Support Center > Search Results > SecureKnowledge Details
Policy installation fails on gateway with "Error code 0-2000240" Technical Level
  • Policy installation fails on gateway with error code 0-2000240 when Drop templates option is enabled and there is a huge list of IP range.

  • Policy installation debug shows:

    ...;[cpu_11];[fw4_0];ifn 31, range 20: X.X.X.X -;
    ...;[cpu_11];[fw4_0];ifn 31, range 21: -;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 has 22 ranges list;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 is external;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 Anti spoofing violations will be tracked;
    ...;[cpu_11];[fw4_0];cphwd_prepare_anti_spoofing_enforce: Interface 31 Anti spoofing  will be enforced in monitor only mode;
    ...;[cpu_11];[fw4_0];24346: X.X.X.X - Y.Y.Y.Y;
    ...;[cpu_11];[fw4_0];24347: X.X.X.X - Y.Y.Y.Y;
    ...;[cpu_11];[fw4_0];24348: X.X.X.X - Y.Y.Y.Y;

  • Reboot on affected member may resolve the issue for some time.
  • fwk.elg (USFW/VSX) or dmesg (kernel mode) shows "cphwd_multik_prepare_api_stat_cb: expired.;" after policy installation failed
Huge IP range list is causing issue during Security policy compilation.

Note: To view this solution you need to Sign In .