cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Application Control and URL filtering DB problem

Hey Everyone,

I am observing an odd behavior with a set of firewalls running on R77.30. All these firewalls are managed by the same SMS. App control and URL filtering blades are enabled on all these firewalls, and licenses are valid.

While I started to investigate because we had issues in blocking certain Websites, I identified that firewall's appi update status doesn't show anything on firewalls where we have an isssue.

[Expert@FW1:0]# cpstat appi -f update_status

Update status:
Update description:
Next update description:
DB version:

The working firewalls show the DB version and the update status, licenses are pretty clear.

[Expert@FW1:0]# cpstat appi -f subscription_status

Subscription status: valid
Subscription expiration date: Sun Mar 31 00:00:00 2019
Subscription description: Contract is up to date.

[Expert@FW1:0]# cat appi_status.C
(
:status (0)
:status_short_desc ()
:status_long_desc ()
:app_update_status ()
:app_update_description ()
:app_next_update_description ()
:app_db_version ()
:urlf_status_code (0)
:urlf_status_short_description ()
:urlf_status_long_description ()
:appi_rad_status_code (0)
:appi_rad_status_description ()
:urlf_rad_status_code (0)
:urlf_rad_status_description ("URL Filtering engine is up and running")
:app_subscription_expiration_date ("Sun Mar 31 00:00:00 2019")
:app_subscription_status (valid)
:app_subscription_description ("Contract is up to date.")
:urlf_subscription_expiration_date ("Sun Mar 31 00:00:00 2019")
:urlf_subscription_status (valid)
:urlf_subscription_description ("Contract is up to date.")

I ran curl_cli to updates.checpoint.com and secureupdates.checkpoint.com. Don't see any issues, except these errors.

* servercert: cp_verify_certificate returned: CRL_ERR_DOWNLOAD
* servercert: Warning:
Failed to download CRL from: http://crl.godaddy.com/gdroot-g2.crl

Not sure if the above output is related, because we have a firewall which can't event resolve these URLs but has necessary DB updated. Tried enabling/disabling App and URL blades, didn't change anything. Installed the latest jumbo, though I did not have enough evidence to proceed, but that did not change anything either.

Has anyone seen this behavior before. 

PSmiley Frustrated - This behavior is seen on quite a set of firewalls, about 10 Cluster pairs to be specific.

3 Replies
Admin
Admin

Re: Application Control and URL filtering DB problem

The curl_cli command error is a red herring here as you need to specify the certificate store to validate HTTPS certificates with. 

Might first start and verify the blades are enabled on the relevant gateways: enabled_blades

I’d also recommend a TAC case if you haven’t already opened one.

Re: Application Control and URL filtering DB problem

I can confirm that enabled_blades does show appi and urlf on the firewalls I am troubleshooting this issue on.

Engaging TAC now, will update this discussion thread once I have more information

0 Kudos

Re: Application Control and URL filtering DB problem

Hi Krishna,

I am facing the same problem but in my situation below output is showing the details:-

 
Update status:           failed
Update description:      Update failed.  Gateway can not access internet ('https://secureupdates.checkpoint.com/appi/v3_1_0/gw/appi_urlf_db_pkg.tar'). Check connectivity and proxy                                         settings.

Next update description: The next try will be within one hour.
DB version:              18121101

If you have raised the tac case do let me know the progress on this. Also in my situation everything is fine but since last 5-6days it stops updating the DB.

Thanks,

Manoj

 
 

 

0 Kudos