Thursday, February 28, 2013

Could not push policy from R75.40VS to R67.10 VSX

A customer of mine could not install policy to a Virtual System on R76.10 VSX cluster after upgrading MDM servers to R75.40VS.

Policy verification was failing with multiple errors (some data removed):

 INTERNAL ERROR in execval: optimization disabled: displacement too large
INTERNAL ERROR in execval: optimization disabled: displacement too large
ERROR: Table or domain are not allowed here
ERROR: table '<'quota_table'>' has no predefined format
ERROR: table '<'quota_table'>' has no predefined format
Compilation failed.
Operation ended with errors.

The messages look quite scary, but no worries.  The key here is quota_table.

In fact it is an old error from 2007, related to Network Quota being enabled in IPS profile. Disabling Network Quota fixes the issue. Check Point has SK32549 for that.

Although it is something known for long, I am wondering why it has been surfaced only after MGMT part being upgraded. 

Please let me know if you encountered this issue as well.
Posted by at

2 comments:

  1. bfMay 17, 2013 at 12:44 PM

    Ask for a fix to enable the IPS protection. We got one for R75.40VS managing the R67.10 VSX.

    ReplyDelete
    Replies
    1. Valeri LoukineMay 17, 2013 at 12:49 PM

      In fact, one can also increase the size of the quote_table (cannot be done for VSX R65 though).

      Delete

Subscribe to: Post Comments (Atom)