This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jerry
Leader
Leader
‎2019-04-30 03:34 AM

IPS issue (R80.20) - cannot remove IPS blade from GW object

hi chaps

 

got an interesting one

 

1. object of the GW has IPS enabled, when trying to untick and disable it I cannot seem to save the changes as SmartConsole shout on me as following:

a. "Failed to save object "xxx". A blocking validation error was found: Field InstallTargetIds references invalid object

b. "The current changes to object "xxx" parameters are invalid and therefore will be discarded"

 

and that's all. when "a" occur the only way to move on is to click OK, when done "b" appears.

 

any idea what and why? literally nothnig has changed on that "StandAlone" Appliance since original install of R80.20.

 

ps. cpinfo -y all below (also see enclosed 1.png)

 

[Expert@xxx:0]# cpinfo -y all

This is Check Point CPinfo Build 914000190 for GAIA
[IDA]
No hotfixes..

[CPFC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[MGMT]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[FW1]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

FW1 build number:
This is Check Point Security Management Server R80.20 - Build 007
This is Check Point's software version R80.20 - Build 047
kernel: R80.20 - Build 047

[SecurePlatform]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[CPinfo]
No hotfixes..

[DIAG]
No hotfixes..

[PPACK]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[CVPN]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[SmartLog]
No hotfixes..

[Reporting Module]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[CPuepm]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[VSEC]
HOTFIX_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[R7520CMP]
No hotfixes..

[R7540CMP]
No hotfixes..

[R76CMP]
No hotfixes..

[SFWR77CMP]
No hotfixes..

[R77CMP]
HOTFIX_R80_20_JHF_COMP Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC

[R75CMP]
No hotfixes..

[NGXCMP]
No hotfixes..

[EdgeCmp]
No hotfixes..

[SFWCMP]
No hotfixes..

[FLICMP]
No hotfixes..

[SFWR75CMP]
No hotfixes..

[MGMTAPI]
No hotfixes..

[CPUpdates]
BUNDLE_CPINFO Take: 0
BUNDLE_R80.20_SC Take: 101
BUNDLE_R80_20_JUMBO_HF_MAIN Take: 47
BUNDLE_R80_20_JUMBO_HF_MAIN_SC Take: 73

Jerry
Preview file
15 KB
7 Replies
Tal_Paz-Fridman
Employee
Employee
‎2019-04-30 04:14 AM

Hi Jerry,

 

Please go over the Threat Prevention Policy rules [Security Policies > Threat Prevention > Each Threat Prevention Layer] and make sure the Security Gateway with the IPS blade is not directly selected as an Install On target.

If it is, try changing the Install On for each rule so that it is * Policy Targets and then try disabling the IPS blade.

 

HTH

Tal

Jerry
Leader
Leader
‎2019-04-30 04:47 AM
In response to Tal_Paz-Fridman

2.PNG

 

see below Tal. I have never had here any "targets" selected though I don't think this applies to my case.

Now the GW has IPS blade enabled, and after the complete reboot of the GW all seems just fine:

3.PNG

I have really no clue why I couldn't "deselect" blade on GW object and save it 1h ago.

Jerry
Wolfgang
Mentor
Mentor
‎2019-04-30 05:25 AM
In response to Jerry

Jerry,

that's magic. Maybee some earth rays or other things in the air are affecting the SMS..

I love our IT job, normally it consist of 0 and 1 but sometimes something between 😎 

Wolfgang

Wolfgang
Mentor
Mentor
‎2019-04-30 04:28 AM

Jerry,

we had the same problem last month.

 

0 Kudos
TP_Master
Employee
Employee
‎2019-05-02 11:23 PM

Conclusion: Don't disable the IPS blade.

Why would you even want to do that? 🙂
Jerry
Leader
Leader
‎2019-05-03 01:26 AM
In response to TP_Master

neva! 😛
Jerry
0 Kudos
Amit_Koren
Participant
‎2020-01-07 02:32 AM
In response to TP_Master

I needed to disable IPS according to sk163752

I did not have a target in the Install On column of the Threat Prevention policy.

For me, the issue was that the gateway was selected under automatic install after IPS update.

I had to remove the gateway, install database and only then i could uncheck the IPS blade.