Re: [FW-1] Push policy fail after upgrade management portal to R71

Tue, 07 Sep 2010 00:45:07 -0700 

> On Tue, 7 Sep 2010 08:43:23 +0800, Konstantin Y Tselikhin <[email protected]>
> wrote:
>
> > After upgrade management portal from R70.30  to R71.10,  when
attempting to push  policy on security gateway version  R65 (HFA_70 Hotfix
670) it fail with following error:
> >
> > gw    NGX R65     Network Security        Standard:
> > gw    NGX R65     Network Security
> > /opt/CPNGXCMP-R71/conf/Standard.pf, line  103689: ERROR: stab
identifier
> > ssl_tunnels_excluded_services for host  all redefined
> > gw    NGX R65     Network Security
> > /opt/CPNGXCMP-R71/conf/Standard.pf, line 103700: ERROR: stab
identifier
> > ssl_tunnels_excluded_services for host all redefined
> > gw    NGX R65     Network Security

> Can you show us the relevant section in your Standard.pf file?
In my Standard.pf file declaration "ssl_tunnels_excluded_services" repeated
3 times, see below:

#ifdef PROFILE_0
ssl_tunnels_excluded_services = {
        <6, 443, 443>,
        <6, 636, 636>,
        <6, 993, 993>,
        <6, 18205, 18205>
};
#define ADP_SSL_TUNNELS_EXCLUDED_SERVICES_EXISTS 1

#endif

#ifdef PROFILE_0
ssl_tunnels_excluded_services = {
        <6, 443, 443>,
        <6, 636, 636>,
        <6, 993, 993>,
        <6, 18205, 18205>
-------------- line  103689 -------------- };
#define ADP_SSL_TUNNELS_EXCLUDED_SERVICES_EXISTS 1

#endif

#ifdef PROFILE_0
ssl_tunnels_excluded_services = {
        <6, 443, 443>,
        <6, 636, 636>,
        <6, 993, 993>,
        <6, 18205, 18205>
-------------- line 103700 -------------- };
#define ADP_SSL_TUNNELS_EXCLUDED_SERVICES_EXISTS 1

#endif


> Did you run the pre-upgrade verifier before the upgrade? Didn't it warn
> you about conflicts?
No, I don`t run pre-upgrade verification.
But no warnings in upgrading process.

> Was this a new NGX R65 installation or was it upgraded from an older
> version in the past?
This version was upgraded from older version.
Older version R61.


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Reply via email to