The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

FireWall-1 FAQ: Fasiled to Load Security Policy on gateway: Operation Would Block

Please note: This content was from when I was operating my FireWall-1 FAQ site, which I stopped operating in August 2005. For some reason people still have links to this stuff on the Internet that people are still clicking on.


I am making this information available again AS IS. Given how old this information is, it is likely wildly inaccurate. I have no plans to update this information.


If you're still running versions of Check Point VPN-1/FireWall-1 where this information is still relevant to you, do yourself a favor and upgrade to a more recent release. If you happen to be running a current release and the information is useful, it's by happenstance :)


Q:

When I try to load a new rule from 'control' to 'gateway', I get the following error message:

Failed to Load Security Policy on gateway: Operation would block

A:

This means that the connection between the management and firewall module would time out. This timeout does not normally need to be adjusted. You can do so by adding the following to the top $FWDIR/lib/setup.C on the management console:

:fwd_conn_tout (###)

Where ### is the number of seconds you want the timeout to be (25 seconds is default). After you've done this, the file will look like:

( 
    :fwd_conn_tout (###) 
    :setup_version (300) 
    :has_iiicom (true)

Note: this file may get overwritten on upgrades, so if you do an upgrade of any sort, you may have to re-apply this change.

C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.