Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vinceneil666
Advisor

Datacenter objects on gateway, management down

Hi,

If my management goes down - is there a chace timeout for the objects used by the gateway ? I do understand that object not will be updated.. but is there a time it will stop woring on the gateway ? 

 

Will it just keep working with the info provided my management, until other notice given ? 

0 Kudos
7 Replies
Gil_Sudai
Employee
Employee

hello. the TTL of the data center objects on the GW is 3 days unless there is a different update on them.

vinceneil666
Advisor

Ah, ok thank you.

So, after three days - if management is still down - the service will stopp working ?

0 Kudos
Gil_Sudai
Employee
Employee

Yes IMO unless there is a way on the GW side using IDA blade commands to extend the objects expiration ttl.
0 Kudos
Gil_Sudai
Employee
Employee

You can edit this 3days TTL in vsec.conf and increase the value. Then you need to run vsec stop and vsec start.

Wolfgang
Authority
Authority

Gil,

to my understanding.

If we use datacenter-object ( as an example maybe from VMware vcenter ), these objects does expire after 3 days with no contact with Check Point management ( SMS ) ?

How about the rules with datacenter-objects , they are deleted, the datacenter-objects will be removed ?

How about if the SMS has a problem with vcenter connection, same TTL occurs ?

Looks like we should monitor these connections.

Wolfgang

0 Kudos
Gil_Sudai
Employee
Employee

The important process is the CloudGuard Controller, not the cpm or fwm processes.
And yes, if the Controller will not push updates to the GW for 3 days the objects will expire. The rules won't be deleted but on the GW they will not enforce.
For Monitoring, there are logs in SmartConsole. And starting with R80.40 you can also get alerts from SmartEvent.
0 Kudos
Wolfgang
Authority
Authority

Thanks Gil, this is good to know. I‘m not aware of these TTL.

Wolfgang

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.