This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
underTheWhip
Explorer
‎2022-04-07 11:37 PM

Searching in a group or vpn community is slow unless you use the +

Hi,

This is something that has been bugging me for years but I never came about to ask about it before. 

When opening a network group or a VPN Community object for example, you have the search bar at the top with the X and + buttons next to the search. If you decide to use the search it will take for ever to complete the search. But if you just click the + sign and instead search through this view the result are more or less immediate. I encounter this a alot when using 'where used' for an object that I want to remove from various groups.

The same kind of slowness is experienced when assigning tags to an object. But there you don't have + button to make it quick.

Why is it that there is such a difference in the time the results are presented? Attaching pic of the UI with search interface.

PS. not a new forum user but seems my community account didn't get transfered with the user center account when I changed employers last year.

/ Ilmo

 

 

Preview file
9 KB
0 Kudos
1 Reply
Tomer_Noy
Employee
Employee
‎2022-04-09 11:43 PM

The search box at the top of a Group object will search the contents of the group. If the group is huge (thousands or tens of thousands of objects), then this search can be a bit slow.

The "+" button opens a picker that will display all objects that can be added. This searches over the entire system. It might seem counterintuitive that the system wide search is quicker than the group search, but we have certain indexes that make this work faster.

I can give you a few tips to make things easier and quicker:

  1. In R81.10 we made many improvements to the DB mechanisms, including searching. If you are not yet on that version in the Management, I strongly recommend an upgrade. Then try again and see if the experience has improved.
  2. If you want to remove a group reference to a certain object, you don't have to open the group and search for the object. Within the network object editor, there is a page for group membership (called "Groups") that you can use to add or remove that object from groups.
  3. If you have multiple references to an object that you want to remove (from many groups), you can also use the "Where Used" dialog directly. There is a "Replace" button in that dialog that you can use to switch references to this object with another object. You can also select "None" to remove references to this object. When you use this, you'll get little checkboxes near all the references and you can pick & choose which ones you want to remove.

I hope this helps.

 

Another tip that might help: if you are using huge groups of objects as block lists for malicious IPs (something that many customers do), a more efficient option is to switch to using dynamic IoC feeds. These require the Threat Prevention blades, but are more efficient, don't require policy installation to block more IPs and don't fill up your DB with many host objects.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events