Most of the time I was extremely pleased with Checkpoint products ,at least for me their products were rock solid - until one day I wasn't able to install new policies on my Checkpoint FW. The symptom was quite awkward - after saving the policy and verifying it successfully, during the installation process I always got an error saying "Installation failed. Failed to load Policy on Module" no matter what I tried, no additional info was specified which complicated things a bit.
Here is my workaround for the problem:
After you've logged in into the appliance as admin user (either via console or ssh) ,type:
# Expert
In order to get into privileged (Expert) mode (which basically allows you to work as "root" user on the appliance , as it was a regular Linux box).
After you got into expert mode the prompt will change to:
[Expert@firewall]#
Now, you need to locate the "fwm" process (which is the FW management), kill it and then restart it.
Please note that if your SmartDashboard (or any other Checkpoint applications) are connected to the FW ,it will terminate them, yet the FW traffic (including any established VPN connections) will not be affected, so proceed without worries:
[Expert@firewall]#ps -ef|grep fwm
[Expert@firewall]#kill fwm-pid
[Expert@firewall]#fwm &
After fwm was started successfully on your FW box, try installing the policy again - usually this should do the trick.
If restarting fwm did not help, as a last resort only, you will need to restart the CP services.
This will of course disconnect any sessions and every established VPN connections, so think twice before executing it:
[Expert@firewall]#cpstop && cpstart.
The CP restart process takes around ~1 minute during which the FW may seem unresponsive.
This did the trick for me and I hope it helped some one out there too.
If you have more elegant solution for this issue, please let me know.
Cheers.
No comments:
Post a Comment