Support Center > Search Results > SecureKnowledge Details
Policy installation fails on gateway with "Error code 0-2000240" Technical Level
Symptoms
  • Policy installation fails on gateway with error code 0-2000240 when Drop templates option is enabled and there is a huge list of IP range.

  • Policy installation debug shows:

    ...;[cpu_11];[fw4_0];ifn 31, range 20: X.X.X.X - 223.255.255.255;
    ...;[cpu_11];[fw4_0];ifn 31, range 21: 240.0.0.0 - 255.255.255.254;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 has 22 ranges list;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 is external;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 Anti spoofing violations will be tracked;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 Anti spoofing  will be enforced in monitor only mode;
    ...;[cpu_11];[fw4_0];24346: X.X.X.X - Y.Y.Y.Y;
    ...;[cpu_11];[fw4_0];24347: X.X.X.X - Y.Y.Y.Y;
    ...;[cpu_11];[fw4_0];24348: X.X.X.X - Y.Y.Y.Y;


  • Reboot on affected member may resolve the issue for some time.
Cause
Huge IP range list is causing issue during Security policy compilation.


Solution
Note: To view this solution you need to Sign In .