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nflnetwork29
Advisor
‎2022-04-08 09:28 AM
Jump to solution

internal error occurred during the verification process

Hello we have R81.10 MDS w/ R81.10 Security VE Gateway 

This is a fresh VE gateway deployment with Take 30 installed (latest) 

Have not been able to ever install any policy , i have establish SIC trust and then I am stuck . 

How can I fix this? Seems like a bug maybe as the policy I am trying to deploy is very minimal. 

I am not even trying to deploy any threat policy at this time . 

Preview file
39 KB
0 Kudos
1 Solution

Accepted Solutions
nflnetwork29
Advisor
‎2022-04-25 08:38 AM
In response to the_rock
Jump to solution

this issue was solved by TAC eventually. 

the very short answer was that basically what we had to do what remove the gateway object and re-add it . 

 

View solution in original post

0 Kudos
21 Replies
the_rock
MVP Gold
MVP Gold
‎2022-04-08 09:31 AM
Jump to solution

What do you see if you only do policy verification?

Andy

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-08 09:34 AM
In response to the_rock
Jump to solution

yes of course, done that!  and it is successful . no issue reported there . 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-04-08 09:47 AM
Jump to solution

Did you try: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
nflnetwork29
Advisor
‎2022-04-08 09:49 AM
In response to PhoneBoy
Jump to solution

on my gateway

# ls -lh connectra_rulenums.html

ls: cannot access connectra_rulenums.html: No such file or directory

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-08 09:51 AM
In response to nflnetwork29
Jump to solution

If you run this command from expert mode-> find / -name connectra_rulenums.html

Do you see anything?

By the way, its on management(also R81.10), NOT gateway

From my lab:

[Expert@MANAGEMENT:0]# find / -name connectra_rulenums.html
find: /proc/27779: No such file or directory
find: /proc/28071: No such file or directory
find: /proc/28073: No such file or directory
/var/log/opt/CPsuite-R81/fw1/log/connectra_rulenums.html
[Expert@MANAGEMENT:0]#

Andy

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-08 10:15 AM
In response to the_rock
Jump to solution

OK yes i found it 

 

/var/log/mds_logs/MGMT-MDS-01/log/connectra_rulenums.html

the_rock
MVP Gold
MVP Gold
‎2022-04-08 10:18 AM
In response to nflnetwork29
Jump to solution

Great! Just back it up and try the sk @PhoneBoy suggested. let us know if it works.

Andy

Best,
Andy
nflnetwork29
Advisor
‎2022-04-08 10:26 AM
In response to the_rock
Jump to solution

to confirm .

i just replace step 1 with the path below?? 

/var/log/mds_logs/MGMT-MDS-01/log/connectra_rulenums.html

 
  1. # cd $FWDIR/log/ >>>>>> REPLACE  THIS
  2. # ls -lh connectra_rulenums.html (this will show the incorrect link)
  3. # unlink connectra_rulenums.html
  4. # touch connectra_rulenums.html
  5. # chmod 777 connectra_rulenums.html
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-08 10:29 AM
In response to nflnetwork29
Jump to solution

What I would personally do, just to be safe, make backup first...so cd $FWDIR/log, then cp connectra_rulenums.html connectra_rulenums.html.backup and maybe get backup file off the server (JUST IN CASE) and then follow the instructions. I dont want to sound difficult now, but I would also take a backup as well.

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-08 10:39 AM
In response to the_rock
Jump to solution

tried the solution in the sk and still getting the same error . *sigh*

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-08 10:44 AM
In response to nflnetwork29
Jump to solution

Thats unfortunate. O well...I would certainly contact TAC next. In the meantime, try from mgmt ssh something like below, just replace firewall name and correct policy )below is example from my lab)

mgmt_cli install-policy policy-package "R81.10_policy" targets "gateway"

 

Andy

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-08 11:04 AM
In response to the_rock
Jump to solution

Should the file "connectra_rulenums.html" exist in every single CMA when referring to an MDS?

 

my policy name = "standard" 

when i run the cmdlt i got 

code: "generic_err_object_not_found"
message: "Requested object [standard] not found"

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-10 05:28 AM
In response to nflnetwork29
Jump to solution

That Im not 100% sure, you may wish to confirm with TAC on it.

Andy

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-12 07:26 AM
In response to the_rock
Jump to solution

@the_rock 

 

mgmt_cli install-policy policy-package "standard" targets "CORP-cp01"

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-10 07:52 AM
In response to nflnetwork29
Jump to solution

Can you paste exact command you ran?

Best,
Andy
0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-04-10 06:05 AM
Jump to solution

Have you tried forcing a non accelerated policy install or patching with JHF T45?

CCSM R77/R80/ELITE
nflnetwork29
Advisor
‎2022-04-12 07:25 AM
In response to Chris_Atkinson
Jump to solution

hi @Chris_Atkinson 

 

yes i patched to JHF T45 . same issue . 

 

How do i force a non  accelerated  policy install ? i can try that 

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-12 07:27 AM
In response to nflnetwork29
Jump to solution

https://www.youtube.com/watch?v=saM4vueYBo8

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-12 07:34 AM
In response to the_rock
Jump to solution

@the_rock 

was worth a shot . still failed though! arggg .

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2022-04-12 07:36 AM
In response to nflnetwork29
Jump to solution

Sorry to say, but I got nothing else... : - (. I guess doing debug would be next step...

Best,
Andy
0 Kudos
nflnetwork29
Advisor
‎2022-04-25 08:38 AM
In response to the_rock
Jump to solution

this issue was solved by TAC eventually. 

the very short answer was that basically what we had to do what remove the gateway object and re-add it . 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events