CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Verification Error - Policy Failure

  1. #1
    Join Date
    2017-11-01
    Posts
    37
    Rep Power
    0

    Default Verification Error - Policy Failure

    Hi,

    I have policy install failures on all my gateways.

    Verification problems from install_policy.elg shows..

    27/02/18 10:27:32,008 INFO com.checkpoint.management.dleserver.coresvc.intern al.LegacyPolicyLoader$PolicyLoadTask.doWork:175 [taskExecutor-27]: Completed to load legacy policy for product 'Threat'
    27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:105 [taskExecutor-29]: Execution for instance 3768cf4f-9242-4a5c-b491-951d0f1006fc had failed due to an execution exception
    org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
    at org.apache.commons.exec.DefaultExecutor.executeInt ernal(DefaultExecutor.java:377)
    at org.apache.commons.exec.DefaultExecutor.access$200 (DefaultExecutor.java:46)
    at org.apache.commons.exec.DefaultExecutor$1.run(Defa ultExecutor.java:188)
    27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:159 [taskExecutor-29]: All policy loading commands had failed due to execution exceptions
    27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:184 [taskExecutor-29]: Loader executions completed
    27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:204 [taskExecutor-29]: Command's full output:

    There are no specifics SK articles for this, however I have tried moving mv $FWDIR/conf/last_dump.C $FWDIR/conf/last_dump.C.ORIG.

    Any other suggestions?

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: Verification Error - Policy Failure

    Quote Originally Posted by JPYDX View Post
    Hi,

    I have policy install failures on all my gateways.

    Verification problems from install_policy.elg shows..

    27/02/18 10:27:32,008 INFO com.checkpoint.management.dleserver.coresvc.intern al.LegacyPolicyLoader$PolicyLoadTask.doWork:175 [taskExecutor-27]: Completed to load legacy policy for product 'Threat'
    27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:105 [taskExecutor-29]: Execution for instance 3768cf4f-9242-4a5c-b491-951d0f1006fc had failed due to an execution exception
    org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
    at org.apache.commons.exec.DefaultExecutor.executeInt ernal(DefaultExecutor.java:377)
    at org.apache.commons.exec.DefaultExecutor.access$200 (DefaultExecutor.java:46)
    at org.apache.commons.exec.DefaultExecutor$1.run(Defa ultExecutor.java:188)
    27/02/18 10:27:45,203 ERROR com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.processExecutionErrors:159 [taskExecutor-29]: All policy loading commands had failed due to execution exceptions
    27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:184 [taskExecutor-29]: Loader executions completed
    27/02/18 10:27:45,203 INFO com.checkpoint.management.dleserver.coresvc.intern al.PolicyLoaderTask.executeLoadCommands:204 [taskExecutor-29]: Command's full output:

    There are no specifics SK articles for this, however I have tried moving mv $FWDIR/conf/last_dump.C $FWDIR/conf/last_dump.C.ORIG.

    Any other suggestions?
    What is the version of management and gateway? My guess is R80+ management and R77.30 gateway.

    Are you able to successfully install just the Access Control policy without Threat Prevention (TP)? If so, manually update TP/IPS signatures and try again. Can't say I've seen this before, a debug of cpm/fwm is probably your next step as those Java exceptions aren't too helpful. Also visit the Audit log view in SmartConsole and try to figure out what was changed just prior to this starting to occur.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2017-11-01
    Posts
    37
    Rep Power
    0

    Default Re: Verification Error - Policy Failure

    Quote Originally Posted by ShadowPeak.com View Post
    What is the version of management and gateway? My guess is R80+ management and R77.30 gateway.

    Are you able to successfully install just the Access Control policy without Threat Prevention (TP)? If so, manually update TP/IPS signatures and try again. Can't say I've seen this before, a debug of cpm/fwm is probably your next step as those Java exceptions aren't too helpful. Also visit the Audit log view in SmartConsole and try to figure out what was changed just prior to this starting to occur.
    Tim -

    R80.10 Management with R80.10 Gateways - fully updated with latest Jumbo Hotfix.

    Threat Prevention succeeds - access control is the one that fails.

    Ill debug cpm/fwm.

    Any suggestions based on the above?

Similar Threads

  1. Replies: 5
    Last Post: 2017-04-28, 09:02
  2. policy verification warning. what is this?
    By cciesec2006 in forum Miscellaneous
    Replies: 13
    Last Post: 2012-02-22, 12:46
  3. CMA : Cannot allocate memory error during policy verification
    By manuadoor in forum Provider-1 (Multi-Domain Management)
    Replies: 3
    Last Post: 2011-06-06, 05:52
  4. Rule IDs wrong in policy verification failure message
    By cameronem in forum SmartDashboard
    Replies: 2
    Last Post: 2010-10-07, 17:31
  5. NAT and Policy Verification
    By wiz999 in forum NAT (Network Address Translation)
    Replies: 1
    Last Post: 2009-01-30, 12:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •