- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Since we have upgraded Management and Gateways to R80.20 T101 we've had a lot of latency issues with SCCM imaging our laptops. A 13500 appliance sits between the imaging laptop and the SCCM server.
In our packet captures we can see 3 Retransmission packets before a 4th allows traffic through. This behavior happens continuously. We believe this is the cause for the laptops that took 45 mins to image to now take 3.5 hours.
The following Blades are active:
FW,VPN,IPS,App,URL,AV,AB
The FW policy allows connection to the imaging server using standard TCP and UDP ports. But the rest of the policy in other sections is using Updateable Objects (to support O365) and domain objects. I state that other information because I'm not sure if that will affect performance.
We have tried the follow actions to address the issue without success:
Rebuilt SCCM Management Point and Distro Points.
Failover to the standby cluster member
disable fwaccel
Ensured there were no drops in FW policy
created custom application risk level low
Unchecked "Block requests when web service is unavailable" in Blades - AppControl Advanced Settings
In Blades - AppControl - Website categorization mode: Background
In Blades - Threat Prevention- Website categorization mode: Background
Validated the networking is solid the whole way. The laptop images fine when the gateway isn't in the path.
CPU runs less than 10% average
All errors resolved in a zdebug + drop
I would appreciate some suggestions on where to look next.
_Vic_
So after posting this question we have come to a resolution.
SCCM uses port 80 to download its imaging files which was a fact missing from my initial post. In order to get this working I had to remove HTTP in the Blades - AppControl, Application Control Web Browsing Services. Push policy, then add it back and push policy again.
We initially thought removing it would fix the issue, but it didn't change any of the behavior. So we put it back, and then it started to work. Very strange indeed.
Another option for those that might experience this issue is to ask your SCCM administrator to image over a different port.
Good Luck.
We are seeing the same issues you are but removing and readding http in Application Control Web Browsing Services didn't help. Assuming your SSCM imaging still working at this point which Jumbo hotfix are you running?
We are still imaging really fast. Could be other things we did to fix it in addition to what was posted below.
For reference we are R80.20 JHF Take 87.
I had SCCM issues as well, and found installing the Jumbo resolved our connectivity and speed issues. Additional we had to add some exceptions in as well for TP.
Hello we ran into the same problem as we recently updated from R77:30 to R80.20.
Imaging fat-clients and laptops became very slow and Provisioning Citrix XenApp servers (PXE booted from base image)
with applications (delivered through Microsoft SCCM) takes a lot longer than before the upgrade.
Like a specific package used to take about 10 minutes and it takes 6 hours at R80.20.
We discovered that on a newly created VLAN with XenApp server was performance as before upgrade 10 min.
We made a lot of traces and could't explaine (not a lot time between packets or error's) the difference.
disabled IPS eventualy bypass infrastructure of firewall for specific VLAN to be sure the promblem was within checkpoint.
We have still have the 77.30 view in smartdashboard so we first missed the new serverVLAN was not in AV/AB.
We also excluded the imaging/provisioning trafic to the Management Point and Distro Points.
Performance is as before upgrade.
So we pinpointed it to the AV/AB section in R80.20
We still have a ticket open with R&D for this performance isue as we had the same config on R77.30 with AV/AB and it performed ok.
We are seeing the same problem with a Altiris deployment.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY