- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: Datacenter objects on gateway, management down
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Datacenter objects on gateway, management down
Hi,
If my management goes down - is there a chace timeout for the objects used by the gateway ? I do understand that object not will be updated.. but is there a time it will stop woring on the gateway ?
Will it just keep working with the info provided my management, until other notice given ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello. the TTL of the data center objects on the GW is 3 days unless there is a different update on them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah, ok thank you.
So, after three days - if management is still down - the service will stopp working ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can edit this 3days TTL in vsec.conf and increase the value. Then you need to run vsec stop and vsec start.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gil,
to my understanding.
If we use datacenter-object ( as an example maybe from VMware vcenter ), these objects does expire after 3 days with no contact with Check Point management ( SMS ) ?
How about the rules with datacenter-objects , they are deleted, the datacenter-objects will be removed ?
How about if the SMS has a problem with vcenter connection, same TTL occurs ?
Looks like we should monitor these connections.
Wolfgang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And yes, if the Controller will not push updates to the GW for 3 days the objects will expire. The rules won't be deleted but on the GW they will not enforce.
For Monitoring, there are logs in SmartConsole. And starting with R80.40 you can also get alerts from SmartEvent.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Gil, this is good to know. I‘m not aware of these TTL.
Wolfgang