Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tieho_Molefe
Explorer

CheckPoint Firewall R80.10 stability issues

I seek help with technical guidance for CheckPoint Firewall R80.10 stability issues. I have upgraded firewall to R80.10. The issues that I have experienced with this version are:

• Internal system error in HTTPS Inspection due to categorization service timeout. When this error occur, firewall will drop all traffic for couple of minutes to an hour.

• URL Filtering blade – Rad service not available. This error occurs most of the time when trying to make any configuration changes to the firewalls. It happens most of the time when I try to switch firewalls running in cluster mode from HA to load sharing

• Log unification error – too many update log, logs has been truncated

7 Replies
AlekseiShelepov
Advisor

Just as a reminder, jumbo hotfix  accumulator is a must for R80.10 for now:

Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf) 

Take_85 is the latest General Availability release...

Do you have it or any previous version installed?

There are also updates for SmartConsole itself:

R80.10 SmartConsole Build 029 

0 Kudos
Marco_Valenti
Advisor

Looks like that something similar was already discussed here

https://community.checkpoint.com/message/12728-rad-kernel-errors 

But as usual before making any changes to your environment consult with your local partner or check point support

0 Kudos
Gaurav_Pandya
Advisor

Yeah, As you are facing issue with various things, it would be better to ask TAC

0 Kudos
Markus_Genser
Contributor
Contributor

Are core dumps being created for the services?

Do you have IPv6 active for the management interface?


Had the same issue with HTTPS categorisation, RAD daemon and vpnd. Generated a lot of core dumps for wstlsd, rad an vpnd.

I was able to pinpoint it to the /etc/hosts entry for an old IPv6 address (multiple upgrades from R75.40) which was missing the colons.

First step was removing the entry in /etc/hosts and then delete and set the address again in clish for the listed interface.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

First of the three issue had already been posted in CheckMates as R80.10 URL Filtering - rad admin service is not available when switching from High Availability to l....

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Filip_Wennerhul
Participant

Have the same problem as the first one.

Tieho Molefe Did you ever solve the first problem? We have the same issues. however we have fail open so the traffic is not dropped.

Günther W. Albrecht‌ how is that the solution to the problem? (not questioning you but i dont see the same problem/symptom related in the checkmates post or in the SK). I have checked the SK and have connection to the services. The issue happens from time to time and not always. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I did only reference a similar issue, not suggesting any solution - there is near to none details about the confiduration, so it could as well be a StandAlone deployment...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events