Failed to run fw comp:no error

[rstephens]

Has anyone seen this error on a SmartCenter server that was not running Windows 2003?

Solution sk31368 incorrectly states that implementing HFA-15 or higher resolves this issue.

In my scenario, I created a host object and added it to a group used to block certain hosts from connecting inbound or allowing any outbound connections to these hosts. The SmartCenter manages 3 different firewalls, 2 are single gateways and the other is a VRRP cluster. All the firewalls are Nokia's. These two rules are number 1 and 2 in each rule set:

grp-blocked ANY ANY Drop
ANY grp-blocked ANY Drop

Installation to the single gateways works without issue but it fails with a
"Failed to run fw comp:no error" message when trying to install ot the cluster.

If I insert a new rule number 3 that reads:
host-25 ANY ANY Drop
(host-25 was the new host that was created and added to the group) and then disable this new rule 3. The policy will install without issue to the cluster.

Anyone have any ideas on this?

[foyster]

This will save you (Good Ole Phoneboy)

http://oldfaq.phoneboy.com/gurus/200508/msg00125.html

Cheers
Brad Foy

[Porter]

that's the same error message I recieve when I create a Edge object and try to install the policy on the gw's, the hint from Phoneboy did not solve the problem
I already talked about this in the edge forum, we have now a call open at CP. We heard from several CP workers that this is DB related, I think in our case it's caused due to the update from r55 to r60

[Porter]

CP mentioned sk31108, maybe this will work for you?
did not help in our case :D

[leonid77]

We had the same problem with exactly same config (R60 HFA03 mgmt on Windows 2003 Server, managing a R60 HFA03 Splat cluster. In our case, we had activated some of the controls in WI tab (such as XSS, SQL injection etc.) although we didn't have WI license (anyway it was working and protecting our web servers). When we removed those protection checks in WI tab and removed the Web Server check mark from the host objects, policy is now compiling OK.

Regards,

Leon

[carlsberg]

Hi guys!

This is crazy but i have tried every solution but nothing works.
But early today i find a wierd solution. In Smartdefense mark Malformed PNG files and it works again, even tried to unmarked after, then it still get me an error.

regards

Mats

[cprabel]

I agree that it's crazy but it works.
We tonight upgrade from FP3 to R61 (a big step isn't it? ...) and we ran into this problem.
Enabling the Malformed PNG files check in SmartDefense solved the compilation error.

Thanks Checkpoint for this workaround hum hum .....

regards
Chr!sPee

[Steve]

yes enabling the malformed png filter worked for us too.

[dudley237]

I am running R55 on a Nokia IP 530 and had the same problem. I deleted 2 nodes and tried to do a policy push and got the error "Failed to run fw comp:no error". Turns out I had to reset my password in the Checkpoint Administrator Settings. My other administrators were able to push policy find but I couldn't and it gave me that error.