Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Datacenter objects on gateway, management down

Hi,

If my management goes down - is there a chace timeout for the objects used by the gateway ? I do understand that object not will be updated.. but is there a time it will stop woring on the gateway ? 

 

Will it just keep working with the info provided my management, until other notice given ? 

0 Kudos
7 Replies
Highlighted
Employee
Employee

hello. the TTL of the data center objects on the GW is 3 days unless there is a different update on them.

Highlighted

Ah, ok thank you.

So, after three days - if management is still down - the service will stopp working ?

0 Kudos
Highlighted
Employee
Employee

Yes IMO unless there is a way on the GW side using IDA blade commands to extend the objects expiration ttl.
0 Kudos
Highlighted
Employee
Employee

You can edit this 3days TTL in vsec.conf and increase the value. Then you need to run vsec stop and vsec start.

Highlighted
Gold

Gil,

to my understanding.

If we use datacenter-object ( as an example maybe from VMware vcenter ), these objects does expire after 3 days with no contact with Check Point management ( SMS ) ?

How about the rules with datacenter-objects , they are deleted, the datacenter-objects will be removed ?

How about if the SMS has a problem with vcenter connection, same TTL occurs ?

Looks like we should monitor these connections.

Wolfgang

0 Kudos
Highlighted
Employee
Employee

The important process is the CloudGuard Controller, not the cpm or fwm processes.
And yes, if the Controller will not push updates to the GW for 3 days the objects will expire. The rules won't be deleted but on the GW they will not enforce.
For Monitoring, there are logs in SmartConsole. And starting with R80.40 you can also get alerts from SmartEvent.
0 Kudos
Highlighted
Gold

Thanks Gil, this is good to know. I‘m not aware of these TTL.

Wolfgang

0 Kudos