This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrew_Gillmore
Participant
‎2017-10-18 10:58 AM
Jump to solution

show access-rulebase limit argument issues - Me? Bug?

Hey all,

I'm having some issues with setting the limit of the show access-rulebase API command.

I try to pull the whole rulebase (limit 500) I receive the errors below. However I did a little testing and seem to have found a "sweet spot" with the limit setting. If I request a limit of 186 or below it works fine, however if I try 187 or above it errors out. Is this a bug or is it just me? Any input would be appreciated.

-Andrew

Server Details:

Running on Vmware

Version: R80.10 take 421

Hotfix: Jumbo Take 42

Here are the errors:

Gaia CLI
FWMGMT> show access-rulebase name "Policy Security" limit 187
CLINFR0329 Invalid command:'show access-rulebase name "Niagara Security" limit 187'.
mgmt_cli tool 
.\mgmt_cli.exe show access-rulebase name "Policy Security" limit 187 -s .\id.txt
code: "generic_err_invalid_parameter"
message: "Invalid parameter for [action]. The invalid value: [73eb837e-41f1-47fb-9a27-a520f00a2a65]"
SmartConsole CLI
show access-rulebase name "Policy Security" limit 187
code: "generic_err_invalid_parameter"
message: "Invalid parameter for [action]. The invalid value: [73eb837e-41f1-47fb-9a27-a520f00a2a65]"
Web Services
HTTP: https://FWMGMT/web_api/show-access-rulebase
Request: {"name":"Policy Security","limit":"186"}
error: (400) Bad Request
0 Kudos
1 Solution

Accepted Solutions
Andrew_Gillmore
Participant
‎2017-10-19 09:37 AM
Jump to solution

Update and solution:

I continued to do some testing after my original post and have identified the root of the problem. The problem is not in the limit argument, but rather the type of rule or more specifically the action applied to the rule. I tried the "show-access-rulebase" command with a limit of 1 and an offset of 186 and this failed with the same error as before. I was not able to pull the information for rules 187 to 190, but I was fine for the remainder of the rulebase. On closer inspection I found that all 4 of these rules are the same type rule and the only rules like it in the rulebase. These rules are all legacy "Traditional Mode" VPN rules. It seems that the API command "breaks" when it tries to read them.

Here is an example of one of these "Traditional Mode" VPN rules:

Traditional Mode VPN Rule

All of these "Simplified Mode" VPN rules work fine with the API command:

Example Simplified Mode VPN rules

         *Note: These examples are not "proper" rules, they are just merely examples.

The API breaks on the "Client Encrypt" action.

I am sure that these rules "should" have been converted ages ago, so that is where I will start.

I hope this helps anyone else that comes across similar issues.

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2017-10-18 08:57 PM
Jump to solution

By chance, how much RAM does your VM have allocated to it?

At a minimum, I recommend 16gb. 

0 Kudos
Andrew_Gillmore
Participant
‎2017-10-19 09:41 AM
In response to PhoneBoy
Jump to solution

It only has 8GB of RAM and rarely surpasses 75%.

That being said, I should note that all logging is being done on a separate dedicated logging server.

It turns out that my problems were around the rules themselves.

Thanks.

0 Kudos
Andrew_Gillmore
Participant
‎2017-10-19 09:37 AM
Jump to solution

Update and solution:

I continued to do some testing after my original post and have identified the root of the problem. The problem is not in the limit argument, but rather the type of rule or more specifically the action applied to the rule. I tried the "show-access-rulebase" command with a limit of 1 and an offset of 186 and this failed with the same error as before. I was not able to pull the information for rules 187 to 190, but I was fine for the remainder of the rulebase. On closer inspection I found that all 4 of these rules are the same type rule and the only rules like it in the rulebase. These rules are all legacy "Traditional Mode" VPN rules. It seems that the API command "breaks" when it tries to read them.

Here is an example of one of these "Traditional Mode" VPN rules:

Traditional Mode VPN Rule

All of these "Simplified Mode" VPN rules work fine with the API command:

Example Simplified Mode VPN rules

         *Note: These examples are not "proper" rules, they are just merely examples.

The API breaks on the "Client Encrypt" action.

I am sure that these rules "should" have been converted ages ago, so that is where I will start.

I hope this helps anyone else that comes across similar issues.

PhoneBoy
Admin
Admin
‎2017-10-19 09:42 AM
In response to Andrew_Gillmore
Jump to solution

That's good to know, thanks for sharing.

0 Kudos
Amiad_Stern
Mod
Mod
‎2017-10-22 05:33 AM
Jump to solution

Hi Andrew, thanks for raising this issue and investigating it on your own including sharing the analysis with the forum.

We’re already aware of this issue, and even have a fix for it which was not released in the jumbo accumulator yet.

If you would like to get this HF, please open SR or wait for the next JHF.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events