CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Can't push updates: INTERNAL ERROR in execval: optimization disabld: displcmt too lrg

  1. #1
    Join Date
    2011-02-23
    Posts
    2
    Rep Power
    0

    Default Can't push updates: INTERNAL ERROR in execval: optimization disabld: displcmt too lrg

    Hi All,

    We currently discovered that we are unable to push policy with errors noted as below. We’ve been running with our current management/gw software versions for some time without incident. Management server is R71 SPLAT.

    The gateways are 2 R65 hfa60 SPLAT devices configured in active/active cluster mode.

    Error is as follows on policy push:
    NGX R65 Network Security "/opt/CPNGXCMP-R71/conf/updates.def", line 62615: INTERNAL ERROR in execval: optimization disabled: displacement too large

    NGX R65 Network Security "/opt/CPNGXCMP-R71/conf/updates.def", line 62615: INTERNAL ERROR in execval: optimization disabled: displacement too large

    NGX R65 Network Security "/opt/CPNGXCMP-R71/conf/PROV-CLUSTER.pf", line 122813: INTERNAL ERROR in LenLimit: displacement too big 4134 (max = 4080)

    MEA-Cluster NGX R65 Network Security Compilation failed.

    MEA-Cluster NGX R65 Network Security Operation ended with errors.

    This seems to coincide with a recent addition of a setting up a new remote client tunnel with us.

    I based this one when I looked at the reference line numbers on the shell of the management server.

    If we do go back in and remove the last added tunnel we can push all of the other changes we want, Security rules additions/changes etc with no problem.

    I presume we've not hit some kind of limit with remote interoperable devices or anything.

    Thanks for any insight folks can share.

    -Jamie

  2. #2
    Join Date
    2006-05-15
    Posts
    10
    Rep Power
    0

    Default Re: Can't push updates: INTERNAL ERROR in execval: optimization disabld: displcmt too

    Hi

    I ran into the same problem as well, however, just undoing the change did not help. Since then, we can't install the specific policy for that gateway, and another (Connectra) gateway is now affected as well. We can install policies for all other gateways.
    We're currently stucked.
    We run Provider-1 R75.20, and the gateway suffering rns R65 HFA_70

    Any hints are very well appreciated

  3. #3
    Join Date
    2006-12-04
    Posts
    1,316
    Rep Power
    15

    Default Re: Can't push updates: INTERNAL ERROR in execval: optimization disabld: displcmt too

    We also have seen those type of errors on any R75 and test policy for R65 GWs.

    Sorry can not help,we are running R70.x , and probably will run next 5 Years..

  4. #4
    Join Date
    2006-05-15
    Posts
    10
    Rep Power
    0

    Default Re: Can't push updates: INTERNAL ERROR in execval: optimization disabld: displcmt too

    possible cause found!!

    In our envioronment, the problem was caused by duplicate IP addresses used for 2 Check Point objects. We had a single VSX system defined with 5 virtual firewalls.
    For an upgrade from that VSX single system to a VSX cluster, we created a new VSX cluster object using the same IP addresses for its virtual systems as the single system already used. This caused the installation problems even for other gateways from the same CMA (or SmartCenter in a non P-1 environment). Changing all the IP addresses of the virtual firewalls on the new cluster to something unique solved the problem immediately!!
    Lessom learned: Never ever use the same IP addresses for different Check Point objects, regardless iif they are connected to your network or not!

Similar Threads

  1. CPHAD & Policy Push Error
    By ACREMAKETU in forum SmartView Monitor
    Replies: 0
    Last Post: 2008-12-11, 15:32
  2. ICS Updates competed with error
    By armando.ferreira in forum Mobile Access Blade (Formerly Connectra)
    Replies: 0
    Last Post: 2008-04-09, 17:55
  3. error of anti-spoofing on policy push
    By james.mathieson in forum Miscellaneous
    Replies: 3
    Last Post: 2007-10-09, 15:16
  4. Capacity Optimization
    By switzer in forum Miscellaneous
    Replies: 4
    Last Post: 2007-09-16, 08:08
  5. Internal Error 11
    By AndyB in forum Miscellaneous
    Replies: 1
    Last Post: 2005-11-17, 20:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •