This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Satdefender
Participant
‎2019-05-30 04:29 PM

Slow SCCM Imaging with R80.20

Since we have upgraded Management and Gateways to R80.20 T101 we've had a lot of latency issues with SCCM imaging our laptops. A 13500 appliance sits between the imaging laptop and the SCCM server.

In our packet captures we can see 3 Retransmission packets before a 4th allows traffic through. This behavior happens continuously. We believe this is the cause for the laptops that took 45 mins to image to now take 3.5 hours. 

The following Blades are active:

FW,VPN,IPS,App,URL,AV,AB

The FW policy allows connection to the imaging server using standard TCP and UDP ports. But the rest of the policy in other sections is using Updateable Objects (to support O365) and domain objects. I state that other information because I'm not sure if that will affect performance.

We have tried the follow actions to address the issue without success:

Rebuilt SCCM Management Point and Distro Points.

Failover to the standby cluster member

disable fwaccel

Ensured there were no drops in FW policy

created custom application risk level low

Unchecked "Block requests when web service is unavailable" in Blades - AppControl Advanced Settings

In Blades - AppControl - Website categorization mode: Background

In Blades - Threat Prevention- Website categorization mode: Background

Validated the networking is solid the whole way. The laptop images fine when the gateway isn't in the path.

CPU runs less than 10% average

All errors resolved in a zdebug + drop

 

I would appreciate some suggestions on where to look next. 

 

_Vic_

0 Kudos
6 Replies
Satdefender
Participant
‎2019-05-31 07:28 AM

So after posting this question we have come to a resolution.

SCCM uses port 80 to download its imaging files which was a fact missing from my initial post. In order to get this working I had to remove HTTP in the Blades - AppControl, Application Control Web Browsing Services. Push policy, then add it back and push policy again.

We initially thought removing it would fix the issue, but it didn't change any of the behavior. So we put it back, and then it started to work. Very strange indeed.

Another option for those that might experience this issue is to ask your SCCM administrator to image over a different port.

Good Luck.

PBC_Cyber
Contributor
‎2019-09-06 08:22 AM
In response to Satdefender

We are seeing the same issues you are but removing and readding http in Application Control Web Browsing Services didn't help.   Assuming your SSCM imaging still working at this point which Jumbo hotfix are you running?

 

0 Kudos
Satdefender
Participant
‎2019-11-25 06:51 AM
In response to PBC_Cyber

We are still imaging really fast. Could be other things we did to fix it in addition to what was posted below.

For reference we are R80.20 JHF Take 87.

Check_Point_R80_20_JUMBO_HF_Bundle_T87_sk137592_FULL.tgz
0 Kudos
genisis__
Leader Leader
Leader
‎2019-11-25 01:42 PM
In response to Satdefender

I had SCCM issues as well, and found installing the Jumbo resolved our connectivity and speed issues.  Additional we had to add some exceptions in as well for TP.

0 Kudos
Jans_Nijboer
Explorer
‎2019-10-08 02:58 AM

Hello we ran into the same problem as we recently updated from R77:30 to R80.20.
Imaging fat-clients and laptops became very slow and Provisioning Citrix XenApp servers (PXE booted from base image)
with applications (delivered through Microsoft SCCM) takes a lot longer than before the upgrade.
Like a specific package used to take about 10 minutes and it takes 6 hours at R80.20.
We discovered that on a newly created VLAN with XenApp server was performance as before upgrade 10 min.
We made a lot of traces and could't explaine (not a lot time between packets or error's) the difference.
disabled IPS eventualy bypass infrastructure of firewall for specific VLAN to be sure the promblem was within checkpoint.
We have still have the 77.30 view in smartdashboard so we first missed the new serverVLAN was not in AV/AB.
We also excluded the imaging/provisioning trafic to the Management Point and Distro Points.
Performance is as before upgrade.
So we pinpointed it to the AV/AB section in R80.20

We still have a ticket open with R&D for this performance isue as we had the same config on R77.30 with AV/AB and it performed ok.

Steve_Vandegaer
Contributor
‎2019-12-04 06:26 AM
In response to Jans_Nijboer

We are seeing the same problem with a Altiris deployment. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events