@Jan_Kleinhans I understand the frustration, but you just mentioned an official banner on support.checkpoint.com. 

We had to authorise Anonymizer and Critical risk otherwise general traffic would still be blocked as X-VPN.

Problems seems to be resolved with the new update : DB version: 11042401

It's surprising how Check Point hasn't issued an official statement to customers and partners yet regarding this outage.

Updated manually to 240411110055 and looks OK since.

Thanks Ofir !

it works now thanks

Thanks 

[Expert@:0]# more Version
:appi_version ("110424_1")

Mate this is a stellar failure on Checkpoints part. It clearly shows that there is no testing or woefully inadequate testing of URL+Category updates prior to releasing them, which If im honest is quite scary.

How am I supposed to have any trust or confidence in Checkpoint's automatic updates now that I know any junk can be pushed to my gateways.

Hi,

Gateways have the updated App DB, but logs in SMS server still showing lots of random rejects with apps identified as X-VPN.
BUT have not had any complaints from users, and have not seen anything rejected in my browser despite the logs showing several rejects for me today. It's almost like the logs are showing rejects that aren't happening.

Is there any web url that shows as always being rejected from this that I can test with?

I've just had it trigger on https://www.think-cell.com/en

Hello Ofir, Hello everyone.

I was very happy when this issue was immediately resolved for your environment.

Currently my MD5 still has the MD5 issue "3c7770bbd52b039c8d2e1f59dc6f32a6" even though it has been updated again.

I think I have to try force updating as above. But from your experience, when we "rm" and wait 5 minutes, does the user's connection to a website become disconnect until the file is created?

Thanks.

No, the update should not be intrusive

Hello Val, Thanks for your explaination.

Anyway, are we need checkpoint gateway connect to website checkpoint like updates.checkpoint.com during do :

- # rm $FWDIR/appi/update/Version
- # rm $FWDIR/appi/update/next_update
- Wait for 5 minutes.

thanks

Please look into sk143972, already mentioned in this discussion, for full details concerning the manual forced update of the categorization DB.

That said, it is no longer required for the subject of this discussion, the issue was fixed a long time ago.

Hello Val, 

are  those update sent to all countries at the same time?
i see i have new updates on all my international sites.
but it only works for me in Austrian and German locations.
For example in Brasil and Vietnam i still see matches on X-VPN.

i know Check Point doesnt sent out Scan Engine updates to all continent at once for example.
does this also apply to APPL + URL Signatures?

take a look:

different countries different version, only the end 2401 is the same ...

We are also still having issues. We have followed the instructions in sk182202 and have confirmed that all gateways are now running at the latest version of application control. 

It has made some minor changes such as redirecting some traffic but overall, traffic is still being categorised as X-VPN and being blocked. 

Could be some cache. Try reboot on standby member to clear caches. & failover. 

The same problem in one our customer, any ideas please?