This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duane_Toler
MVP Silver
MVP Silver
yesterday

CloudGuard Controller Azure API outage

Hey all, 

One of my customers endured an outage across their firewalls when using the Azure API dynamic objects.  Best we can tell, Azure had an "issue" that they have yet to admit or explain.

I had a Critical TAC case yesterday and a group call with Check Point TAC, Microsoft Azure support (Sev A case), and more than enough customer managers, group directors, and team leaders.  

When "it" happened, the management server got a poll response from Azure API that said "you have no resources", and a mass "delete-identity" IA API command was sent to all CloudGuard gateways.. zapping hundreds upon hundreds of mapped identities.  "oops".  Even in SmartConsole, the Data Center browser wasn't showing the Azure subscriptions!  I eventually restarted the vSEC controller and they all came pouring in again, and the identities were added back to the gateways!  Yet, 3 minutes later, they all were stripped out.  However, this second time, the identities weren't deleted from the gateways; they just weren't visible in SmartConsole anymore.

Later, in the late afternoon, a second vSEC controller restart was done this time with debugging enabled, and everything has been stable.

We poured over the cloud_proxy.elg debugs during all of this.  After stripping out the Bearer token strings, we uploaded this debug to Microsoft Azure support who will relay it to their API people.

This morning, Check Point TAC came back saying they had multiple cases for this issue from other customers, but I haven't gotten any concrete info on what happened.  Best estimates at this point are "Azure API people did something".

Good luck to everyone and I hope you all were mostly spared!

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
2 Replies
Duane_Toler
MVP Silver
MVP Silver
yesterday

The briefest TAC update ever, but still pending more details:

I have been provided the following information:
The symptoms as a result of a glitch on Microsoft Azure side.

 TBD....

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
noyerez
Employee
Employee
23m ago

Hi @Duane_Toler,

We are aware of the issue and are currently investigating it as a top priority. My team is working with our Microsoft Azure peers to identify the root cause.

We will keep you updated on our progress.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events