This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luis_Miguel_Mig
Advisor
‎2025-04-01 03:06 AM

smarconsole changes (former workflow)

We all know how helpful "smartconsole changes (former workflow)" is when you make changes. It gives confidence and totally awareness of what configuration changes you make in the firewalls when you install a policy.

I am facing an issue at the moment with this feature.
When I add a  new cluster interface in smarconsole and I run the "changes" functionality, smartconsole shows me not only the new interface addition but also it shows me other interfaces  (active clusterxl interfaces in production ) to delete.

So it is quite disturbing, because this functionality is supposed to give you confidence in your change management process however it shows you changes that have nothing to do with the real changes that you have just done.

We have tested it in the lab and push these configuration changes and apparently smartconsole doesn't remove these interfaces in the gateways, but it is still quite configusing.

I would like to know if someone has seen something similar and/or someone knows how to troubleshoot it and find the root cause of this misleading behaviour.

0 Kudos
13 Replies
the_rock
MVP Gold
MVP Gold
‎2025-04-01 05:02 AM

I never had such a thing happen to me, either in R81.20 or R82. Can you send an example, ie screenshot? Just blur out any sensitive data.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-01 09:45 AM

It's consistent with the fact modifying gateway interfaces with the API requires you to add ALL interfaces to the gateway object if you make ANY interface changes.
SmartConsole does the same thing under the covers, which is why it shows in the Change Report the way it does.

On the plus side, R82 has APIs to manipulate individual interfaces associated with gateway objects.
When I tried to add an interface to an existing gateway on my system (and I also did a "Get Interfaces" without Topology), it did mention other interfaces were "edited" but only showed details about the one interface that WAS added.
It did note the other interfaces were "edited" with no details.

image.png

In short: this should be fixed in R82 for regular gateway objects only.
I suspect other types of gateways in R82 (Legacy VSX, SMB Gateways, ClusterXL gateways) will still have the same behavior that you asked about here, which appears to be expected behavior.

Luis_Miguel_Mig
Advisor
‎2025-04-02 04:55 AM
In response to PhoneBoy

pdf attached.

As you can see I add interface bond2.455 but   it shows that interface bond3.3809 and bond3.2201 will be deleted for no reason.
Bond3.3809 and bond3.2201  are fully operational interfaces and therefore it is quite scary.

Preview file
450 KB
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-02 04:57 AM
In response to Luis_Miguel_Mig

Hey Luis,

Its barelvy visible what you attached, do you have regular screenshot?

Andy

0 Kudos
Luis_Miguel_Mig
Advisor
‎2025-04-02 04:59 AM
In response to the_rock

Have you zoomed in? You can see it very well,  no?

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-02 05:07 AM
In response to Luis_Miguel_Mig

Cant see it...

Andy

0 Kudos
Luis_Miguel_Mig
Advisor
‎2025-04-02 07:27 AM
In response to the_rock

I have attached screenshots in the next post

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-02 06:58 AM
In response to Luis_Miguel_Mig

I completely understand why this looks scary 🙂
Having said that, it's (very likely) expected in this case.

0 Kudos
Luis_Miguel_Mig
Advisor
‎2025-04-02 07:27 AM
In response to PhoneBoy

Attached screenshots.
But  it is  a  bit different to what you describe, isn't it?
It is the first time I have noticed it and  I think it doesn't happen with other clusters.
I will test it and check the behaviour in  a different environment/cluster.

Preview file
26 KB
Preview file
30 KB
Preview file
47 KB
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-04-02 07:34 AM
In response to Luis_Miguel_Mig

I would verify what could be different with other clusters.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-02 12:51 PM
In response to Luis_Miguel_Mig

Even if the behavior is somewhat different, the underlying cause is likely the same (namely how the backend handles updating interfaces in an existing gateway object).
You're in TAC case territory in any case.

0 Kudos
Luis_Miguel_Mig
Advisor
‎2025-04-03 06:40 AM
In response to PhoneBoy

Interface edited is one thing but interface about to be deleted is more concerning 😉
I was hoping that a R&D engineer/manager could read this post. 
TAC was happy to reproduce the case and see that interface wasn't removed. But to me it is quite disturbing to see random live interfaces about to be deleted every time I create a new one. I think Checkpoint should try to find root cause.

0 Kudos
PhoneBoy
Admin
Admin
‎2025-04-03 07:21 AM
In response to Luis_Miguel_Mig

Ask the TAC to open a CFG task to have this issue investigated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events