"Intrusion Prevention Rules Failed to Compile" error appears in Deep Security

Product / Version includes:

Deep Security10.0

Last updated: 2021/08/28

Solution ID: KA-0004445

Category: Troubleshoot

Summary

Performing an update on a machine may fail and the following error may occur on Deep Security Manager:

Intrusion Prevention Rules Failed to Compile
Description: This error may be caused by system memory issues. Please check the DS_Agent.Log file and search for the error messages related to Compile, or check the diagnostic package for details.

On the Agent/Appliance Events, the following appear:

Level: Error
Event ID: 2090
Event: Security Configuration Error
Description: Error compiling configuration:
Error(s) error: too many application types apply to port 80 can't open preload file - ignored /var/opt/ds_agent/filter/preload.tbf 1 errors during parsing

This error may occur because the maximum number of Application Type that can be assigned on a port is reached. By default, the maximum number allowed is eight (8). Once it reaches nine (9) or above, the error will display.

To resolve the issue, create the following port lists and apply the following Application Types:

Custom Port List 1, Incoming, Port(s): 80
- Web Application Perl Based
- Web Application PHP Based
- Web Server Apache
Custom Port List 2, Outgoing, Port(s): 80, 8080, 3128
- Web Client Common
- Web Client Mozilla Firefox
- Web Proxy Squid
Custom Port List 3, Incoming, Port(s): 80, 8000, 8080, 8081, 3000, 3128, 443
- Web Server Squid
- Web Server HTTPS
- Web Application Tomcat
- Web Application Ruby Based

To apply on computer-level:

Log in to the web console with administrator privileges.
Create a custom port list.
1. On the web console, go to Policies > Lists > Port Lists.
2. Click New > New Port Lists.
3. Enter a name and description for the port list.
4. Under ports, input the ports listed above, one port per line.
5. Repeat these steps for each of the three port lists.
On the web console, go to Computers and select the necessary computer.
Navigate to Intrusion Prevention > Assign/Unassign...
Modify the drop-down list to All, Assigned, and By Application Type.
Edit the Application Type on the computer-level.
1. On the upper-right, search for the application type (e.g. Web Application PHP).
2. Click the Application Type and select all IPS rules listed underneath. There is no need to select the checkbox of the application type.
3. Right-click and select Application Type Properties...
4. On port, uncheck Inherited and modify the drop-down button from Any to Port Lists.
5. Select the appropriate port list (e.g. Custom Port List 1), and then click OK.
Repeat Steps 1-6 for all the involved application types.

Another possible cause of this error is the invalid IP address format of the IP List or IP address defined in one of the Firewall Rules, which is assigned in the Security Profile. The IP address might contain an extra dot (.) after the last octet ("x.x.x.x.").

To resolve the issue:

Log in to the Deep Security Manager (DSM) console.
Go to Policies > Lists > IP Lists.
Check the IP address defined in each of the list.
Remove the extra dot (.) after the last IP address ("x.x.x.x.").
It should look like this: "x.x.x.x"

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

"Intrusion Prevention Rules Failed to Compile" error appears in Deep Security

"Intrusion Prevention Rules Failed to Compile" error appears in Deep Security

Product / Version includes:

Summary