cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Global Policy Exceptions

Jump to solution

Any idea... How can I add exception for this ? I don't want to bypass the full Antivirus blade for this source.

There is not much information in the log .. Such as MD5 hash, protection name etc.

Capture.PNG

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: Global Policy Exceptions

Jump to solution

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

View solution in original post

0 Kudos
7 Replies
Highlighted
Employee+
Employee+

Re: Global Policy Exceptions

Jump to solution

Hi,

You can see the resource name on the upper-right corner. You can add an exception for that.

0 Kudos
Highlighted
Employee
Employee

Re: Global Policy Exceptions

Jump to solution

Use the URL under resource in the top right.

0 Kudos
Highlighted
Nickel

Re: Global Policy Exceptions

Jump to solution

Thanks ...

Do you mean I can add domain (.easel.inventable.com) in the exception ?

If yes, I tried to add global exception but could not find Url based domain in the destination field. Only Ip and subnets is the option.

Thanks,

Amir

0 Kudos
Highlighted
Employee+
Employee+

Re: Global Policy Exceptions

Jump to solution
Not in the scope; in the column called "Protection/Blade/Site" -- you need to add the url as a "custom site" in that column (scope can be "Any")
Highlighted
Nickel

Re: Global Policy Exceptions

Jump to solution

Antivirus blade still catches it. Not sure why .

Capture1.PNGCapture2.PNG

0 Kudos
Highlighted

Re: Global Policy Exceptions

Jump to solution

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

View solution in original post

0 Kudos
Highlighted
Nickel

Re: Global Policy Exceptions

Jump to solution

Thank you for your Help.

Yes sk139292 did work .

# fw ctl set int g_ci_av_sft_classification_buffer_size 15000

Ciao

0 Kudos