The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Policy installation fails with "Database conversion failed" when using an empty group in a NAT rule
Security Management, Multi-Domain Management
Platform / Model
Policy installation on R76 / R77 Security Management Server fails with "Database conversion failed".
Policy Verification might fail with the following errors related to Application Control rulebase (refer to sk66042):
app_rulebase_read_rules: error getting '##<NAME_OF_POLICY>' set
gen_appi_rulebase_tables: error getting application rules set
Failed to load application rulebase
Failed to generate the rulebase
Operation ended with errors.
Debug of FWM daemon (per sk86186) during policy installation shows:
Group doesn't have any members, impossible!
Failed to create group without ipv6 objects
Failed to convert object in rule
Failed to remove ipv6 objects from NAT rules
Starting in R76. new code was added to handle IPv6 traffic. This code assumes that it is not possible to have an empty group object in a NAT rule, disabled or not.