cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Datacenter objects on gateway, management down

Hi,

If my management goes down - is there a chace timeout for the objects used by the gateway ? I do understand that object not will be updated.. but is there a time it will stop woring on the gateway ? 

 

Will it just keep working with the info provided my management, until other notice given ? 

0 Kudos
7 Replies
Employee
Employee

Re: Datacenter objects on gateway, management down

hello. the TTL of the data center objects on the GW is 3 days unless there is a different update on them.

Re: Datacenter objects on gateway, management down

Ah, ok thank you.

So, after three days - if management is still down - the service will stopp working ?

0 Kudos
Employee
Employee

Re: Datacenter objects on gateway, management down

Yes IMO unless there is a way on the GW side using IDA blade commands to extend the objects expiration ttl.
0 Kudos
Employee
Employee

Re: Datacenter objects on gateway, management down

You can edit this 3days TTL in vsec.conf and increase the value. Then you need to run vsec stop and vsec start.

Wolfgang
Gold

Re: Datacenter objects on gateway, management down

Gil,

to my understanding.

If we use datacenter-object ( as an example maybe from VMware vcenter ), these objects does expire after 3 days with no contact with Check Point management ( SMS ) ?

How about the rules with datacenter-objects , they are deleted, the datacenter-objects will be removed ?

How about if the SMS has a problem with vcenter connection, same TTL occurs ?

Looks like we should monitor these connections.

Wolfgang

0 Kudos
Employee
Employee

Re: Datacenter objects on gateway, management down

The important process is the CloudGuard Controller, not the cpm or fwm processes.
And yes, if the Controller will not push updates to the GW for 3 days the objects will expire. The rules won't be deleted but on the GW they will not enforce.
For Monitoring, there are logs in SmartConsole. And starting with R80.40 you can also get alerts from SmartEvent.
0 Kudos
Wolfgang
Gold

Re: Datacenter objects on gateway, management down

Thanks Gil, this is good to know. I‘m not aware of these TTL.

Wolfgang

0 Kudos