This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gro_Tea
Contributor
‎2020-06-10 06:17 AM

PBR allegedly unsupported when core features are enabled

Hello,

I am facing serious problems in my 5600 two node cluster running R80.30. PBR ist active since we installed them 2 years ago running fine.

Over the last months every change in Gaia on routing, ospf or similar is followd by a pnote event causing the cluster to switch over. Doing the chnages on the other node causes the same vice versa. Also doing changes on the passive node creates pnote event. We checked config several times for inequality, but its fine. So this was the time to inolve TAC and my service partner created a support ticket.

Now Checkpoint points to SK100500, where several features/blades are mentioned to be incompatible with PBR, e.g. URL Filtering, IPS and VPN Features and refuses any further investigations on the case.

Here is a discussion on thes limitation, questioning the real meaning of limitation and aksing for a Checkpoint Official to comment on it, but theres no answering.I can not believe that such core features like IPS is not compatible with PBR and would like to have this analyzed and commented.

Its like a car manufacturer saying that driving a right turn is not supported if there are more than 2 persons in the car...

I have severe problems and curently no chance to get further support from Checkpoint

In this thread the members @Peter_Lyndley and @FedericoMeiners have similar problems and doubts about this limitation. 

Thanks for any contribution

Frank

 

5 Replies
FedericoMeiners
Advisor
‎2020-06-10 06:41 AM

Hello,
I have my doubts that PBR is causing this issue.
I had experienced similar issues as yours in the past. The root cause was due to a routed demon crash generated by OSPF changes which caused this pnote.

It would collect crash logs on usermode or crash directories, also check messsages and routed log at the time of the event. The TAC will probably ask for this and you may find some interesting leads 🙂
____________
https://www.linkedin.com/in/federicomeiners/
PhoneBoy
Admin
Admin
‎2020-06-10 07:50 AM

I'll have R&D double-check these limitations.
A few of them make sense, IPS and URLF don't necessarily.
0 Kudos
Gro_Tea
Contributor
‎2020-09-01 04:31 AM
In response to PhoneBoy

Hi PhoneBoy,

did you get any furter information on these limitations? There is a new sk167135, but limitation are the same.... very annoying...

0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-01 07:22 AM
In response to Gro_Tea

URLF is definitely a limitation, IPS doesn't work with certain protections as I recall.

0 Kudos
John_Fleming
Advisor
‎2020-09-01 06:01 AM

This does indeed sound like routed is crashing, which is what needs to be looked at. For sure engage support about the pnote. I'm gussing you have core files in /var/log/dump/usermode. Also you can enable tracing on routed which will create a log file /var/log/routed.log.

trace ospf all on

trace kernel all on

trace global all on

something like that. Use off to disable. Once tracing is enabled (do on both members btw) and the cluster is active/standby make a change known to cause the problem then check those files on both members.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events