This morning i have come across a Checkpoint problem: No way to perform a succesful policy installation in any of the several virtual system gateways I have in my environment.
As you can see the returning error is: Policy installation failed on the gateway. If the problem persists contact Check Point support [Error code: 0-2000040].
Fortunately i found a generic fix that worked for me: SK154435
I encourage you to follow the steps directly browsing to the SK.
Anyway, in a few words, this is what I did:
The problem is probably caused by a corrupted policy object. To check for corrupteds objects:
# cd $FWDIR/conf/ # grep -e $'^\t\t: (' objects_5_0.C -e "is_mail_server (false)" -e mail_server_prop | grep -v "mail_server_prop ()" | grep mail_server_prop -B 2 | grep ":is_mail_server (false)" -B 1 | grep -e $'^\t\t: ('
The grep returned a server (“SERVER01”), but it can return more than one.
- Open the Host in the Smarconsole, “Servers” sections
- For each kind of server (Web, Mail and DNS), check and uncheck
Two important notes from the SK:
- If an option is checked, do not change it.
- Do not perform step 2 for more than one server at a time. In our example, you should not check “Web Server”, then check “Mail Server”, then proceed to uncheck them both, but rather check “Web Server”, then uncheck it, and proceed to the next one.
- Publish and install poilicy