This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
wladw
Explorer
yesterday
Jump to solution

External IOC feeds problem after update

Good morning

After update to 81.10.15 we facing problem with external IOC feeds: data fetched successfully, but traffic to a hosts behind the gateway does not get blocked. Before the update everything was fine

Log with fetch info:

Time: 2024-12-10T09:04:21Z
Id Generated By Indexer:false
First: true
Sequencenum: 1
Severity: Informational
Description: External IOC - Fetch succeeded
Type: Control
Blade: Anti-Virus
Origin: GTW-N1
Product Family: Threat
Description: Anti-Virus

Debug:

$FWDIR/bin/ioc_feeder -d -f

cpIsDir: Calling cpIsDirEx: No such file or directory
Using two-stage load
IPS package: Compiled OK.
ERROR: IOCTL command CPHWD_IOCTL_DOS_DENY_LIST_IPS_GET was not successful (ioctl.rc = CPHWD_IOCTL_RC_ERROR)
fwaccel_dos_ioctl_deny_list_ips_get returned false
ERROR: IOCTL command CPHWD_IOCTL_DOS_GET_NEXT_POLICY_ID was not successful (ioctl.rc = CPHWD_IOCTL_RC_ERROR)
ERROR: Failed to get next policy id
ERROR: IOCTL command CPHWD_IOCTL_DOS_DENY_LIST_IPS_GET was not successful (ioctl.rc = CPHWD_IOCTL_RC_ERROR)
fwaccel_dos_ioctl_deny_list_ips_get returned false
ERROR: IOCTL command CPHWD_IOCTL_DOS_GET_NEXT_POLICY_ID was not successful (ioctl.rc = CPHWD_IOCTL_RC_ERROR)
ERROR: Failed to get next policy id
Signatures loaded successfully

Our feed format:

#! DESCRIPTION = TEST,,,,,,
#! REFERENCE = TEST,,,,,,
# Uniq-Name,#Value,#Type,#Confidence,#Severity,#Product,#Comment
8.8.8.8,8.8.8.8,IP,high,high,AB,2024-12-10 13:18:46 CheckPoint WebUI/SSH access from unallowed source
 

Also, after the update, such logs no longer appear:

Снимок экрана 2024-12-10 134540.png

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
yesterday
Jump to solution

Better step back to R81.10.10 that is the recommended stable version !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

(1)
4 Replies
G_W_Albrecht
Legend Legend
Legend
yesterday
Jump to solution

Better step back to R81.10.10 that is the recommended stable version !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
wladw
Explorer
yesterday
In response to G_W_Albrecht
Jump to solution

The problem was solved after rollback 

Снимок экрана 2024-12-10 165556.png

 

0 Kudos
the_rock
Legend
Legend
yesterday
In response to wladw
Jump to solution

I agree with Chris. I would open TAC case and see if they possible have fix for it. Though @G_W_Albrecht is absolutely right, as per below sk, it does show recommended version at the moment.

https://support.checkpoint.com/results/sk/sk179615

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
yesterday
Jump to solution

Please report the issue to TAC for further investigation 

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events