Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sagar_Manandhar
Advisor

TE appliance not downloading the image

hi, 

I am using 1000X te appliance and it showing the error as it not been able to download the image. When i execute the "tecli advanced download images" it give the message that the daemon is not running. And "$FWDIR/log/te_file_downloader.elg " is showing no such file or directory exist . i have installed the latest hotfix take290 in the TE appliance.

Smartview monitor is showing the error "

Error: 'Threat Emulation' is not responding. Verify that 'Threat Emulation' is installed on the gateway. If 'Threat Emulation' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Security Gateway > General Properties > Software Blades List).
 

I have not added the TE to any gateway for now. First i need to download all the images before adding it to gateway. 

Regards,

Sagar

16 Replies
AlekseiShelepov
Advisor

Could you show the output of enabled_blades command from expert mode on this appliance?

Have you installed any policy on it?

Could you tell what you already did with this appliance after it got into your hands?

As I understand, you need now to connect it to management server, install policy which says that this appliance has Threat Emulation blade enabled, then you would be able to do all the TE things and settings.

TE1000X and TE2000X Appliances Getting Started Guide

Threat Prevention Administration Guide R77

Also, latest Jumbo Hotfix Accumulator for R77.30 is Take_302.

Sagar_Manandhar
Advisor

the step i have done till now is:

-Initial setup the TE1000X appliance as gateway and assigned it the IP with access to the internet.

- Installed junbohotfix take292

-SIC establish the TE with the management which include 15000 gateway.

- enable Threat emulation blade of TE device to emulation locallay on the 1000X device.

--------------------------------------------------------------------------------------------------------------------------

Remaining-

-assigned the TE to 15000 gateway for emulation and extraction.

-------------------------------------------------------------------------------------------------------

quries:

-do management and gateway need the latest hotfix?

- do management and gateway need access to internet to download the images?

-do i need to assigned the te to the gateway before it start to download the images?

AlekseiShelepov
Advisor

As far as I know, there is no requirement to have the same version of Jumbo Hotfix on a management server and on a gateway, but it is a good practice, it will help to avoid some possible issues.

A TE gateway needs access to internet to download images and updates for blades. A management server needs access to internet to be able to choose more images (not standard ones) in SmartDashboard - Not all images for emulation on SandBlast TE1000X . Access to internet though proxy is the best option in my opinion.

You can download images on your own (for offline gateways) by following sk92509. There are several packages with different numbers of images.

If by assigning a TE to a gateway you mean to configure sending files for emulation, then I believe it is not required to download images. But the TE device must have some policy with ThreatEmulation blade enabled.

0 Kudos
Sagar_Manandhar
Advisor

when entering any tecli commands it show the message "daemon did not respond or not running!" . What does this mean? 

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

It means that ted (the thread emulation daemon) is not running.

So you have a very basic problem with the daemon itself.

If you enabled the TE blade for this appliance you will most likely see TED core dumping.

Can you post the content of $FWDIR/log/ted.elg ?


Regards Thomas

Sagar_Manandhar
Advisor

it doesn't contain such file.

List of file int $FWDIR/log 

avi_del_tmp_files.elg cpdiag_facilitator.elg fw.adtlog fw.logLuuidDB fw_setsync.elg sam.dat tecli.elg.1
blob cphttpd.elg fw.adtlogaccount_ptr fw.logaccount_ptr fwd.elg sessiond.elg tecli.elg.2
c-icap dtls_spool fw.adtloginitial_ptr fw.loginitial_ptr kav_del_tmp_files.elg stormd.elg tecli.elg.3
captures_repository dtls_temp fw.adtlogptr fw.logptr packets_captures tecli.elg upgrade_log-1509511768.elg
cpdiag.elg epq.elg fw.log fw.logtrack rtmd.elg tecli.elg.0 upgrade_result

HeikoAnkenbrand
Champion Champion
Champion

Is the TED process running?

You see the process with:
# ps -aux | grep ted

Restart Check Point blades and watch the TED service. Does it show error messages?

# cpstop

# cpstart

Can you see errors in:

# more $FWDIR/log/ted.elg

If that doesn't help, see ATRG: Threat Emulation 

I already had problems with new Jumbo hotfixes. We're currently running 292 and not 302. We don't have a problem with that.

Regards

Heiko

➜ CCSM Elite, CCME, CCTE
Sabine_Freimann
Participant

We also have a problem with Jumbo Hotfix 302 and have a ticket open. It is better to use 292 as Heiko described it.

0 Kudos
Sagar_Manandhar
Advisor

manually started the ted process and the file contain following:

[Expert@KTM-ENT-TE:0]# more $FWDIR/log/ted.elg
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: daemon starting
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: Environment variable TE_UPDATES_HOME exists. value is /var/log/files_repository
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: register to AMW policy install
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: intialize contract manager
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: failed reading file
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: failed getting cluster uid
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: in fetchData - failed getting settings_uid from local.gw_set
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: failed to get the object's UID, using default ID: 1
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: failed reading schema file.
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: start monitoring
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: daemon reconf (FW1)
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: failed reading file
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: failed getting cluster uid
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: in fetchData - failed getting settings_uid from local.gw_set
[ 12640 4155692736][10 Apr 6:36:46] [TE_SM]: SchemaManager: failed to get the object's UID, using default ID: 1
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: TE is disabled by policy. Shutting down.
[ 12640 4155692736][10 Apr 6:36:46] [TE (TD::Surprise)] te::EngineUpdates::SendCurrentUpdateRevision: Did not read revision file: /opt/CPsuite-R77/fw1/teCurrentPack/r
evision_data Not necessity an error
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: Don't ask Update file repository to save some version
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: daemon end
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: stop monitoring
[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: unregister to AMW policy install
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: daemon starting
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: Environment variable TE_UPDATES_HOME exists. value is /var/log/files_repository
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: register to AMW policy install
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: intialize contract manager
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: failed reading file
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: failed getting cluster uid
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: in fetchData - failed getting settings_uid from local.gw_set
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: failed to get the object's UID, using default ID: 1
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: failed reading schema file.
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: start monitoring
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: daemon reconf (FW1)
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: failed reading file
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: failed getting cluster uid
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: in fetchData - failed getting settings_uid from local.gw_set
[ 15559 4155864768][10 Apr 6:38:02] [TE_SM]: SchemaManager: failed to get the object's UID, using default ID: 1
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: TE is disabled by policy. Shutting down.
[ 15559 4155864768][10 Apr 6:38:02] [TE (TD::Surprise)] te::EngineUpdates::SendCurrentUpdateRevision: Did not read revision file: /opt/CPsuite-R77/fw1/teCurrentPack/r
evision_data Not necessity an error
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: Don't ask Update file repository to save some version
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: daemon end
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: stop monitoring
[ 15559 4155864768][10 Apr 6:38:02] [TE_TRACE]: unregister to AMW policy install

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I see many ClusterXL ID issues. Check the ClusterXL ID and restart the Check Point services.

Here you can see the actual ClusterXL ID:

# tcpdump -i <ethx> -vvv -nnn -e port 8116   

I think you should set the ClusterXL ID correct:

# vi /var/opt/fw.boot/ha_boot.conf

cphaconf cluster_id set <xyz>

# cpstop

# cpstart

Regards

Heiko

➜ CCSM Elite, CCME, CCTE
0 Kudos
AlekseiShelepov
Advisor

But should it have a cluster ID at all? It is a TE appliance, which should not be a member of a cluster, as I understand.

And there should be no need to configure conf files manually, there are recommended commands for cluster id:

# cphaconf cluster_id get
# cphaconf cluster_id set <id_value>

Sagar Manandhar could you show outputs of:

# enabled_blades

# fw stat
# cphaprob stat
# cpconfig

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus


[ 12640 4155692736][10 Apr 6:36:46] [TE_TRACE]: TE is disabled by policy. Shutting down.

You seem to have a configuration issue - can you share your TP policy settings ?


Regards Thomas

Sagar_Manandhar
Advisor

hi, 

Even i have been contacting the TAC for a while and they are not being to able to resolve the issue,. They are suggesting me to upgrade the image of TE appliance as it has been using the older version. Can anybody provide me the latest link of TE1000x ?

0 Kudos
AlekseiShelepov
Advisor

I suppose this one:

R77.30 Gaia Clean Install for 3000 / 5000 / 15000 / 23000 / TE100X / TE250X / TE1000X / TE2000X Sand... 

R77.30 image with support for SHA-256 based certificates T22 for all blades / features.

Note: To install R77.30 Jumbo Hotfix Accumulator on top of this ISO image, must use Take 216 and above.

Thomas_Werner
Employee Alumnus
Employee Alumnus

Be sure to apply JHF292 afterwards as it contains important TE and TX fixes.

Regards Thomas

Sagar_Manandhar
Advisor

with help of tac i am being able to download the images as they upgrade the TE engine . Almost all image are in ready state but Win10 is in initializing stat for more than 24hrs. Even tries some SK ko resolve the issue but its not coming in ready state and tried to reinitialized the image but win10 is not coming in ready state.

Is there anything i m missing?

Output

Summary
-------
3 images (out of 4) are ready
1 image is currently being initialized.

Win10 64b,Office 2016,Adobe DC
------------------------------
UID: 10b4a9c6-e414-425c-ae8b-fe4dd7b25244
Revision: 11
Status: Initializing
Size: 6.36GB
Start Download Time: Thu Apr 12 04:06:04 2018

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events