This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Albert_Davis
Explorer
‎2018-07-31 10:18 AM

ICMP-Proto added to Anonymizer

Policy Installation Failure - 1Policy Installation Failure - 2While trying to install policy to our Gateway cluster, we received the following failure message:

Come to find out during the 7/30 URLF/App Ctrl automagic update, the Anonymizer object was updated and now has the icmp-proto included which appears to be causing the installation failure.

Is the inclusion of icmp-proto in the Anonymizer intentional or accidental?

Also, if it was intentional, is it permanent?

Thank You,

Albert

9 Replies
PhoneBoy
Admin
Admin
‎2018-07-31 11:16 AM

The images you embedded didn't come across.

In any case, I recommend engaging with the TAC as I can't imagine this change was intentional.

Contact Support | Check Point Software 

0 Kudos
Mor_Himi
Employee Alumnus
Employee Alumnus
‎2018-07-31 01:56 PM

Hi,

The issue has been resolved earlier today with the latest online update package.

Please make sure the Security Management server is updated and push policy.

Thanks...

  --Mor

.

0 Kudos
Albert_Davis
Explorer
‎2018-07-31 02:14 PM
In response to Mor_Himi

Thanks, Mor.

I ran the manual Management update and the Anonymizer is back to its original state and I should not run into the same issue when I install policy this evening to my R77.30 cluster.

Thanks, again.

Albert

0 Kudos
Vladimir
Champion
Champion
‎2018-07-31 02:07 PM

Hmm... I see the ICMP in the Anonymizer, but in and by itself it does not cause any issues:

  

0 Kudos
Mor_Himi
Employee Alumnus
Employee Alumnus
‎2018-07-31 02:11 PM
In response to Vladimir

The issue is only related to setups with R80.10 managing R77.X or earlier GWs..

0 Kudos
Vladimir
Champion
Champion
‎2018-07-31 02:15 PM
In response to Mor_Himi

Understood. Did the latest update remove the ICMP Proto from Anonymizers, or is it still present and some-kind of background logic was embedded to differentiate installation targets?

0 Kudos
Mor_Himi
Employee Alumnus
Employee Alumnus
‎2018-07-31 02:19 PM
In response to Vladimir

The latest update removed the ICMP service from the category (two categories were affected - Critical Risk & Anonymizers).

We're working with the relevant groups to explore alternative vehicle for delivering this change to the field.

0 Kudos
Vladimir
Champion
Champion
‎2018-07-31 02:44 PM
In response to Mor_Himi

Thanks! Seeing same thing after manual update: ICMP is removed from two categories.

Bhautik
Contributor
‎2018-08-22 01:28 PM

Still seeing similar issue for icmp_request,. traffic is being dropped due its falls under other category as well.

Database already updated manually and it doesn't has the icmp serivces listed under Anonymizer and Critical risk.

it consider icmp request as - application name : DET (Data Exfiltration Toolkit - ICMP Mode)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top