This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Us4r
Contributor
‎2019-02-28 07:22 AM

CRL Fetching recommendation

Hi @ all,

this week I reinstalled our Management Node with a fresh installation of R80.20.M2.

During the installation / configuration the mangement Node was down for some hours.

During this time we lost connection to different IPSec tunnels between our Checkpoint Appliances (SMB 1400 / 1100).

After the management node was up again, they came all back after some time.

I think this Problem is caused, because CRL - Fetching ist set to fetch new CRL after 24h.

My question would be now, if it could cause a Problem when I set CRL - Fetching to a higher value (for example: 5 days). In case of a big management issue (hardware fault, big configuration issues,...) I think we could run there into a big issue if all of our tunnels will go down within 24h.

So does anybody know if this cold have any side effects when I set CRL Fetching to 120h?

Thanks.

Florian

Preview file
32 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-02-28 07:16 PM

The most obvious thing is your gateways will accept certificates that are revoked for longer than they would normally.

0 Kudos
Us4r
Contributor
‎2019-03-04 10:12 PM

OK thank your for that information. So nothing else should happen when this option will changed but when management server will be down I will have more time to solve the problem before all tunnels go down. Is this right?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-05 05:20 AM
In response to Us4r

As I undertstand it, you are correct.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Tue 23 Apr 2024 @ 11:00 AM (EDT)

    East US: What's New in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Thu 02 May 2024 @ 05:00 PM (CEST)

    SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
    CheckMates Events