This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KonstantinS
Participant
‎2019-09-02 04:04 AM

R80.20 - Is the REST API working asynchronous?

Hi all,

We are currently doing a lot of stuff with the REST API (v1.3).

 

In general we are sending four API calls:

1. login

2. set-% (e.g. set-access-role)

3. publish

4. logout

 

Sometimes it happens that the change will not get through and/or the logout will not work.

It seems that the API Server is executing them asychronously, because it helps if we are inserting some waits (e.g. 10sec) between the calls. Without the waits it would be executed within milliseconds and leads into inconsistent objects. Of course, this isn't a solution because in our PROD environment we may have a higher load on the system later.

Has anyone the same or similar issues? Is the API Server executing the calls in some queue?

 

Regards,

Konstantin

0 Kudos
10 Replies
PhoneBoy
Admin
Admin
‎2019-09-02 08:36 AM

How many commands are you doing before you publish?
One thing we recommend as a best practice is to limit the number of changes made per session (a few hundred) before you publish.
0 Kudos
KonstantinS
Participant
‎2019-09-02 08:42 AM
In response to PhoneBoy

@PhoneBoy 

Only one command / one change.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-03 08:35 AM
In response to KonstantinS

What are the specs on your management server(s) (RAM, CPU)?
If it's multi-domain, how many domains?
Perhaps some tuning needs to be done on the API server for better performance and/or more RAM/CPU may be needed.
0 Kudos
KonstantinS
Participant
‎2019-09-04 12:03 AM
In response to PhoneBoy

It is a fresh installed Management Server with one domain.

We have only the standard objects in place.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-04 09:19 AM
In response to KonstantinS

Amount of RAM/CPU in management server?
0 Kudos
KonstantinS
Participant
‎2019-09-05 12:09 AM
In response to PhoneBoy

32GB RAM and 16 CPUs

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2019-09-05 05:37 AM
In response to KonstantinS

Please see the following SK, your API server may not be flat-out crashing but if it is constrained for memory it can cause some problematic effects.  Heavy use of the API will almost certainly require giving the API server more memory:

sk119553: Security Management API server crashes under heavy load

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
KonstantinS
Participant
‎2019-09-05 09:18 AM
In response to Timothy_Hall

Hi @Timothy_Hall ,

Thanks, I saw this article, but I don't think that adding one object to an existing Access Role is known as "heavy load".

0 Kudos
PhoneBoy
Admin
Admin
‎2019-09-05 02:08 PM
In response to KonstantinS

I highly recommend getting the TAC involved to troubleshoot this.
0 Kudos
KonstantinS
Participant
‎2019-09-05 11:07 PM
In response to PhoneBoy

Yes, we did already and it is still ongoing.

But I have the hope that someone ran into the same problem.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events