cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Blason_R
Blason_R inside General Management Topics 13 hours ago
views 63 7

Upgrade R77.30 to R80.10 Database Import issue

Hi Team,I am facing an issue while importing database for upgrade in R77.30. This is I am importing database from R77.30 to R77.30 and below is the error messages. Can someone pls help? [24 Jun 11:39:29] [ExecCommandGetOutput] ERR: Command completed with error code 1[24 Jun 11:39:29] ...<-- ExecCommandGetOutput[24 Jun 11:39:29] [CommandRunner::exec] Command's output:-------------------------------------Execution finished with errors. See log file '/opt/CPshrd-R77/log/PItpi-import_install.elg' for further detailsExecution has finished-------------------------------------[24 Jun 11:39:29] [CommandRunner::exec] ERR: Command execution had failed[24 Jun 11:39:29] ..<-- CommandRunner::exec[24 Jun 11:39:29] .<-- PluginsInstallationRunner::InstallPlugin[24 Jun 11:39:29] [PluginsInstallationRunner::exec] ERR: Failed to install plugin[24 Jun 11:39:29] <-- PluginsInstallationRunner::exec[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginsInstallationRunner' failed[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginsInstallationRunner' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1**************************************************[Expert@mgmt-server:0]# more /opt/CPshrd-R77/log/PItpi-import_install.elg[24 Jun 11:39:24][24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] ********************* Log session beginning *********************[24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] [writeExecCommandTolog] Program executed as: /opt/CPPItpi-R77/bin/uacRunner -p PItpi -import_install[24 Jun 11:39:24] [writeEnvInfoToLog] Binary was build for Linux OS[24 Jun 11:39:24] [writeEnvInfoToLog] Management type of machine is 'Smc'[24 Jun 11:39:24] [writeOptionsToLog] Base name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Product name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Main run flag is: -import_install[24 Jun 11:39:24] [writeOptionsToLog] Runner working directory is: /opt/CPPItpi-R77[24 Jun 11:39:24] [writeOptionsToLog] Main run option is of type: Default[24 Jun 11:39:24] [runDefaultActivities] Running default activities[24 Jun 11:39:24] [PluginSpecs::PluginSpecs] Initializing plugin specs with '/opt/CPPItpi-R77/conf/specs.conf'[24 Jun 11:39:24] [ActivitiesManager::exec] Starting activities execution[24 Jun 11:39:24] [ActivitiesManager::exec] Executing activity 'PluginDefaultDbMaker'[24 Jun 11:39:24] [copyPluginDBtoManagement] Removing directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi' if it exists[24 Jun 11:39:24] [copyPluginDBtoManagement] Creating directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] Copying plugin default directory from '/opt/CPPItpi-R77/conf/defaultDatabase' to '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] ERR: Failed to copy plugin default directory[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginDefaultDbMaker' failed[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back previous activities[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back activity 'PluginDefaultDbMaker'[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginDefaultDbMaker' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1
DFR_
DFR_ inside General Management Topics 13 hours ago
views 15

Site-Site Tunnel with NAT to a second Tunnel

Hello all,I'm in no way a experienced admin of Check Point, this is a situation that I was tasked with because no one else would take it.I'm used to work with palo and asa devices, so I might be missing something here.This is the basic layout: Due to whatever policies, 10.13.1.x can't be connected directly to 1.1.1.1, so the solution was to create the tunnel between devices 1 and 2.Device 1 is a Fortinet that I have no control over.The tunnel between device 2 and 10.13.1.x already exists and is ok.I have assigned 172.31.221.201 to a internal interface on device 2, that is a Check Point device, and created access and nat rules that I can see applied on logs when I telnet one of the allowed ports from 10.13.1.11 to 172.31.201.82Phase 1 is ok, but the admin of device 1 says it sees device 2 trying to negotiate the 10.13.1.x subnet but not 172.31.221.x on phase 2. Is there any way I can force 2 to negotiate only the wanted subnet?Should I create a new gateway object for this new tunnel and set the topology to this address? On a palo device I would create a new IKE gateway for each tunnel I want to establish. Is this the same logic on Check Point?Thank you for any help you provide.
HitManExp
HitManExp inside General Management Topics 19 hours ago
views 15

R77.30 - rpm command is not working.

Hello guys, i need help with "rpm" command. If i started command 'rpm -qa ntp' causes session to hang indefinitely. How can i check, what wrong with this command?
Vladimir
Vladimir inside General Management Topics 20 hours ago
views 3071 16 1

Behavior of the subscription blade policies after expiration

Please advise on how are the policies and rules created for IPS, DLP, AV, AB, APPC, URLF, etc., will behave should the client's subscription lapse.Thank you,Vladimir
Astrakhan
Astrakhan inside General Management Topics yesterday
views 13

System Recovery GAIA R77.30 on HW / Appliance Model: 4200.

There is a system failure on the Security Gateway. After a reboot, the gateway does not function. How can I restore the file system to a stable state and not lose the current system configuration (For example, interfaces, routing, hostname)? We do not have backups of the system before this fault.* Software Product Line: Security Gateway* HW/Appliance Type: Enterprise Appliances* HW/Appliance Model: 4200* Operating System: Gaia* Version: R77.30

no session-name with Ansible playbook

Hello everyone,I would want to have the session name appear in the audit logs when pushing or publishing changes with the web-services API via Ansible.Basically, what is done automatically when publishing in SmartConsole (see Capture.PNG).However, session name is not set when using the session-name parameter in the login command (see Capture2.PNG), and therefore not in the logs neither (Capture3.PNG)This is the login task I use (I want the session to use the ansible user and date, as well as a change ticket that the user will be prompted for):- name: login into SmartConsole API check_point_mgmt: command: login parameters: username: "{{ cpuser }}" password: "{{ cppassword }}" management: "{{ cpserver }}" session-name: "{{ change_ticket | upper }} - {{ ansible_user_id | lower}} - {{ ansible_date_time.date }}" fingerprint: "{{ cpfingerprint }}" register: login_responseThe session-name parameter is not rejected and the user is correctly logged in. It doesn't seem that the publish command permits to set a session name.My management station is 80.10 and Ansible is in version 2.7.10.What am I doing wrong? Or is it some kind of bug? I did not find doc about this outside ofI don't have the issue I use the mgmt_cli tool in expert mode (Capture4.PNG). Any help will be appreciated, thank you in advance.
mutyumu
mutyumu inside General Management Topics yesterday
views 62 2

Question regarding Security Gateway and Security Management Images

Hi,I'm new to the Check Point world and since I will have the opportunity to work with CP firewalls in my new job I wanted to do some labbing and reading.I'm using eve-ng and found this: https://www.eve-ng.net/documentation/howto-s/125-howto-add-checkpointSo after signing up here I downloaded three images:The one for R80.10 doesn't specify if it's for Security Gateway or Security Management. Is that one some sort of standalone image or perhaps it's just the Gateway?If it is a standalone image, is there something similar for R80.30? I realize that this might be a stupid question but I couldn't find any concrete information. Thanks.

R80.20 (mlm) log servers swapping

I have experienced a couple R80.20 MDS log servers swapping, this could include log servers as well. The customers have enough RAM, so the file system cache eats up about 60 % of available memory. Still the system swap is increasing slowly. We are using either GA or ongoing take JHF on both systems. The MDS is neither swapping nor using as much cache as the MLM.Anyone experiencing the same problem?Check your swap usage with free/top and sar: [Expert@mdlog:0]# free -m total used free shared buff/cache available Mem: 15921 5505 271 241 10144 9522 Swap: 8189 526 7663 [Expert@mlm:0]# for safile in $safiles; do sar -S -f "/var/log/sa/$safile" |grep Average|awk '{print $3}'; done 0 6160 28746 58714 27729 ... 411624 453370 495278 518524
lucafabbri365
lucafabbri365 inside General Management Topics Thursday
views 1043 4

Updatable objects - no longer available

Hello all,this morning I opened SmartConsole management (Check Point R80.20; Take 80 installed on Security Gateways) and I found Validations errors related to Updatable Objects:However, they are still present:I read the sk121877:1. Run unified_dl UPDATE ONLINE_SERVICES on Gateways; output:Entering mainloopUnified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]************************************************Got response : Request was completed successfullyGot Reason:************************************************Exiting mainloop2. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/; content:<?xml version='1.0' encoding='utf-8'?><RevisionInfo><Last_Revision>140619092032</Last_Revision></RevisionInfo>3. Content of Update_Status.dat:(:Last_Update_Status (3):Last_Update_Time (1560513301):Last_Update_Reason ():Success_Time (1560502924))4. google.C file under the folder $CPDIR/database/downloads/ONLINE_SERVICES/1.0/140619092032 contains valid Google Services references:(:CP_GGL_GGL (:parent ():uuid ("85bfe1b7-0581-3e89-a911-15e43ba0f7b4"):display_name ("Google Services"):icon ("@app/cp_ggl_ggl"):children (: (CP_GGL_GSuite): (CP_GGL_GCP))):CP_GGL_GSuite (:parent (CP_GGL_GGL):uuid ("3c0f0c1b-614d-3cdb-a47f-18995b9d6772"):display_name ("G Suite Services")...:CP_GGL_GCP (:parent (CP_GGL_GGL):uuid ("74ee9fa6-ac3a-3017-aed0-0d70abaefc40"):display_name ("Google Cloud Platform Services")...Any advice?Thank you,Luca
Sangeeth_N
Sangeeth_N inside General Management Topics Tuesday
views 340 1

Error (User Center: unknown user name or password)

One of the gateways [running with Gaia R77.30] in cluster is in problem state because of showing the error - "Error (User Center: unknown user name or password)" in Smart Dashboard. I had came across the sk140712 which is for R80.10, R80.20. Is there anything related to R77.30 related to this issue.
Heath_Mote
Heath_Mote inside General Management Topics Tuesday
views 2595 8

R80.20.M2 Management - Finalizing Stuck at 99% During Policy Installs

Setup is 2x Management Server 5150 with dedicated SmartEvent server all running R80.20.M2 pushing policy to a single 5800 HA ClusterXL setup all running R80.10. The management and cluster are located at the same site. The access/threat policy takes less than 3 minutes to succeed on the cluster but the 99% finalizing status takes a very long time to complete. I've just pushed a policy and it again finished in 3 minutes but has been stuck at 99% finalizing for the past 45 minutes... Is anyone else experiencing this after updating your management to R80.20.M2 or R80.20 in general?
Jon_Louis_Fern1
Jon_Louis_Fern1 inside General Management Topics a week ago
views 5585 25 5

Difference between HTTPS Inspection and Categorize HTTPS websites settings

Hi Checkmates,I would like to ask what is the difference in the behavior, pros and cons of or when will you use the following:1. HTTPS Inspection2. In Application & Url Filtering Settings under Url Filtering -> Categorize HTTPS websites.because in the " Categorize HTTPS websites" settings it says that you can allow HTTPS (SSL traffic) URL's without activating HTTPS Inspection.
Hardeep_Singh
Hardeep_Singh inside General Management Topics a week ago
views 498 6

can we merge two Management server in single Mgmt server

Hi all,can we merge two Management server data base in one Mgmt server
Sam_Ponder
Sam_Ponder inside General Management Topics a week ago
views 1070 3

migrate server export r80.30 running for over 3 hours

Hello all-I'm doing an advanced upgrade of a Smart1-410 appliance and during the migrate server export, it has been running for a long time. Currently, it has been running for almost 4 hours. Is this normal? It is currently running r80.20.m2.Is there a log file that I can look at to see where it is in the process?ThanksSam