This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
luk89as
Participant
‎2024-08-02 06:32 AM

Report of general problems of CP1500 series

Hello,

I am writing to report notorious problems with several CP1550 and 1530 devices. The devices behave worse and worse after each update.

For example:

1. one of the devices started blocking all traffic entering the WAN

2. entered rules in firewall, SSL inspection, TP do not work properly often in logs I see connection rejection by CODE 1 error in Application Control or SSL inspection.

3. the devices do not keep the settings for forwarding in firewall SIP traffic. After every upgrade or reboot I have to remove SIP entries from firewall and add them again otherwise no connectivity.

4. several times I had to restore the devices to factory settings then upgrade to the latest firmware and rewrite the configuration manually. Restoring the configuration from backap does nothing as the database is probably corrupted.

5. the device can reboot itself and lose the SIP configuration.

I have the most problems with the stability of SIP connections. Many times I have to re-configure by deleting the entered entries in the rules.

I don't report this to the service center because the wait time to solve the problem is quite long sooner I restore the factory settings and enter the settings manually. Everything works until a reboot or power cut. At that point the devices lose stability.

In two other institutions I have run Fortigate devices a similar environment with a SIP PBX everything has worked without a problem for several months.

I no longer have the strength to constantly worry about whether SIP will work properly after an upgrade or reboot.

My SIP configuration is based on SIP UDP 5060, SIP RTP UDP 10K-20K and direct forwarding in the firewall. TP, SSL protection is disabled for these connections. I see an attempt to establish a connection to the telecom service provider's server but it is not set up. The telephone exchanges are provided by SLICAN Poland

In the new firmware version, I noticed a problem with QoS blade does not detect settings in the Internet connection

I would like to ask the person on the forum who has direct contact with Checkpoint Technicians to pass on my observations to them. Please pay attention to the performance of the SIP and the stability of the database itself because as far as I can tell it degrades corrupts after every upgrade or reboot of the device. The problem does not occur on one device but on a dozen so it lies with the firmware.

Due to the lack of improvement in the performance of Checkpoint SMB SPARK devices, I am forced to switch to the Fortigate solution (two test devices have been working stably and without problems for several months).

CP730/750 version behaved more stably but also not perfectly

8 Replies
PhoneBoy
Admin
Admin
‎2024-08-02 11:19 AM

What firmware versions are involved?
I assume these are locally managed?
Flagging @Amir_Ayalon 

0 Kudos
Lesley
Leader Leader
Leader
‎2024-08-03 12:55 PM

Open question how many of the above issues have you reported in a TAC case?

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Amir_Ayalon
Employee
Employee
‎2024-08-03 03:43 PM

Hi Luk

Thank you for your feedback. I see a lot of it is focused on SIP traffic.

I suggest to have a RS session with R&D and later work together (Via Task) until these issues are resolved.

Please send us and email and let's continue offline.

Amir Ayalon <amiray@checkpoint.com>;

Ohad Perets <ohadp@checkpoint.com>

Thanks

 

0 Kudos
Amir_Erman
Employee
Employee
‎2024-08-04 08:08 AM
In response to Amir_Ayalon

I second Amir Ayalon on this; Let's meet via Zoom and try to understand the problems and how to resolve them

Amir

0 Kudos
luk89as
Participant
‎2024-08-06 12:26 AM
In response to Amir_Erman

The QoS problem occurs on all Checkpioint that I have updated to the latest firmware version R81_10_10_996002993

Screen attached.

As for the SIP problems the problem also occurs on every device where I have a PBX . I found it on two CP 1550 and a private 1570 that I substituted for testing.

As I enter the configuration manually after restoring the factory settings SIP works improved. Just restarting the device or disconnecting the power supply and SIP no longer works. I have to restore factory settings from the beginning and configure everything manually.

I have set up a case at TAC regarding SIP.

Preview file
46 KB
Preview file
61 KB
0 Kudos
Lesley
Leader Leader
Leader
‎2024-08-06 02:09 AM
In response to luk89as

Any stuff here you forgot to configure or verify?

https://support.checkpoint.com/results/sk/sk113573

 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Naama_Specktor
Employee
Employee
‎2024-08-06 07:12 AM
In response to luk89as

Hi 🙂

My name is Naama Specktor, and I am checkpoint employee.

I will appreciate it if you will share TAC SR # , here or in PM.

thanks in advanced,

Naama Specktor

0 Kudos
luk89as
Participant
‎2024-08-07 06:09 AM
In response to Naama_Specktor

I had two sessions with Checkpoint engineers.

The problem was found according to my description and was repeated in the production environment.

It is quite strange and complex.

Logs have been downloaded and forwarded to the research department.

I am waiting to hear back from Checkpoint support.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events