Failed to load Policy on Module' error in SmartDashboard when policy installation fails

Solution ID: sk89001
Product: Security Gateway
Version: R70, R71, R75, R76, R77
Date Created: 03-十二月-2012
Last Modified: 03-十二月-2013
Rate this document






[1=Worst,5=Best]
SYMPTOMS
  • 'Failed to load Policy on Module' error in SmartDashboard when policy installation fails.

  • Loading the local policy with 'fw fetch localhost' command on the Security Gateway succeeds.

  • The files in the $FWDIR/state/__tmp/FW1/ directory on the Security Gateway are not updated when the policy installation is attempted from the SmartDashboard.

  • Debug of FWM daemon on Security Management Server shows:
    CPTA_InstallFailReasonTranslate: error number 5

CAUSE

The CPD process is not running Security Gateway or has stopped working correctly.

This can happen if CPD process is not being monitored by the Check Point WatchDog process.


SOLUTION

Follow these steps on Security Gateway:

  1. Stop the CPD process:

    [Expert@HostName]# cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

  2. Check if the CPD process is not running anymore:

    [Expert@HostName]# ps auxw | grep cpd

    If the process is still running, the kill it manually:

    [Expert@HostName]# kill -KILL $(ps auxw | grep -w cpd | awk '{print $2}')

  3. Start the CPD process:

    [Expert@HostName]# cpwd_admin start -name CPD -path "$CPDIR/bin/cpd" -command "cpd"

  4. Check the status of CPD process:

    [Expert@HostName]# cpwd_admin list | grep -E "APP|CPD"

    The 'CPD' process should appear in the output, and its STAT should be 'E' (executing)

    Example:

    cpwd_admin: 
    APP        PID    STAT  #START  START_TIME             COMMAND              MON  
    CPD        2808   E     1       [10:34:50] 15/6/2012   cpd                  Y    
    


  5. Install the policy in SmartDashboard.



Note: Restarting the CPD process on a Standalone machine will not have impact on the passing traffic.