- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
In CPVIEW Software-blades overview
I do see an update time for Anti-Virus and Anti-Bot.
But when I install the latest IPS update I don't see any Update Time.
Any ideas what this would cause.
See attached a screenshot.
When I Look in the Smartdashboard I do see an Update Time.
We also have a monitor that does a check to see a last updates time and this does work
See the script below.
CLI
grep -A2 "sd_last_update_time" /var/opt/CPsuite-R80/fw1/state/local/AMW/local.IPS.set
: (sd_last_update_time
:type (int)
:val (1519719370)
EPOC time: 1519719370
date -d @1519719370
Tue Feb 27 09:16:10 CET 2018
I, could you share with us the Security Management Server version (R80 or R80.10) and Jumbo HF installed ?
I've check on R80 and R80.10 known limitations but your issue is not part of those sk.
I see that scheduled update is not planned : could you try to enable this ?
I suspect this is bug and may be overcome with latest hotfix or upcoming hotfix. However you can check by scheduling IPS update as suggested by Xavier.
I can see this issue replicated on my Lab GW R80.10 JT 70 - but there, only IPS is N/A, the other three show Update Time values, even APCL... So it seems that currently this is available in Dashboard only - # ips stat only shows the version, not the update date & time.
I had planned a fresh GW installation, so in performed that this morning and monitored the cpview IPS update display during install:
- installed Check_Point_R80.10_T462_Gaia.iso
- after FTW + load configuration, no policy installed: only AV showed Update Time (all 4 blades showed disabled)
- after establishing SIC and installing Acces Control policy: APCL and AV showed Update Time (3 blades showed disabled, APCL enabled)
- after installing Access & Threat policy: only IPS showed no Update Time (all 4 blades showed enabled)
- after installing Jumbo Take 85: No change...
and what about scheduling IPS updates ? does it change anything ?
Sorry, fact is that all TP updates are scheduled in Dashboard, e.g. APCL at 00:00 and IPS at 00:20, but without policy install. So the GW will only learn about the last IPS update during policy install...
I have set schedule for IPS update in 5 mins with policy install and then will update here!
Did not find new IPS version, so the scheduled update did neither download anything nor perform a policy install. After a manual policy install (both Access +TP) nothing has chamged and the IPS date still is missing.
I added your grep routine to our ccc script. Thanks for the hint!
Danny,
Any chance of implementing automated updates for CCC?
Vladimir,
I was already thinking about this, too. Unluckily our ccc thread cannot be accessed without a CheckMates login. I would need to move it to some other location to enable this feature.
Vladimir,
I implemented automated updates in version 1.6 of our ccc script.
Thank you Danny!
You are awesome
This might be worth raising a TAC case about: Contact Support | Check Point Software
On my own gateway, IPS shows N/A and App Control shows a date.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY