https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-CP-gateways-quot-lose-quot-interfaces-fw-getifs-is-empty/m-p/204340#M38534 <P>Doesn’t matter what the OS configuration says if the firewall kernel module can’t see the interfaces.<BR />Interface mapping issues is usually an issue that you see on Open Servers only.</P> <P>I do know that we did a kernel update in R81.20 which also included updates to the various NIC drivers.<BR />If I had to guess, it has something to do with that.<BR />We should have handled this through the upgrade process, though…</P> Sat, 27 Jan 2024 21:43:49 GMT PhoneBoy 2024-01-27T21:43:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-CP-gateways-quot-lose-quot-interfaces-fw-getifs-is-empty/m-p/204232#M38523 <P>I had a strange behavior on a gateway (appliance 3x00) that run on Gaia R81.10 JHF take 109.<BR /><BR />after several month running without problems, during normal operation some night before the gateway was not reachable by network anymore.<BR />HW seems to be okay.<BR />Connection by serial port was possible.<BR />every outgoing ping from the gateway returns "operation not permitted."&nbsp;<BR /><STRONG>fw unloadlocal</STRONG> did not solve the problem.<BR /><STRONG>fwaccel off</STRONG> did not solve the problem.</P><P><STRONG>reboot</STRONG> didn't solve the problems. During boot the I can see that the gateway is unable to fetch the policy from gateway anymore, but without cp service the routing is working and the ports are reachable.</P><P>After <STRONG>cpstop</STRONG> all outgoing and incoming connections - beside NAT/VPN - worked based on routing.</P><P>After <STRONG>cpstart</STRONG> sames problem as before.</P><P><U><STRONG>fw getifs</STRONG> did not show any interfaces anymore!</U></P><P>But ip address/ip route&nbsp; showed the correct configuration, <STRONG>show config</STRONG> in clish, too.<BR /><BR />After that we did a factory restore the R77.30 and upgrade to R81.10, reset SIC, reconnect to Mgmt and do a policy install with the old policy - no problems, every thing worked again.<BR /><BR />Then we did a upgrade to JHF 109 an we had the same problems as before.<BR />A uninstall of the JHF did <U>not</U> solve the problems!</P><P><BR /><U><STRONG>fw getifs</STRONG> still did not show any interface anymore!</U></P><P><BR />I had a similar problem a year before at a different customer on all nodes of 2 gateway clusters (5x00 and 3x00) with R81.10 JHF take79 after reboot of these clusters.&nbsp;</P><P><BR />We did a fresh install of these gateways, which solved the problems.</P><P>I already opened a case at CP.</P><P>They told me, based on the analyze of the snapshot files, there was a mismatch between OS interface mapping and CP interface mapping...that should not happened...<BR /><BR /><U>but the root cause is still unknown!</U></P><P><BR />Inside the Smart Center objects the interfaces are correct...<BR /><BR />So my question is, did anyone had similar problems before?<BR /><BR /><BR /><BR /></P><P>&nbsp;</P> Fri, 26 Jan 2024 10:08:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-CP-gateways-quot-lose-quot-interfaces-fw-getifs-is-empty/m-p/204232#M38523 DH 2024-01-26T10:08:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-CP-gateways-quot-lose-quot-interfaces-fw-getifs-is-empty/m-p/204340#M38534 <P>Doesn’t matter what the OS configuration says if the firewall kernel module can’t see the interfaces.<BR />Interface mapping issues is usually an issue that you see on Open Servers only.</P> <P>I do know that we did a kernel update in R81.20 which also included updates to the various NIC drivers.<BR />If I had to guess, it has something to do with that.<BR />We should have handled this through the upgrade process, though…</P> Sat, 27 Jan 2024 21:43:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Problem-CP-gateways-quot-lose-quot-interfaces-fw-getifs-is-empty/m-p/204340#M38534 PhoneBoy 2024-01-27T21:43:49Z