This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aaron_Hajba-War
Participant
‎2020-07-17 01:55 PM

Azure DataCentre Not Updating

Hi,

I am having issues with Azure Datacentre objects.

i have a rule which states Subnet A from Azure is allowed to go out to Azure services on HTTP. There was previously one machine in that subnet - .100.

We have now  just added some scale set instances into the subnet. .101 and .102 these are now been dropped by the FW, by the drop rule at the bottom of the policy.

I have found that the datacentre object for subnet A was last updated 24 hours ago and as a result is not included in the subnet to allow access outbound. Does anyone know how to update this? or why it isnt updating?

 

Thank you.

0 Kudos
5 Replies
Gil_Sudai
Employee
Employee
‎2020-07-17 11:03 PM

Hello.

The data center is updating every 30 seconds (default value, unless you changed that in the configuration).

To understand why the data center is not updating you can check the Logs in the SmartConsole and filter with blade:"CloudGuard IaaS" and also you can check the $FWDIR/log/cloud_proxy.elg file for errors.

0 Kudos
Aaron_Hajba-War
Participant
‎2020-07-18 12:27 PM
In response to Gil_Sudai

Thank you, I have found the below error - any ideas?

17/07/20 20:25:04,420 ERROR datacenter.util.CommandExec [gateway-updater_AutoProvision--XXXXXXXXX]: Command '[/opt/CPshrd-R80.40/bin/cprid_util, -server, XXXXXXXXX, -timeout, 120, -verbose, rexec, -rcmd, /bin/bash, /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh, AutoProvision--XXXXXXXXX_0--XXXXXXXXX, 3qMkMtm0/BoNY3xB]' failed with code 7. Stdout=''. Stderr=''.
17/07/20 20:25:04,420 ERROR ida.requests.IDARequestsSender [gateway-updater_AutoProvision--XXXXXXXXX--XXXXXXXXX]: Error while attempt to connect to server: XXXXXXXXX
com.checkpoint.datacenter.util.CommandExec$CommandExecException

0 Kudos
Gil_Sudai
Employee
Employee
‎2020-07-19 03:20 AM
In response to Aaron_Hajba-War

Do this:

ssh to the GW with the issue

Give exec permissions:  chmod +x /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh

Edit the file:   vi /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh  and change first line from “#!/bin/bash” to “#!/bin/bash -x”

run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh and monitor the errors.

0 Kudos
Aaron_Hajba-War
Participant
‎2020-07-20 01:39 AM
In response to Gil_Sudai

Thanks for this when running run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh i get the below error, (as well as some passes)

<HTML>
<HEAD>
<TITLE> 404 File Not Found </TITLE>
</HEAD>

<BODY>

The URL you requested could not be found on this server.

</BODY>
</HTML>

 

Also i notice the file changes back to #!/bin/bash

 

0 Kudos
Gil_Sudai
Employee
Employee
‎2020-07-21 05:48 AM
In response to Aaron_Hajba-War

Do you have Identity Awareness blade active on the GW?

Please see CloudGuard Controller Admin Guide.

 

The file change back because it is overridden by the CloudGuard Controller. You can move your modified version to a new file.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events