Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend Legend
Legend
Jump to solution

Searching Network Objects in R80.xx is crippled

Managing large networks is easier if searching in Dashboard does simply work ! In R77.30, it was easy to search for e.g. servers in network objects > hosts, see here an example from Demo mode:

server.png

In the search results, we can find the objects having a name containing "server" as well as objects having "server" in comment field - so, it is easy to find all server objects.

But not in R80.xx - in Demo, we see a list of Hosts named using "server":

Server1.png

So when searching, we would expect to get all objects with "server" in its name, but not the one with "srv". But what do we really get ? Not much:

server2.png

It will not show the FileServer and WebCalendarServer. But now. try it yourself and do not search "Server" but "erver" - nothing will be shown at all !

I am thinking that this is not a search function anymore !

But what about other users, is this kind of searching unusable or not needed anymore ? Does anyone else miss it ? And what did really happen to Dashboard that did the searching very well in R77.30 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
2 Solutions

Accepted Solutions
Tomer_Noy
Employee
Employee

Thanks all for sharing this feedback. I will try to explain why things work as they do, and also how we are planning to improve that.

Before R80, the SmartDashboard loaded all DB objects into the client memory upon login. When you searched for an object, it scanned the entire list, looking for your sub-string. This worked reasonably well in most environments, but sometimes was slow on huge DBs.

In R80.x, we have all our objects in a modern DB and strive to avoid loading everything into memory. Also, we have an indexing engine (Solr) that maintains an index of all the "words" in the various objects in the DB. When you are searching in Object Explorer or a picker, we look for objects with words that begin with your sub-string. This catches object names that begin with your word, but also examples like searching "Server" to find "Web Server". Although "Server" appears in the middle of the value, our indexing engine understands that it's a separate word that should be indexed (because of the space character). The searching is done using the index in order to return results quickly and to avoid loading the server by a full scan.

Following feedback, we understand that this may be frustrating (especially with examples like "WebServer").
What are we doing to improve?

In the upcoming R80.40 we will add two new behaviors:

1) You will be able to prefix your searches with '*' in order to force a full search, for example "*Server". This will be less efficient, but will find everything you are looking for (like in R77.x).

2) We are modifying the indexing tokenization algorithm to take into account changes in case. This means that words like "WebServer" will be considered two words => "Web" and "Server", due to the capital 'S', even without using a space character. Hopefully, this will catch most searches efficiently, without the need to use '*'.

Let me know if you think this will be useful.

View solution in original post

(1)
G_W_Albrecht
Legend Legend
Legend

At least we now have wildcard * at position 1 in R80.40 and starting R80.30 JT 195 with SmartConsole R80.30(GA Build #76) is now available 

More details see  sk164873: New ability to search in the Management Server by adding asterisk before any sequence of ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

25 Replies
Reinhard_Stich
Contributor

 

I also miss that feature and I hope CP will update the console with that feature soon

Maarten_Sjouw
Champion
Champion
Try the same from Object explorer.
Regards, Maarten
0 Kudos
Reinhard_Stich
Contributor
it's the same in object explorer.
G_W_Albrecht
Legend Legend
Legend

It is just the same behavior - only that there is additional highlighting:

Server3.png

And the "erver" behavior is replicated there, too:

Server4.png

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Timothy_Hall
Legend Legend
Legend

Bring up the legacy SmartDashboard by pretending to configure HTTPS Inspection from the R80+ SmartConsole, then do your searches from there.  🙂

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Reinhard_Stich
Contributor
this is a dirty workaround that helps in some cases. but for daily operations this is not really useful.
check point pretends to pay attentions to usability - and there are several features in R80+ that are really useful. I just wonder if only my customers and I miss that feature that much or others too ...
OliverSuess
Explorer

Our customers are also complaining about this issue, they don't really understand why this "feature" was removed!

Timothy_Hall
Legend Legend
Legend

My opinion is that it wasn't really "removed", but is a byproduct of the architectural changes in the R80+ SMS.  In R77.30 and earlier, the SmartDashboard had a lot more "intelligence" (for lack of a better word), and operations such as searches we performed completely by the SmartDashboard who had a copy of all objects and rules cached in its local memory for as long as the SmartDashboard was connected to the SMS.  Note that this information was never written to the SmartDashboard system's hard drive.

However in R80+, the vast majority of the "intelligence" was moved to the SMS which was now able to successfully leverage multiple cores for security management operations.  This was probably necessary in R80+ due to multiple administrators in read/write mode accessing the configuration simultaneously.  The R80+ SmartConsole is basically just a thin display client for what the SMS is telling it to display.  As a result, operations such as searches are actually happening up the SMS; this is also why on some screens only a limited number of objects are shown initially, and scrolling down into a new set of objects will cause a bit more delay as the additional objects must be retrieved from the SMS instead of being cached (and searched) locally.  This also becomes readily apparent when there is high latency (>100ms) between the R80+ SmartConsole and the SMS as operations will become noticeably slower.

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
Stefan_Lassnig
Explorer

Hi,

also miss this "simple" and very useful feature in R80.x 😞

BR Stefan

0 Kudos
Martin_Hofbauer
Contributor
Contributor

Perhaps this massive backwardness of functionality is not so well known to all who only do installations and upgrades( I assume when asking to try in Object explorer), but if you maintain Rulebases every day it is something that almost always means a (big) limitation.

Example: "Group with Exclusions": If you do not find all the objects that you expect for these "Exclusions", and have this object in the SRC field of a Allow Rule: that could lead to a security problem.

My first customers who had upgraded to R80 were surprised by this restriction and expected a return of the missing features in R80.10. Since both R80.20 and R80.30 (after 3 years) did not address this restriction, I have consistently noticed considerable displeasure among my customers. Again: EVERY R80 customer see this limitation several times a day. Frustration for Checkpoint is growing constantly.

Thanks
Martin

Maarten_Sjouw
Champion
Champion

I just tested the search in Object Explorer in R80.30 and searched for a word I knew for sure was in the comments, it found both the name and comment occurrences.

Also in the normal list on the right side it finds things from the comments again.

Regards, Maarten
0 Kudos
Wolfgang
Authority
Authority
This a real and very bad limitation. Too on the newest release.
I can't understand why we can search for "server" getting resulsts and for "erver" and does not get any results. A working search function should be no problem.
I'm always wondering that CheckPoint is fighting again GenV security threads, going into the cloud to allow agile security management, but a simple search function is problematic.
Maybee we have to wait for this function for some more years.
Remember, everyone needs more then one working administrator and it tooks much more then 10 years to get this functionality.

I saw sk113603, from september 2016 describing this problem. Only three years ! Yes I'm sarcastic, but it is a shame to not have this simple search feature 3 years later.

Wolfgang
Reinhard_Stich
Contributor
the SK says:
"Not finding objects when using substrings in the middle of the word, is an expected behavior."
at least most users expect something else 🙂
Benedikt_Weissl
Advisor

I've just tested this with R80.20. The seems to me that the algorithm is "cutting" the names/comments apart at white spaces and then tries to match your searchstring 1:1 onto each piece.

0 Kudos
Bernhard_Sayer
Contributor

It´s back-breaking and it´s hard to tell this "new" limitation every customer who i do an upgrade from R77.30 ….

 

CoolKangaroo
Explorer

Hi,

I also miss the good old search like it was in 77.30. What is called search now in 80.20 hurts me every day 😞

 

Tomer_Noy
Employee
Employee

Thanks all for sharing this feedback. I will try to explain why things work as they do, and also how we are planning to improve that.

Before R80, the SmartDashboard loaded all DB objects into the client memory upon login. When you searched for an object, it scanned the entire list, looking for your sub-string. This worked reasonably well in most environments, but sometimes was slow on huge DBs.

In R80.x, we have all our objects in a modern DB and strive to avoid loading everything into memory. Also, we have an indexing engine (Solr) that maintains an index of all the "words" in the various objects in the DB. When you are searching in Object Explorer or a picker, we look for objects with words that begin with your sub-string. This catches object names that begin with your word, but also examples like searching "Server" to find "Web Server". Although "Server" appears in the middle of the value, our indexing engine understands that it's a separate word that should be indexed (because of the space character). The searching is done using the index in order to return results quickly and to avoid loading the server by a full scan.

Following feedback, we understand that this may be frustrating (especially with examples like "WebServer").
What are we doing to improve?

In the upcoming R80.40 we will add two new behaviors:

1) You will be able to prefix your searches with '*' in order to force a full search, for example "*Server". This will be less efficient, but will find everything you are looking for (like in R77.x).

2) We are modifying the indexing tokenization algorithm to take into account changes in case. This means that words like "WebServer" will be considered two words => "Web" and "Server", due to the capital 'S', even without using a space character. Hopefully, this will catch most searches efficiently, without the need to use '*'.

Let me know if you think this will be useful.

(1)
Reinhard_Stich
Contributor

this sounds really good. I will have a loot at the EA of 80.40 and check out the new feature.

I like !!

thanks !

0 Kudos
Maarten_Sjouw
Champion
Champion
Tomer,
Question, will this also work in a administrator list as in a MDS where we have 250 admins that have their name end in a 3 or 4 digit number. This number is the last octet of the IP for the domain they are entitled to. As we needed to resotre those rights for about 20 domains with around 50 admins that search ability would have been very helpful.
Regards, Maarten
0 Kudos
Tomer_Noy
Employee
Employee
Sure. Adding the '*' in the beginning of your search with the desired number, should work in the admins list as well.
0 Kudos
CoolKangaroo
Explorer
Sounds good. Looking forward to R80.40!
Thanks a lot!
0 Kudos
Norbert_Bohusch
Advisor
really nice to see that this gets finally addressed!
0 Kudos
quncy
Explorer

will index the comment field as well? 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

At least we now have wildcard * at position 1 in R80.40 and starting R80.30 JT 195 with SmartConsole R80.30(GA Build #76) is now available 

More details see  sk164873: New ability to search in the Management Server by adding asterisk before any sequence of ...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
quncy
Explorer

ya just test 80.30 t140,  the * work. also search comment field. 

this help are lot when we need to search rule by ticket number

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events