Checkpoint Failed to load policy on module
精选
转载
Failed to load Policy on Module' error in SmartDashboard when policy installation fails
|
|
| Solution ID: |  | sk89001 | | Product: | | Security Gateway | | Version: | | R70, R71, R75, R76, R77 | | Date Created: | | 03-十二月-2012 | | Last Modified: | | 03-十二月-2013 |
| |
|
|
| SYMPTOMS |
|
'Failed to load Policy on Module' error in SmartDashboard when policy installation fails.
Loading the local policy with 'fw fetch localhost' command on the Security Gateway succeeds.
The files in the $FWDIR/state/__tmp/FW1/ directory on the Security Gateway are not updated when the policy installation is attempted from the SmartDashboard.
Debug of FWM daemon on Security Management Server shows:
CPTA_InstallFailReasonTranslate: error number 5
|
|
| CAUSE |
|
The CPD process is not running Security Gateway or has stopped working correctly. This can happen if CPD process is not being monitored by the Check Point WatchDog process.
|
|
| SOLUTION |
|
Follow these steps on Security Gateway: Stop the CPD process:
[Expert@HostName]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"
Check if the CPD process is not running anymore:
[Expert@HostName]# ps auxw | grep cpd
If the process is still running, the kill it manually:
[Expert@HostName]# kill -KILL $(ps auxw | grep -w cpd | awk '{print $2}')
Start the CPD process:
[Expert@HostName]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"
Check the status of CPD process:
[Expert@HostName]# cpwd_admin list | grep -E "APP|CPD"
The 'CPD' process should appear in the output, and its STAT should be 'E' (executing)
Example: cpwd_admin:
APP PID STAT #START START_TIME COMMAND MON
CPD 2808 E 1 [10:34:50] 15/6/2012 cpd Y
Install the policy in SmartDashboard.
Note: Restarting the CPD process on a Standalone machine will not have impact on the passing traffic.
|
