cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Blason_R
Blason_R inside General Management Topics an hour ago
views 10

Upgrade R77.30 to R80.10 Database Import issue

Hi Team,I am facing an issue while importing database for upgrade in R77.30. This is I am importing database from R77.30 to R77.30 and below is the error messages. Can someone pls help? [24 Jun 11:39:29] [ExecCommandGetOutput] ERR: Command completed with error code 1[24 Jun 11:39:29] ...<-- ExecCommandGetOutput[24 Jun 11:39:29] [CommandRunner::exec] Command's output:-------------------------------------Execution finished with errors. See log file '/opt/CPshrd-R77/log/PItpi-import_install.elg' for further detailsExecution has finished-------------------------------------[24 Jun 11:39:29] [CommandRunner::exec] ERR: Command execution had failed[24 Jun 11:39:29] ..<-- CommandRunner::exec[24 Jun 11:39:29] .<-- PluginsInstallationRunner::InstallPlugin[24 Jun 11:39:29] [PluginsInstallationRunner::exec] ERR: Failed to install plugin[24 Jun 11:39:29] <-- PluginsInstallationRunner::exec[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginsInstallationRunner' failed[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginsInstallationRunner' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1**************************************************[Expert@mgmt-server:0]# more /opt/CPshrd-R77/log/PItpi-import_install.elg[24 Jun 11:39:24][24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] ********************* Log session beginning *********************[24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] [writeExecCommandTolog] Program executed as: /opt/CPPItpi-R77/bin/uacRunner -p PItpi -import_install[24 Jun 11:39:24] [writeEnvInfoToLog] Binary was build for Linux OS[24 Jun 11:39:24] [writeEnvInfoToLog] Management type of machine is 'Smc'[24 Jun 11:39:24] [writeOptionsToLog] Base name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Product name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Main run flag is: -import_install[24 Jun 11:39:24] [writeOptionsToLog] Runner working directory is: /opt/CPPItpi-R77[24 Jun 11:39:24] [writeOptionsToLog] Main run option is of type: Default[24 Jun 11:39:24] [runDefaultActivities] Running default activities[24 Jun 11:39:24] [PluginSpecs::PluginSpecs] Initializing plugin specs with '/opt/CPPItpi-R77/conf/specs.conf'[24 Jun 11:39:24] [ActivitiesManager::exec] Starting activities execution[24 Jun 11:39:24] [ActivitiesManager::exec] Executing activity 'PluginDefaultDbMaker'[24 Jun 11:39:24] [copyPluginDBtoManagement] Removing directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi' if it exists[24 Jun 11:39:24] [copyPluginDBtoManagement] Creating directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] Copying plugin default directory from '/opt/CPPItpi-R77/conf/defaultDatabase' to '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] ERR: Failed to copy plugin default directory[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginDefaultDbMaker' failed[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back previous activities[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back activity 'PluginDefaultDbMaker'[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginDefaultDbMaker' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1

no session-name with Ansible playbook

Hello everyone,I would want to have the session name appear in the audit logs when pushing or publishing changes with the web-services API via Ansible.Basically, what is done automatically when publishing in SmartConsole (see Capture.PNG).However, session name is not set when using the session-name parameter in the login command (see Capture2.PNG), and therefore not in the logs neither (Capture3.PNG)This is the login task I use (I want the session to use the ansible user and date, as well as a change ticket that the user will be prompted for):- name: login into SmartConsole API check_point_mgmt: command: login parameters: username: "{{ cpuser }}" password: "{{ cppassword }}" management: "{{ cpserver }}" session-name: "{{ change_ticket | upper }} - {{ ansible_user_id | lower}} - {{ ansible_date_time.date }}" fingerprint: "{{ cpfingerprint }}" register: login_responseThe session-name parameter is not rejected and the user is correctly logged in. It doesn't seem that the publish command permits to set a session name.My management station is 80.10 and Ansible is in version 2.7.10.What am I doing wrong? Or is it some kind of bug? I did not find doc about this outside ofI don't have the issue I use the mgmt_cli tool in expert mode (Capture4.PNG). Any help will be appreciated, thank you in advance.
mutyumu
mutyumu inside General Management Topics yesterday
views 46 2

Question regarding Security Gateway and Security Management Images

Hi,I'm new to the Check Point world and since I will have the opportunity to work with CP firewalls in my new job I wanted to do some labbing and reading.I'm using eve-ng and found this: https://www.eve-ng.net/documentation/howto-s/125-howto-add-checkpointSo after signing up here I downloaded three images:The one for R80.10 doesn't specify if it's for Security Gateway or Security Management. Is that one some sort of standalone image or perhaps it's just the Gateway?If it is a standalone image, is there something similar for R80.30? I realize that this might be a stupid question but I couldn't find any concrete information. Thanks.

R80.20 (mlm) log servers swapping

I have experienced a couple R80.20 MDS log servers swapping, this could include log servers as well. The customers have enough RAM, so the file system cache eats up about 60 % of available memory. Still the system swap is increasing slowly. We are using either GA or ongoing take JHF on both systems. The MDS is neither swapping nor using as much cache as the MLM.Anyone experiencing the same problem?Check your swap usage with free/top and sar: [Expert@mdlog:0]# free -m total used free shared buff/cache available Mem: 15921 5505 271 241 10144 9522 Swap: 8189 526 7663 [Expert@mlm:0]# for safile in $safiles; do sar -S -f "/var/log/sa/$safile" |grep Average|awk '{print $3}'; done 0 6160 28746 58714 27729 ... 411624 453370 495278 518524
lucafabbri365
lucafabbri365 inside General Management Topics Thursday
views 1036 4

Updatable objects - no longer available

Hello all,this morning I opened SmartConsole management (Check Point R80.20; Take 80 installed on Security Gateways) and I found Validations errors related to Updatable Objects:However, they are still present:I read the sk121877:1. Run unified_dl UPDATE ONLINE_SERVICES on Gateways; output:Entering mainloopUnified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]************************************************Got response : Request was completed successfullyGot Reason:************************************************Exiting mainloop2. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/; content:<?xml version='1.0' encoding='utf-8'?><RevisionInfo><Last_Revision>140619092032</Last_Revision></RevisionInfo>3. Content of Update_Status.dat:(:Last_Update_Status (3):Last_Update_Time (1560513301):Last_Update_Reason ():Success_Time (1560502924))4. google.C file under the folder $CPDIR/database/downloads/ONLINE_SERVICES/1.0/140619092032 contains valid Google Services references:(:CP_GGL_GGL (:parent ():uuid ("85bfe1b7-0581-3e89-a911-15e43ba0f7b4"):display_name ("Google Services"):icon ("@app/cp_ggl_ggl"):children (: (CP_GGL_GSuite): (CP_GGL_GCP))):CP_GGL_GSuite (:parent (CP_GGL_GGL):uuid ("3c0f0c1b-614d-3cdb-a47f-18995b9d6772"):display_name ("G Suite Services")...:CP_GGL_GCP (:parent (CP_GGL_GGL):uuid ("74ee9fa6-ac3a-3017-aed0-0d70abaefc40"):display_name ("Google Cloud Platform Services")...Any advice?Thank you,Luca
Sangeeth_N
Sangeeth_N inside General Management Topics Tuesday
views 336 1

Error (User Center: unknown user name or password)

One of the gateways [running with Gaia R77.30] in cluster is in problem state because of showing the error - "Error (User Center: unknown user name or password)" in Smart Dashboard. I had came across the sk140712 which is for R80.10, R80.20. Is there anything related to R77.30 related to this issue.
Heath_Mote
Heath_Mote inside General Management Topics Tuesday
views 2578 8

R80.20.M2 Management - Finalizing Stuck at 99% During Policy Installs

Setup is 2x Management Server 5150 with dedicated SmartEvent server all running R80.20.M2 pushing policy to a single 5800 HA ClusterXL setup all running R80.10. The management and cluster are located at the same site. The access/threat policy takes less than 3 minutes to succeed on the cluster but the 99% finalizing status takes a very long time to complete. I've just pushed a policy and it again finished in 3 minutes but has been stuck at 99% finalizing for the past 45 minutes... Is anyone else experiencing this after updating your management to R80.20.M2 or R80.20 in general?
Jon_Louis_Fern1
Jon_Louis_Fern1 inside General Management Topics a week ago
views 5572 25 5

Difference between HTTPS Inspection and Categorize HTTPS websites settings

Hi Checkmates,I would like to ask what is the difference in the behavior, pros and cons of or when will you use the following:1. HTTPS Inspection2. In Application & Url Filtering Settings under Url Filtering -> Categorize HTTPS websites.because in the " Categorize HTTPS websites" settings it says that you can allow HTTPS (SSL traffic) URL's without activating HTTPS Inspection.
Hardeep_Singh
Hardeep_Singh inside General Management Topics a week ago
views 497 6

can we merge two Management server in single Mgmt server

Hi all,can we merge two Management server data base in one Mgmt server
Sam_Ponder
Sam_Ponder inside General Management Topics a week ago
views 1064 3

migrate server export r80.30 running for over 3 hours

Hello all-I'm doing an advanced upgrade of a Smart1-410 appliance and during the migrate server export, it has been running for a long time. Currently, it has been running for almost 4 hours. Is this normal? It is currently running r80.20.m2.Is there a log file that I can look at to see where it is in the process?ThanksSam
lucafabbri365
lucafabbri365 inside General Management Topics a week ago
views 632 3

Anti-Bot & Anti-Virus, IPS update error on Standby Member

Anti-Bot & Anti-Virus and/or IPS on Check Point (R80.20) standby node report error "Error: Update failed. Contract entitlement check failed. Could not reach 'updates.checkpoint.com'..." while updating.Details1. From standby node - Gaia web console => "Check for Updates", I get the error: "Could not connect to the Check Point Cloud. Check your connection settings..."2. From standby node, tests from SSH (sk83520) :- curl_cli -v -k https://updates.checkpoint.com/ => most of the time it doesn't work (timeout); sometimes it works.- curl_cli to any other URL => most of the time it doesn't work (timeout), sometimes it works.- ping public FQDN => most of the time it doesn't work (timeout), sometimes it works.- On active node => it works, always.3. From standby node, I can reach Internet gateway, and the other active node => no internal communication issues.4. Already verified and applied sk43807 (all points with the exception of point 4).fwha_forw_packet_to_not_active parameter is enabled on both nodes.5. Licenses are OK (sk98665); with the exception of command cpstat antimalware -f update_status that is returning the error below (the same I'm seeing from SmartConsole):AB Update status: up-to-date AB Update description: Gateway is up to date. Database version: 1906061756. Package date: Thu Jun 6 11:00:00 2019 AB Next update description: The next update will be run as scheduled. AB DB version: 1906061756 AV Update status: failed AV Update description: Update failed. Contract entitlement check failed. Could not reach "updates.checkpoint.com". Check proxy configuration on the gateway. AV Next update description: The next try will be within one hour. AV DB version: 1906070837I already read these CheckMates posts:- Update failed. Contract entitlement check failed- Problem accessing standby cluster member from non-local networkAny advice ? Thank you very much,Luca
Lenin_Ramirez
Lenin_Ramirez inside General Management Topics 2 weeks ago
views 816 6

change admin password to enter smartconsole R80.10

Hello People,I want to change the admin password for going to smartconsole.I tried with "cpconfig" without success, please share the way I can do it Thanks
cp-bc123
cp-bc123 inside General Management Topics 2 weeks ago
views 743 1

Smart Console

Hello, I am new to checkpoint and have a few basic questions about smart utilities that check point firewall uses. so far i have seen smart console, smart dashboard, smart event and etc. how are each of these used and related? an explanation or a link to a document where i can read to answer all of these basic things will be highly appreciated. thank you in advance
Alex_Wu
Alex_Wu inside General Management Topics 2 weeks ago
views 1144 3

R80.20 Hotfixes

hi all,Why CPUSE still find older hotfix?I tried to install take 33, but failed due to a newer version (take 47) has been installed.