- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Good day,
Heads up for all of you that are installing new vSEC instances in AWS with Jumbo take 216, 282 or 292
This is only true for the new AMI R77.30-041.168. Previous version of the AMI works fine with JHFA.
JHFA will install "just fine", but you will notice that traffic is not passing the gateway.
fwaccel off and traffic starts flowing again
Another thing that will show the issue is that running fwaccel stats -s command will only provide 1 single row output for Accelerated packets (instead of normally 4-5 rows or whatever it is).
I have a case with TAC and R&D have identified the issue (race condition of some sort) and are currenly working on specific hotfix for us for specific JHFA take.
According to TAC there is only one other reported íssue about this. So probably it won't find its way as permanent fix in coming JHFA. I have a hard time beleiving this since issue is so easy to reproduce with clean install, but thats the info I have.
Anyway, point of the post was that it might save time for someone.
It depends on the nature of the issue/fix as to whether they will include it in the JHF or not.
Thanks for sharing your experiences in any case.
Just to update status on this one.
Issue was due to some kind of "race condition".
Hotfix provided was specific to the JHFA take you want to install. It did solved the issue and TAC should now be aware about the issue. Why it sometimes happens is unclear. (we were not alone to be affected, but far from anyone does)
After this I deployed 3 more clusters in the AWS and issue did not present it self on those.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY