cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

AB/AV updates by Active/Standby with difference database version

Dear All,

Have a query in Active/Standby firewalls for fetching AB/AV update from CheckPoint Cloud.

We could see the difference in update time on their databases for Anti-Virus or Anti-Bot updates between Active/Standby FWs.

Both Firewalls have good internet connectivity and "Update Malware database on Security Gateway" has scheduled as well.


Is it normal behavior or is there some criteria that Standby FW will get updates after Active FW completion or any preset sync time for fetching updates between the members apart from Scheduled times.

An attached screenshot has the difference in times or Database versions for AV.

Sometime we could also see the above difference for AB updates between Active & Standby members.

Any of clue will help me to understand.

Regards, Prabulingam.N

4 Replies

Re: AB/AV updates by Active/Standby with difference database version

In SVTracker you can see the date & time that Anti-Virus or Anti-Bot updates are tried and if they finished successfully - that would be the place to look first...

0 Kudos

Re: AB/AV updates by Active/Standby with difference database version

Dear Gunther,

Yes, I could see in Tracker the updates getting fetch at time mentioned.

But unable to understand why both Members getting updates success at different times?

(Gaia R77.30 Cluster with JHF Take_286)

Any help on this.

Regards, Prabulingam.N

0 Kudos
Kim_Moberg
Silver

Re: AB/AV updates by Active/Standby with difference database version

Prabulingam,

I’ve got the same issue in Europe. 

I have seen updates.checkpoint.com have different database versions depends on what ip address answers. Try to ping multiple times updates.checkpoint.com and cws.checkpoint.com and dl3.checkpoint.com

I party solved it by setting host address in Gaia on all Secure gateways and mangement server so every time Gaia checks for updates i always reach the same server ip.

2 weeks ago al my devices had a red exclaimation mark - unable to update checkpoint Cloud and anti-not.. this was a generel checkpoint err and was fixed again two days after.

From my understanding it is a visuel “bug” Because the system works, but it takes double time before you get new updates downloaded to your devices Because it is switching between two servers. But checkpoint servers should have the same versions whether your reach ip1 or ip2 on updates.checkpoint.com


Try to ping the above ip addresses and your will see they are once in a while changing ip.

BR

Kim

Best Regards
Kim
0 Kudos

Re: AB/AV updates by Active/Standby with difference database version

Dear Kim,

Yes, but most of time I could get only this IP for updates.checkpoint.com (209.87.209.87).

I suspected that the delay from server responding to Checkpoint for Updates increment.

But my issue got solved automatically without making any changes.

Thanks for sharing your inputs - I may probably use next time with particular IP fetch.

Regards, Prabu