cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Searching Network Objects in R80.xx is crippled

Managing large networks is easier if searching in Dashboard does simply work ! In R77.30, it was easy to search for e.g. servers in network objects > hosts, see here an example from Demo mode:

server.png

In the search results, we can find the objects having a name containing "server" as well as objects having "server" in comment field - so, it is easy to find all server objects.

But not in R80.xx - in Demo, we see a list of Hosts named using "server":

Server1.png

So when searching, we would expect to get all objects with "server" in its name, but not the one with "srv". But what do we really get ? Not much:

server2.png

It will not show the FileServer and WebCalendarServer. But now. try it yourself and do not search "Server" but "erver" - nothing will be shown at all !

I am thinking that this is not a search function anymore !

But what about other users, is this kind of searching unusable or not needed anymore ? Does anyone else miss it ? And what did really happen to Dashboard that did the searching very well in R77.30 ?

15 Replies

Re: Searching Network Objects in R80.xx is crippled

 

I also miss that feature and I hope CP will update the console with that feature soon

Re: Searching Network Objects in R80.xx is crippled

Try the same from Object explorer.
Regards, Maarten
0 Kudos

Re: Searching Network Objects in R80.xx is crippled

it's the same in object explorer.

Re: Searching Network Objects in R80.xx is crippled

It is just the same behavior - only that there is additional highlighting:

Server3.png

And the "erver" behavior is replicated there, too:

Server4.png

Re: Searching Network Objects in R80.xx is crippled

Bring up the legacy SmartDashboard by pretending to configure HTTPS Inspection from the R80+ SmartConsole, then do your searches from there.  🙂

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos

Re: Searching Network Objects in R80.xx is crippled

this is a dirty workaround that helps in some cases. but for daily operations this is not really useful.
check point pretends to pay attentions to usability - and there are several features in R80+ that are really useful. I just wonder if only my customers and I miss that feature that much or others too ...
0 Kudos

Re: Searching Network Objects in R80.xx is crippled

Our customers are also complaining about this issue, they don't really understand why this "feature" was removed!

0 Kudos

Re: Searching Network Objects in R80.xx is crippled

My opinion is that it wasn't really "removed", but is a byproduct of the architectural changes in the R80+ SMS.  In R77.30 and earlier, the SmartDashboard had a lot more "intelligence" (for lack of a better word), and operations such as searches we performed completely by the SmartDashboard who had a copy of all objects and rules cached in its local memory for as long as the SmartDashboard was connected to the SMS.  Note that this information was never written to the SmartDashboard system's hard drive.

However in R80+, the vast majority of the "intelligence" was moved to the SMS which was now able to successfully leverage multiple cores for security management operations.  This was probably necessary in R80+ due to multiple administrators in read/write mode accessing the configuration simultaneously.  The R80+ SmartConsole is basically just a thin display client for what the SMS is telling it to display.  As a result, operations such as searches are actually happening up the SMS; this is also why on some screens only a limited number of objects are shown initially, and scrolling down into a new set of objects will cause a bit more delay as the additional objects must be retrieved from the SMS instead of being cached (and searched) locally.  This also becomes readily apparent when there is high latency (>100ms) between the R80+ SmartConsole and the SMS as operations will become noticeably slower.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos

Re: Searching Network Objects in R80.xx is crippled

Hi,

also miss this "simple" and very useful feature in R80.x 😞

BR Stefan

0 Kudos

Re: Searching Network Objects in R80.xx is crippled

Perhaps this massive backwardness of functionality is not so well known to all who only do installations and upgrades( I assume when asking to try in Object explorer), but if you maintain Rulebases every day it is something that almost always means a (big) limitation.

Example: "Group with Exclusions": If you do not find all the objects that you expect for these "Exclusions", and have this object in the SRC field of a Allow Rule: that could lead to a security problem.

My first customers who had upgraded to R80 were surprised by this restriction and expected a return of the missing features in R80.10. Since both R80.20 and R80.30 (after 3 years) did not address this restriction, I have consistently noticed considerable displeasure among my customers. Again: EVERY R80 customer see this limitation several times a day. Frustration for Checkpoint is growing constantly.

Thanks
Martin

Re: Searching Network Objects in R80.xx is crippled

I just tested the search in Object Explorer in R80.30 and searched for a word I knew for sure was in the comments, it found both the name and comment occurrences.

Also in the normal list on the right side it finds things from the comments again.

Regards, Maarten
0 Kudos
Wolfgang
Silver

Re: Searching Network Objects in R80.xx is crippled

This a real and very bad limitation. Too on the newest release.
I can't understand why we can search for "server" getting resulsts and for "erver" and does not get any results. A working search function should be no problem.
I'm always wondering that CheckPoint is fighting again GenV security threads, going into the cloud to allow agile security management, but a simple search function is problematic.
Maybee we have to wait for this function for some more years.
Remember, everyone needs more then one working administrator and it tooks much more then 10 years to get this functionality.

I saw sk113603, from september 2016 describing this problem. Only three years ! Yes I'm sarcastic, but it is a shame to not have this simple search feature 3 years later.

Wolfgang

Re: Searching Network Objects in R80.xx is crippled

the SK says:
"Not finding objects when using substrings in the middle of the word, is an expected behavior."
at least most users expect something else 🙂

Re: Searching Network Objects in R80.xx is crippled

I've just tested this with R80.20. The seems to me that the algorithm is "cutting" the names/comments apart at white spaces and then tries to match your searchstring 1:1 onto each piece.

0 Kudos

Re: Searching Network Objects in R80.xx is crippled

It´s back-breaking and it´s hard to tell this "new" limitation every customer who i do an upgrade from R77.30 ….

 

0 Kudos