This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jerom_van_den_H
Explorer
‎2018-02-27 05:39 AM

CPVIEW Software-Blades R80.10

In CPVIEW Software-blades overview 

I do see an update time for Anti-Virus and Anti-Bot.

But when I install the latest IPS update I don't see any Update Time.

Any ideas what this would cause.

See attached a screenshot.

When I Look in the Smartdashboard I do see an Update Time.

We also have a monitor that does a check to see a last updates time and this does work

See the script below.

CLI

 

grep -A2 "sd_last_update_time" /var/opt/CPsuite-R80/fw1/state/local/AMW/local.IPS.set

   : (sd_last_update_time

    :type (int)

    :val (1519719370)

 

EPOC time: 1519719370

 

date -d @1519719370

Tue Feb 27 09:16:10 CET 2018

13 Replies
XBensemhoun
Employee
Employee
‎2018-02-27 08:02 AM

I, could you share with us the Security Management Server version (R80 or R80.10) and Jumbo HF installed ?

I've check on R80 and R80.10 known limitations but your issue is not part of those sk.

I see that scheduled update is not planned : could you try to enable this ?

Information Security enthusiast, CISSP, CCSP
0 Kudos
Gaurav_Pandya
Advisor
‎2018-02-27 09:17 AM

I suspect this is bug and may be overcome with latest hotfix or upcoming hotfix. However you can check by scheduling IPS update as suggested by Xavier.

G_W_Albrecht
Legend
Legend
‎2018-02-28 12:23 AM

I can see this issue replicated on my Lab GW R80.10 JT 70 - but there, only IPS is N/A, the other three show Update Time values, even APCL... So it seems that currently this is available in Dashboard only - # ips stat only shows the version, not the update date & time.

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-02-28 01:58 AM

I had planned a fresh GW installation, so in performed that this morning and monitored the cpview IPS update display during install:

- installed Check_Point_R80.10_T462_Gaia.iso

- after FTW + load configuration, no policy installed: only AV showed Update Time (all 4 blades showed disabled)

- after establishing SIC and installing Acces Control policy: APCL and AV showed Update Time (3 blades showed disabled, APCL enabled)

- after installing Access & Threat policy: only IPS showed no Update Time (all 4 blades showed enabled)

- after installing Jumbo Take 85: No change...

CCSE CCTE SMB Specialist
XBensemhoun
Employee
Employee
‎2018-02-28 06:45 AM
In response to G_W_Albrecht

and what about scheduling IPS updates ? does it change anything ?

Information Security enthusiast, CISSP, CCSP
0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-02-28 06:53 AM
In response to XBensemhoun

Sorry, fact is that all TP updates are scheduled in Dashboard, e.g. APCL at 00:00 and IPS at 00:20, but without policy install. So the GW will only learn about the last IPS update during policy install...

I have set schedule for IPS update in 5 mins with policy install and then will update here!

CCSE CCTE SMB Specialist
0 Kudos
G_W_Albrecht
Legend
Legend
‎2018-02-28 07:08 AM
In response to G_W_Albrecht

Did not find new IPS version, so the scheduled update did neither download anything nor perform a policy install. After a manual policy install (both Access +TP) nothing has chamged and the IPS date still is missing.

CCSE CCTE SMB Specialist
Danny
Champion
Champion
‎2018-03-07 04:34 PM

I added your grep routine to our ccc script. Thanks for the hint!

Vladimir
Champion
Champion
‎2018-03-11 06:23 AM
In response to Danny

Danny,

Any chance of implementing automated updates for CCC?

Danny
Champion
Champion
‎2018-03-14 04:06 AM
In response to Vladimir

Vladimir,

I was already thinking about this, too. Unluckily our ccc thread cannot be accessed without a CheckMates login. I would need to move it to some other location to enable this feature.

0 Kudos
Danny
Champion
Champion
‎2018-04-10 02:44 PM
In response to Vladimir

Vladimir,

I implemented automated updates in version 1.6 of our ccc script.

Vladimir
Champion
Champion
‎2018-04-10 02:48 PM
In response to Danny

Thank you Danny!

You are awesome Smiley Happy

PhoneBoy
Admin
Admin
‎2018-03-09 01:10 PM

This might be worth raising a TAC case about: Contact Support | Check Point Software 

On my own gateway, IPS shows N/A and App Control shows a date.

0 Kudos