- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Azure DataCentre Not Updating
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Azure DataCentre Not Updating
Hi,
I am having issues with Azure Datacentre objects.
i have a rule which states Subnet A from Azure is allowed to go out to Azure services on HTTP. There was previously one machine in that subnet - .100.
We have now just added some scale set instances into the subnet. .101 and .102 these are now been dropped by the FW, by the drop rule at the bottom of the policy.
I have found that the datacentre object for subnet A was last updated 24 hours ago and as a result is not included in the subnet to allow access outbound. Does anyone know how to update this? or why it isnt updating?
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
The data center is updating every 30 seconds (default value, unless you changed that in the configuration).
To understand why the data center is not updating you can check the Logs in the SmartConsole and filter with blade:"CloudGuard IaaS" and also you can check the $FWDIR/log/cloud_proxy.elg file for errors.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, I have found the below error - any ideas?
17/07/20 20:25:04,420 ERROR datacenter.util.CommandExec [gateway-updater_AutoProvision--XXXXXXXXX]: Command '[/opt/CPshrd-R80.40/bin/cprid_util, -server, XXXXXXXXX, -timeout, 120, -verbose, rexec, -rcmd, /bin/bash, /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh, AutoProvision--XXXXXXXXX_0--XXXXXXXXX, 3qMkMtm0/BoNY3xB]' failed with code 7. Stdout=''. Stderr=''.
17/07/20 20:25:04,420 ERROR ida.requests.IDARequestsSender [gateway-updater_AutoProvision--XXXXXXXXX--XXXXXXXXX]: Error while attempt to connect to server: XXXXXXXXX
com.checkpoint.datacenter.util.CommandExec$CommandExecException
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do this:
ssh to the GW with the issue
Give exec permissions: chmod +x /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh
Edit the file: vi /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh and change first line from “#!/bin/bash” to “#!/bin/bash -x”
run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh and monitor the errors.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for this when running run /tmp/AutoProvision--XXXXXXXXX_vsecUpdate.sh i get the below error, (as well as some passes)
<HTML>
<HEAD>
<TITLE> 404 File Not Found </TITLE>
</HEAD>
<BODY>
The URL you requested could not be found on this server.
</BODY>
</HTML>
Also i notice the file changes back to #!/bin/bash
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have Identity Awareness blade active on the GW?
Please see CloudGuard Controller Admin Guide.
The file change back because it is overridden by the CloudGuard Controller. You can move your modified version to a new file.