Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Provider-1 Failed to Create Version

from cisco4ng [Permanent Link]
Subject: Re: [FW-1] Provider-1 Failed to Create Version
From: cisco4ng <cisco4ng AT YAHOO DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Fri, 30 Jun 2006 15:16:01 -0700 
Todd,
   
  I have two P-1 Managers (one in the US and one in the UK), and four other P-1
  containers (two in the US, one in the UK and one in Asia).  We have about 300 
CMAs
  across those four containers.  We do not have Active/Standby CMAs since they
  are not available in NG FP3, only in AI or higher.  All of our CMAs have this 
problem
  consistently across all containers.
   
  Sometime I wish Checkpoint adopts the Cisco TAC model.  Cisco TAC is much 
  better and more responsive than Checkpoint TAC.  Checkpoint Firewall is a 
great
  product, it is too bad that checkpoint TAC is nowhere near that.  I am 
willing to pay
  more for checkpoint TAC support if they can get their act together.
   
  just my thought.

"Larson, Todd (LNG-DAY)" <Todd.Larson AT LEXISNEXIS DOT COM> wrote:
  We ran on Solaris 9 (64-bit) R55 AI for almost two years and never 
experienced a problem like this. An important note, my migration path included 
new platform OS (SPLAT) new IP's, and new hostnames; not something I recommend 
unless you were required to (like me and not using VPN). Currently, I'm working 
with Jason De Ray (escalation Engineer), I've worked with and met David Talley 
he's a sharp guy normally with his nose in the code. 



Are your problems consistent across all CMA's or just one or two CMA's like 
mine?



________________________________

From: cisco4ng [mailto:cisco4ng AT yahoo DOT com] 
Sent: Friday, June 30, 2006 4:07 PM
To: Mailing list for discussion of Firewall-1
Cc: Larson, Todd (LNG-DAY); luke.marty AT NWA DOT COM
Subject: Re: [FW-1] Provider-1 Failed to Create Version



Tood/Luke,



Welcome to the club. I've been having this issue with P-1 NG Feature Pack 3 

running on Solaris 9 for almost two years now. I opened many TAC cases with 

Checkpoint and those checkpoint TAC engineers turned around and blamed the

problem at Sun. Luke, I am suprised when you opened the TAC case with Checkpoint

that they didn't blame this problem on SPLAT; oh I forgot, checkpoint is 
responsible

for both the OS and Apps so they are giving you the classic run-around answer.

Checkpoint TAC support has been nothing but a scam and they even have the nerve

to tell me that I should upgrade my support to diamond support. I am NO 
checkpoint

expert but in my humble opinion, I think I know just as much as some of the 

checkpoint TAC engineers. Their response is always to upgrade when they 

themselves can not say with confidence that upgrade will fix the problem.

I think a lot of folks in this forum is better than checkpoint TAC engineers.



By the way, who are the checkpoint TAC engineers you are working with? Charles

Morris, Rob Hughes, David Talley, Shipi Dey? I would be interested in knowing 
how

long it would take them to fix your issue(s). According to Checkpoint, they are 
tier-3 

level engineers. If they can not resolve the issue, it goes to Israsel. Well, I 
opened 

about 5 TAC cases with them and they went nowhere. Dealing with checkpoint

only raises my blood pressure.





"Marty, Lukas" wrote:

I am experiencing the same behavior after upgrading from R55 to R61. I
haven't changed the MAX-FILE setting but have attempted just about
everything else. Opened a ticket with CP, they had me up the debug
level and test again. The output mentioned disk errors, but I'm fairly
confident this is not the issue. I had gone through the upgrade, fsck's
etc. the week before with no problems. On top of not seeing any other
issues that would point at disk failure. Their suggestions after that
were to restore my config onto a test machine and test again. Not
exactly the support I was expecting. 

-Luke

Luke Marty
Network Security Engineering

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Larson,
Todd (LNG-DAY)
Sent: Friday, June 30, 2006 7:20 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Provider-1 Failed to Create Version

Since our Provider-1 migration from R55 Solaris to R60 (HFA_02) Splat,
we've been experiencing a problem with "Failed to create version" errors
when attempting to create a revision when pushing policy or manually.
The problem occurs only in two of our 8 CMA's, there's plenty of Memory
and HDD space available (i.e. does not appear to be a resource issue).
I've increased the MAX-FILE (file handles) size to 100000 and restarted
the MDS, and created exactly 4 new versions in each CMA before it
started giving errors again.

Anyone else out there experience anything similar?

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================





________________________________

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates 
starting at 1¢/min. 


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


 __________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Provider-1 Failed to Create Version, Larson, Todd (LNG-DAY)
Next by Date:  Re: [FW-1] Gotomeeting.com, John Steiner
Previous by Thread:  Re: [FW-1] Provider-1 Failed to Create Version, Larson, Todd (LNG-DAY)
Next by Thread:  [FW-1] External IP address as the IP of the object, Flores Portillo, Israel
Indexes:  [Date] [Thread] [Top] [All Lists]