cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

URL and Application blade issues

Jump to solution

We had issues with app control and url filtering blade today and this fixed our issues per recommendation from TAC..

 

cd $FWDIR/appi/update/
curl_cli -O http://secureupdates.checkpoint.com/appi/v4_0_1/gw/appi_db.C.tmp
mv appi_db.C.tmp appi_db.C
fw load_sigs

2 Solutions

Accepted Solutions
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

As the relevant R&D group manager, I can share that:

  1. An updated package whit a resolution was available online at Tuesday, April 23, 2019 11:30:00 PM GMT+03:00 DST
  2. The issue only affected a small subset of our URLF customers on R80.X.
  3. We're conducting our own RCCA, but that will take some time.
  4. I will share more information about our findings early next week.

 

0 Kudos

Re: URL and Application blade issues

Jump to solution

Hello all,

The issue with the update is expected to be resolved now. However, if you are still experiencing it, here is the workaround (mostly mentioned above already).

 

Firstly, the symptoms:

-        APPI is no longer working with the following error messages:

[ERROR]: appi_app_db_get_app_log_data: failed getting application object from hash

-        Issue occurs after URLF/APPI database update

 

The workaround:

Local revert procedure [NOTE: This is only relevant for R80.X GWs]:

  1. Download the following file: http://secureupdates.checkpoint.com/appi/v4_0_1/gw/appi_db.C.tmp
    for example, by using the mentioned command: 
    curl_cli -O http://secureupdates.checkpoint.com/appi/v4_0_1/gw/appi_db.C.tmp
  2. Copy it on the GW to: $FWDIR/appi/update/
  3. Rename it to appi_db.C
  4. Load signatures with “fw load_sigs”

 

Some clarifications from developers:

  1. The workaround above won’t affect the online update. Once the unified URLF & APPI package is ready it will auto download as usual
  2. There is a chance that the workaround will be needed twice since the most common case GW check for updates every 2 hours while the Unified package takes up to 4.5 hours to be online.
  3. The best way to verify that you have fixed online package is to:
  4. Run “cat $FWDIR/appi/update/Version”
  5. You should see something like:
(
   :pkg_file_name ("appi_urlf_db_pkg.tar")
   :md5sum ("0e8f4e2b5d1172413fce76d31728e3cb")
   :pkg_version (230419_5)
   :appi_version ("220419_1")
   :urlf_version ("230419_5")
   :pkg_timestamp (1556039502)
   :appi_filename ("appi_db.C.tmp")
   :urlf_filename ("urlf_db.bin.tmp")
)

The workaround is needed until the package version (highlighted) shows 230419_6 / 240419_1 or higher

 

If after all the steps above the issue is not resolved, please open a TAC case at once.

40 Replies

Re: URL and Application blade issues

Jump to solution

Hi!

This started yesterday. I saw this issue customers running on R80.10

Support should give you valid appi db file and after this is recommendation to move it to current one:

1.    Download the following file: appi_db.C.tmp

2.    Copy it on the gw to: $FWDIR/appi/update/

3.    Rename it to appi_db.C

4.    Load signatures with “fw load_sids”

BR

Vato

0 Kudos

Re: URL and Application blade issues

Jump to solution

What did it effect exactly,

 

we had a problem with SMTP over TLS which Check Point started to drop yesterday afternoon without any clear reason

0 Kudos

Re: URL and Application blade issues

Jump to solution
It basically didn't match anything on application layer policies, everything got dropped on clean up rule..
0 Kudos

Re: URL and Application blade issues

Jump to solution

The same here. Everything as you described.

If you restart the firewall it will block all the traffic. You need to change db file without reboot

0 Kudos

Re: URL and Application blade issues

Jump to solution

I just talked to support 

 

you can verify the issue with the following command:

 

grep -i appi_app_db_get_app_log_data /var/log/messages*

 

and get

 

"pp_db_get_app_log_data: failed getting application object from hash"

 

Nasty bug!!!

 

Does it occur only in R80.10 or also other versions?

0 Kudos

Re: URL and Application blade issues

Jump to solution

We have only seen it on r80.10 in our customers estates at the moment.

 

Does a policy push then overwrite these values/files  ? or are we safe to carry on as normal once the TAC workaround is in place?

thanks

Peter

0 Kudos

Re: URL and Application blade issues

Jump to solution

So far I saw only R80.10 with automatic updates enabled on the gateway side.

There is no sk for this. support center should create it for other customers as soon as possible. It is not a lite bug it makes a big problem to the production environment

BR
Vato

0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution
Hi Shahar,

nice seeing you here 🙂
The issue has been resolved yesterday IL time, can you update if if suffer form this now?
Thanks...
--Mor
0 Kudos

Re: URL and Application blade issues

Jump to solution
Hi Mor,
Good to see you as well.
Yesterday we had to manually change some rules from Appi objects to legacy ports which solved the issue.
At the moment we don't experience it but we don't know if we have the issue until we go back to Appi objects in policy. I get confuse messages from TAC about if it still exists or not. as you see from my previous post it seems that the issue still exists

I can confirm that my package version is:

pkg_version (240419_3)
0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Any WA you have applied is not needed anymore.

TAC is getting their updates from me.

Your package version is fine, please let me know if you suffer  anything related to this case.

 

0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Hi Vato,

 

Can you please enable online online update and clarify if the issue has been resolved for you?

There is no need to apply any workarounds any this phase.

 

Thanks....

   --Mor

0 Kudos
LukeOxley
Ivory

Re: URL and Application blade issues

Jump to solution

The fix has worked for us.

Has anyone verified if a reboot / policy install overwrites the fix? My thoughts are that it probably will. If so, what is being done to counteract this?

0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution
Reboot/Policy install will not affect the fix since the online package has been updated yesterday night (IL timezone).
this has been verified in our lab.
0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Hi All,

 

The issue has been resolved ~15 hours ago.

No need for manual overrides or turning off Automatic Updates.

 

Thanks...

   --Mor

 

0 Kudos

Re: URL and Application blade issues

Jump to solution
I didn't disable auto updates, i just applied fix and afterwards it started to work again..
0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Hi Martin,

 

Can you re-enable online update and reply if the issue has been resolved for you?

Thanks...

   --Mor

0 Kudos

Re: URL and Application blade issues

Jump to solution

In our case, we tried to turn-off turn-on automatic updates but it was not getting it. Only db replacement is solving it. 

0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Can you please share the output of:

cat $FWDIR/appi/update/Version 

0 Kudos

Re: URL and Application blade issues

Jump to solution
cat $FWDIR/appi/update/Version
(
:pkg_file_name ("appi_urlf_db_pkg.tar")
:md5sum ("fc4ceae34aecb0394c17109687dcff1a")
:pkg_version (240419_3)
:appi_version ("140419_1")
:urlf_version ("240419_3")
:pkg_timestamp (1556091487)
:appi_filename ("appi_db.C.tmp")
:urlf_filename ("urlf_db.bin.tmp")
0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

10x, looking great.

Any pkg version => 240419_1 (yours is 240419_3) should work without any issues.

0 Kudos

Re: URL and Application blade issues

Jump to solution

@Mor_Himi  shoulnd't be here https://status.checkpoint.com/ any sort of note ?

0 Kudos
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

Good question.

Since the issue and its resolution didn't involve any of our cloud services it doesn't seem like the correct place.

I will however check internally how best to communicate such incidents going forward.

0 Kudos

Re: URL and Application blade issues

Jump to solution
Thanks, at least some official statement, since we'll need to do RCCA on our side for this.
Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

As the relevant R&D group manager, I can share that:

  1. An updated package whit a resolution was available online at Tuesday, April 23, 2019 11:30:00 PM GMT+03:00 DST
  2. The issue only affected a small subset of our URLF customers on R80.X.
  3. We're conducting our own RCCA, but that will take some time.
  4. I will share more information about our findings early next week.

 

0 Kudos

Re: URL and Application blade issues

Jump to solution

Hello all,

The issue with the update is expected to be resolved now. However, if you are still experiencing it, here is the workaround (mostly mentioned above already).

 

Firstly, the symptoms:

-        APPI is no longer working with the following error messages:

[ERROR]: appi_app_db_get_app_log_data: failed getting application object from hash

-        Issue occurs after URLF/APPI database update

 

The workaround:

Local revert procedure [NOTE: This is only relevant for R80.X GWs]:

  1. Download the following file: http://secureupdates.checkpoint.com/appi/v4_0_1/gw/appi_db.C.tmp
    for example, by using the mentioned command: 
    curl_cli -O http://secureupdates.checkpoint.com/appi/v4_0_1/gw/appi_db.C.tmp
  2. Copy it on the GW to: $FWDIR/appi/update/
  3. Rename it to appi_db.C
  4. Load signatures with “fw load_sigs”

 

Some clarifications from developers:

  1. The workaround above won’t affect the online update. Once the unified URLF & APPI package is ready it will auto download as usual
  2. There is a chance that the workaround will be needed twice since the most common case GW check for updates every 2 hours while the Unified package takes up to 4.5 hours to be online.
  3. The best way to verify that you have fixed online package is to:
  4. Run “cat $FWDIR/appi/update/Version”
  5. You should see something like:
(
   :pkg_file_name ("appi_urlf_db_pkg.tar")
   :md5sum ("0e8f4e2b5d1172413fce76d31728e3cb")
   :pkg_version (230419_5)
   :appi_version ("220419_1")
   :urlf_version ("230419_5")
   :pkg_timestamp (1556039502)
   :appi_filename ("appi_db.C.tmp")
   :urlf_filename ("urlf_db.bin.tmp")
)

The workaround is needed until the package version (highlighted) shows 230419_6 / 240419_1 or higher

 

If after all the steps above the issue is not resolved, please open a TAC case at once.

Re: URL and Application blade issues

Jump to solution
what about on r77.30?
0 Kudos

Re: URL and Application blade issues

Jump to solution

Should work just fine

Employee+
Employee+

Re: URL and Application blade issues

Jump to solution

indeed as Valeri mentioned, R77.X wasn't affected.

0 Kudos

Re: URL and Application blade issues

Jump to solution

It sounds like a non-technical question but what is the best we can answer to customers who involved this issue and asking: How can we be sure it will not happen again?

BR
Vato

0 Kudos