Re: Network object member of another network objec...

marki · ‎2023-05-15

Hello,

I have a problem here. I've been in contact with support but I'm really not sure.

I have a network object that is shown as a member of another network object, which I find strange.

I have checked both these objects using DBedit and their cdm_auto_calculated value is false.

Why am I looking at this value? Because they are suggesting to apply sk126872.

I guess what they want to do is just hide the strange reference from display (set cdm_auto_calculated to true). But I'm not sure, as that sk is not about cdm_auto_calculated false->true but about the case in which you had better set it to false.

Hiding it from view does not seem to answer why these two network objects have references to each other in the first place.

Can someone maybe explain?

Thanks

R80.40 latest JHF

the_rock · ‎2023-05-15

Forgive my ignorance, but Im totally confused as far as what issue here is. Would you mind explain again?

If I understood right, you dont see specific object in smart console and you followed sk126872 to try and fix it, but still same problem?

Andy

marki · ‎2023-05-15

You can see the issue in the picture/screenshot (the "where used" dialog).

Why is a network object shown as being "used" by another network object?

the_rock · ‎2023-05-15

I have no idea, sorry...can you open the 2 objects named *pc_network and g_AS and see if they contain net_se?

Andy

Bob_Zimmerman · ‎2023-05-15

That's extremely strange. I have no idea how a network could have a reference to another network.

Find them via the API to get their UUIDs, then use 'show generic-object' with the UUIDs. Do you see a reference to either object's name or UUID in the other object's output?

the_rock · ‎2023-05-15

As both @JozkoMrkvicka and @Bob_Zimmerman said, there is logic in both answers. First of all, one network cant be added inside of a different one and as Jozko said, its possible there is remnant from really old version. I would definitely fire up Guidbedit and search for those objects, see what gives.

Andy

marki · ‎2023-05-16

There is a "reference"

Vincent_Bacher · ‎2023-05-16

What's about just deleting the reference in GuiDBedit?

If it works, then the best thing you can often do after solving issues at Checkpoint: Just don't think about it any more. 😉

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

marki · ‎2023-05-16

So support is totally going in the wrong direction by having me tweak cdm_auto_calculated according to sk126872?

In the meantime I have found other network objects referring to network objects....

Vincent_Bacher · ‎2023-05-16

@marki wrote:
So support is totally going in the wrong direction by having me tweak cdm_auto_calculated according to sk126872?
In the meantime I have found other network objects referring to network objects....

I don't want to judge the support but rather just solve the problem and tick it off. 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock · ‎2023-05-16

Personally, I dont believe what they are having you do is needed. Just follow what we mentioned for Guidbedit. Make sure to take backup/snapshot, just in case.

Andy

the_rock · ‎2023-05-16

There you go, so just delete it there and as @Vincent_Bacher said, best you can do, dont think about it afterwards lol. O, and dont forget to install policy/database, just in case.

Andy

JozkoMrkvicka · ‎2023-05-15

It will be some strange creation of supernet in very old version (like R77.30 or lower). Maybe during creation of anti-spoofing group. Have these also in prod. No issue at all.

Kind regards,
Jozko Mrkvicka

JozkoMrkvicka · ‎2023-05-24

I found older relevant post by @Vladimir :

https://community.checkpoint.com/t5/API-CLI-Discussion/Can-someone-put-together-a-script-to-delete-a...

So these "Net_" objects are automatically created while using "Get Interfaces with Topology" or during creation of gateway objects with static-routes already pre-provisioned.

Kind regards,
Jozko Mrkvicka

the_rock · ‎2023-05-24

Interesting...I just tried it in brand new R81.20 lab I built recently and did not see anything new created at all.

Andy

the_rock · ‎2023-05-24

Also tried in R81.10 lab where I have single appliance, as well as cluster, all with latest jumbo hotfix, nothing happened when I got interfaces WITH topology.

Maybe this was an issue in pre R81?

Andy

JozkoMrkvicka · ‎2023-05-24

Good oportunity to wipe the dust from R75.40 or R77.30 ISOs and try it there 😄

Kind regards,
Jozko Mrkvicka

the_rock · ‎2023-05-25

@JozkoMrkvicka 🤣🤣🤣

Are you a member of CheckMates?

Network object member of another network object