This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
babasahebb
Participant
‎2021-03-02 08:46 PM
Jump to solution

Object limitation in R80.10

I am facing a slowness issue while adding more than 1500 objects in a single Object group/policy in R80.10.

Please help.

Thanks,

Sunil 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-12-09 07:09 AM
In response to pankajjain1
Jump to solution

There isn’t a limit to the number of objects you can have in a rule per-se.
However, trying to add 30k objects to a group at one go will have issues, regardless of the method you use to do it.
If you were scripting this through the API, I’d say to add them about 100 at a time and publish the session after each batch.
It’ll probably work the same for SmartConsole.

Meanwhile, if you want a large number of IPs in a single object, it’s far better to use either Generic Data Center objects (R81 and above) or Network Objects (R81.20 and above).
Gateways will read the contents of these objects from a file on a remote server.
None of these methods require a policy install to update the objects on the gateways as a bonus.

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2021-03-02 10:10 PM
Jump to solution

Are you trying to add them all at once?
I would try to add them and publish changes in smaller chunks as trying to do 1500 at once is likely to take a while, even if you were doing this via the API.
Especially on R80.10, which is almost End of Support.
It's probably a good idea to look at upgrading to a more recent release.

0 Kudos
babasahebb
Participant
‎2021-03-09 03:23 AM
In response to PhoneBoy
Jump to solution

Thanks, PhoneBoy,

I am trying to add a very small amount but after goes count more than 1500, its works very slowly.

Will this issue resolve after upgrading to R80.20 / R80.30?

Thanks,

 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-09 03:31 AM
In response to babasahebb
Jump to solution

I would assume yes - but it is of no real importance as R80/R80.10 are out of support starting May 1st 8) Why not upgrade to R80.40 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
babasahebb
Participant
‎2021-03-09 03:49 AM
In response to G_W_Albrecht
Jump to solution

will go for an upgrade and share feedback on this.

Is there any other solution with-out upgrading?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-09 05:37 AM
In response to babasahebb
Jump to solution

You should look at performance, the load on SMS when the issue occurs compared to load before this object limit cuts in.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
babasahebb
Participant
‎2021-03-09 09:05 PM
In response to G_W_Albrecht
Jump to solution

Thanks,

We are monitoring the load of SMS, will update you on this.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-09 02:30 PM
In response to babasahebb
Jump to solution

First off: why are you adding more than 1500 objects to a rule? 
Or more specific: what precise steps are you taking?
Are you adding these objects directly to a rule, a group, or?
Based on that, perhaps we can suggest a way of working that would make more sense if you really don't want to upgrade.

Note that I can't say for sure that upgrading will solve the issue.
However, given that R80.10 is almost end of support, it's highly recommended.
There is zero reason to upgrade to R80.20/R80.30 at this point, go to R80.40 (the current widely recommended release).
There are significant improvements and fixes between R80.10 and R80.40.
If the issue still persists in R80.40, the odds of receiving a bugfix for it are much higher given where R80.10 is in its lifecycle. 

0 Kudos
babasahebb
Participant
‎2021-03-09 09:05 PM
In response to PhoneBoy
Jump to solution

Thanks, Guys for your reply.

We are planning to upgrade to R80.40, will come back with feedback post-upgrade.

0 Kudos
pankajjain1
Explorer
‎2022-12-08 09:18 PM
In response to babasahebb
Jump to solution

Hi,

This is Pankaj, I am facing the same issue in r80.40 while adding the 30k objects in multiple group. Smartconsol is getting hanged. Please let know is there any limitation for the object.

As there is a requirement from the financial institution to block the malicious IPs in their firewall. Same Administrator are adding in the deny rule.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-12-09 12:34 AM
In response to pankajjain1
Jump to solution

I think to add 30k objects is a very wrong way to configure a firewall ! If there is a requirement from the financial institution to block the malicious IPs we now have sk103154 - How to block traffic coming from known malicious IP addresses.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-09 07:09 AM
In response to pankajjain1
Jump to solution

There isn’t a limit to the number of objects you can have in a rule per-se.
However, trying to add 30k objects to a group at one go will have issues, regardless of the method you use to do it.
If you were scripting this through the API, I’d say to add them about 100 at a time and publish the session after each batch.
It’ll probably work the same for SmartConsole.

Meanwhile, if you want a large number of IPs in a single object, it’s far better to use either Generic Data Center objects (R81 and above) or Network Objects (R81.20 and above).
Gateways will read the contents of these objects from a file on a remote server.
None of these methods require a policy install to update the objects on the gateways as a bonus.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top