CPVIEW Software-Blades R80.10

Jerom_van_den_H · ‎2018-02-27

In CPVIEW Software-blades overview

I do see an update time for Anti-Virus and Anti-Bot.

But when I install the latest IPS update I don't see any Update Time.

Any ideas what this would cause.

See attached a screenshot.

When I Look in the Smartdashboard I do see an Update Time.

We also have a monitor that does a check to see a last updates time and this does work

See the script below.

CLI

grep -A2 "sd_last_update_time" /var/opt/CPsuite-R80/fw1/state/local/AMW/local.IPS.set

: (sd_last_update_time

:type (int)

:val (1519719370)

EPOC time: 1519719370

date -d @1519719370

Tue Feb 27 09:16:10 CET 2018

XBensemhoun · ‎2018-02-27

I, could you share with us the Security Management Server version (R80 or R80.10) and Jumbo HF installed ?

I've check on R80 and R80.10 known limitations but your issue is not part of those sk.

I see that scheduled update is not planned : could you try to enable this ?

Information Security enthusiast, CISSP, CCSP

Gaurav_Pandya · ‎2018-02-27

I suspect this is bug and may be overcome with latest hotfix or upcoming hotfix. However you can check by scheduling IPS update as suggested by Xavier.

G_W_Albrecht · ‎2018-02-28

I can see this issue replicated on my Lab GW R80.10 JT 70 - but there, only IPS is N/A, the other three show Update Time values, even APCL... So it seems that currently this is available in Dashboard only - # ips stat only shows the version, not the update date & time.

G_W_Albrecht · ‎2018-02-28

I had planned a fresh GW installation, so in performed that this morning and monitored the cpview IPS update display during install:

- installed Check_Point_R80.10_T462_Gaia.iso

- after FTW + load configuration, no policy installed: only AV showed Update Time (all 4 blades showed disabled)

- after establishing SIC and installing Acces Control policy: APCL and AV showed Update Time (3 blades showed disabled, APCL enabled)

- after installing Access & Threat policy: only IPS showed no Update Time (all 4 blades showed enabled)

- after installing Jumbo Take 85: No change...

XBensemhoun · ‎2018-02-28

and what about scheduling IPS updates ? does it change anything ?

Information Security enthusiast, CISSP, CCSP

G_W_Albrecht · ‎2018-02-28

Sorry, fact is that all TP updates are scheduled in Dashboard, e.g. APCL at 00:00 and IPS at 00:20, but without policy install. So the GW will only learn about the last IPS update during policy install...

I have set schedule for IPS update in 5 mins with policy install and then will update here!

G_W_Albrecht · ‎2018-02-28

Did not find new IPS version, so the scheduled update did neither download anything nor perform a policy install. After a manual policy install (both Access +TP) nothing has chamged and the IPS date still is missing.

Danny · ‎2018-03-07

I added your grep routine to our ccc script. Thanks for the hint!

Vladimir · ‎2018-03-11

Danny,

Any chance of implementing automated updates for CCC?

Danny · ‎2018-03-14

Vladimir,

I was already thinking about this, too. Unluckily our ccc thread cannot be accessed without a CheckMates login. I would need to move it to some other location to enable this feature.

Danny · ‎2018-04-10

Vladimir,

I implemented automated updates in version 1.6 of our ccc script.

Vladimir · ‎2018-04-10

Thank you Danny!

You are awesome

PhoneBoy · ‎2018-03-09

This might be worth raising a TAC case about: Contact Support | Check Point Software

On my own gateway, IPS shows N/A and App Control shows a date.

CPVIEW Software-Blades R80.10

Application Control Update Question

Daily log size in R77.20 SmartDashboard on Windows

Adding Threat Prevention IOC's via SmartConsole

Automate Log copy to external SFTP

Report on Compliance Blade inactive objects