Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Horne
Advisor
Jump to solution

SecureXL - Alternative method to identify rule causing templates to be disabled

Hello,

 

Is there are alternative way to identify exactly what is causing Accept Templates to be disabled.  The output from the "fwaccel stat" has a  output display issue and does not show me the information.

 

fwaccel statfwaccel stat

 

All I can see is "Layer ---", there is a missing carriage return and then "Drop Templates".

Many thanks,

Michael

0 Kudos
2 Solutions

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

Strange, it looks like fwaccel stat is not displaying its output correctly.  Please provide the output of fwaccel templates -s and fwaccel templates -S, as I suspect Accept templating is actually working.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

Timothy_Hall
Legend Legend
Legend

Ah here we go, your policy layer name must be longer than 32 characters.  Shorten it and the fwaccel stat output will start working correctly:

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

10 Replies
G_W_Albrecht
Legend Legend
Legend

Which version do you use ? Afaik, this is the only way to display these layers. Even looks like an issue for TAC to me...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Michael_Horne
Advisor
ZZZZZZZZ> cpinfo -y all

This is Check Point CPinfo Build 914000202 for GAIA
[IDA]
No hotfixes..

[MGMT]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 111

[CPFC]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 111

[FW1]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 111

FW1 build number:
This is Check Point's software version R80.30 - Build 078
kernel: R80.30 - Build 076

[SecurePlatform]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 111

[DIAG]
No hotfixes..

[PPACK]
HOTFIX_R80_30_JUMBO_HF_MAIN Take: 111

[CVPN]
No hotfixes..

[CPUpdates]
BUNDLE_CPINFO Take: 50
BUNDLE_INFRA_AUTOUPDATE Take: 19
BUNDLE_DEP_INSTALLER_AUTOUPDATE Take: 13
BUNDLE_R80_30_JUMBO_HF_MAIN_SC Take: 132
BUNDLE_R80_30_JUMBO_HF_MAIN Take: 111

[CPinfo]
No hotfixes..

[AutoUpdater]
No hotfixes..

[CPDepInst]
No hotfixes..
0 Kudos
Timothy_Hall
Legend Legend
Legend

Is the firewall being managed by MDSM/Provider-1, and if so are there global rules being inserted at the top of the policy?  Also please provide the output of enabled_blades.

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Michael_Horne
Advisor

Hello,

The cluster is not managed as part of a MDM environment, so there are not global rules. the following blades are activated:

BladesBlades

Regards,

Michael

0 Kudos
Timothy_Hall
Legend Legend
Legend

Try temporarily disabling Anti-bot, reinstall policy, then check Accept templating status again.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Michael_Horne
Advisor
Hello Unfortunately no difference after disabling Anti-Bot blade.
0 Kudos
_Val_
Admin
Admin

Are you using any of those in the policy: dhcp-request' / 'dhcp-reply' / 'dhcpv6-request' / 'dhcpv6-reply' / 'dhcpv6-relay?

 

If yes, look here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Timothy_Hall
Legend Legend
Legend

Strange, it looks like fwaccel stat is not displaying its output correctly.  Please provide the output of fwaccel templates -s and fwaccel templates -S, as I suspect Accept templating is actually working.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Michael_Horne
Advisor
Thanks, this solved the display issue.
0 Kudos
Timothy_Hall
Legend Legend
Legend

Ah here we go, your policy layer name must be longer than 32 characters.  Shorten it and the fwaccel stat output will start working correctly:

sk145533: "Layer ---" is displayed instead of specific layer name and rule number in output of 'fwac...

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events