checkpoint failure while copying files to compatibility package directory

We are getting error "Failure while copying files to compatibility package directory" and "Operation Ended with Errors" when we try to install a new policy on our Checkpoint firewalls.

We have a pair of R60's running HFA_05, hotfix 605 and have a dedicated mgmt host (R61). We have not rebooted them for a couple of years. Unfortunately we have no support contract and cannot call Checkpoint for advice.

We checked disk space and there is plenty of it for new policies. We considered simply rebooting but are concerned it may not come back up.

Has anyone seen this error before? Also, are there per/hr support options from 3rd party Checkpoint solution providers? Any that experienced Checkpoint folks can recommend?
skipervargAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

deimarkCommented:
Sadly in this case it may require CP assistance with which you say, is nit supported.

We have 2 options, remove the compat packages that are causing the issue or purchase CP support and upgrade to R65/R70

This is more than likely a software issue and will require the in depth knowledge of CP to correct, unless we have a closet CP developer out there,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
skipervargAuthor Commented:
Hi Deimark,

Thanks for your suggestion. Some more information that may help steer the ship:
1. We have not installed any additional compat packages in at least 1.5 years.
2. We have been able to successfully apply new rules on almost a weekly basis until now.
3. The firewalls and mgmt devices have ~715 days of uptime.
4. Someone else suggested this solution: http://www.cpug.org/forums/nokia-ipso/7416-fail-install-policy.html

Perhaps we should try rebooting the mgmt host first - do you know if it is possible to do so without affecting the firewall (we have a distributed installation)?

thanks kindly.
0
deimarkCommented:
Rebooting the mgmt server does not affect any firewall at all bud.

All you will get is that while the smartcentre is down, the firewall will log locally instead of sending to the smartcentre.  There are steps you can take to recover these logs from the firewall, but if there is little traffic, there is little benefit in copying across the few minutes worth of logs.

Rebooting the mgmt doe snto affect the traffic going through the firewalls.

Having a look at the article you post there it all makes sense and I would give it a go bud.

One comment thought, I would leave the backup registry file, no need to delete it, not untill you are fully happy that its working fine for a week or so.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

skipervargAuthor Commented:
Deimark,

It turns out we do not have the standard or expert passwords for console access! So we cannot even try the steps in the article...we inherited this box so no means to get it from the last admin.

Is there a known password reset procedure for both passwords? All we have at this point is the console password for access the mgmt UI.

ack!
0
skipervargAuthor Commented:
Just a quick followup

1. We were missing the standard and expert passwords so I booted from a RH5 Rescue CD and edited the following file: /etc/shadow - I removed the admin password, saved the file. I inspected the /etc/passwd file and noticed that there was no "admin" account, just "root".
2. I rebooted into normal mode, logged in as root, dropped into expert mode and executed the passwd command to replace the standard password.
3. I did a check of the drivespace on the filesystem, (df-h) and noticed the /var partition was 100% full. Most of that was in the logs directory.
4. I did a cpstop, cleared out the logs, then cpstart and everything was ok.

Thanks for your suggestions and help.
0
deimarkCommented:
Glad to hear its all working now bud
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.