This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Timothy_Hall
Champion
Champion
‎2022-02-02 12:21 PM

Accelerated Policy Install & SecureXL Templates - Strange Interaction

When setting up the new CCSE R81.10 class lab exercises I ran into this somewhat strange interaction between the new Accelerated Policy Install feature and SecureXL templates which does not appear to be documented.

The lab scenario was adding the ALL_DCE_RPC service to a policy rule then install policy, and once this was done as expected all SecureXL templating is halted at that rule (#4 in this case) as shown by fwaccel stat:

acc1.png

Next step was to remove the ALL_DCE_RPC service from rule #4 and reinstall policy (which turned out to be accelerated), but once this was finished fwaccel stat was then showing the following, indicating that all SecureXL Accept/NAT templating was COMPLETELY dead and not just disabled from rule #4:

acc2.png

Needless to say this had me scratching my head trying to figure out what happened.  However once I realized that the prior policy installation was accelerated, it was just a matter of forcing an unaccelerated policy install (even with no other changes), which is performed by right-clicking on the gateway icon on the Install Policy screen like this and then hitting the Install button:

acc3.png

Once that was done normal SecureXL templating was restored.  Hopefully this will help someone else as fwaccel stat simply showing that templates were "disabled by firewall" with no further information was a tad confusing.

 

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
8 Replies
Kim_Moberg
Advisor
‎2022-02-02 12:34 PM

@Timothy_Hall 

I thougth it was a RnD easter eeg feature to force non accellerated policy ??

 

Best Regards
Kim
Kim_Moberg
Advisor
‎2022-02-02 12:38 PM

@Timothy_Hall 

I ser page 14 tells more about this non accelerated access policy. 😂

http://downloads.checkpoint.com/dc/download.htm?ID=108670

Best Regards
Kim
0 Kudos
Ilya_Yusupov
Employee
Employee
‎2022-02-02 12:58 PM
In response to Kim_Moberg

Hi @Timothy_Hall ,

 

Can you please share which JHF is installed? as i tried same procedure now in my lab and it works fine, unless i'm missing some steps in your scenario:).

 

Thanks,

Ilya 

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-02-02 01:17 PM
In response to Ilya_Yusupov

R81.10 Jumbo HFA Take 30

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
0 Kudos
Ilya_Yusupov
Employee
Employee
‎2022-02-02 01:33 PM
In response to Timothy_Hall

@Timothy_Hall ,

 

Thanks indeed replicates, i will take it tomorrow with our RnD to resolved it.

 

Thanks again for your feedback !!!

0 Kudos
the_rock
Legend
Legend
‎2022-02-02 03:55 PM
In response to Ilya_Yusupov

I also saw same behavior in R81.10 lab (2 single gateways + mgmt).

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-02-11 07:15 AM
In response to Ilya_Yusupov

I'd also like to request a way to permanently disable accelerated policy installs due to my latest run in with this feature:

https://community.checkpoint.com/t5/Security-Gateways/Accelerated-Policy-Install-amp-AD-Query-Wizard...

 

 

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
Timothy_Hall
Champion
Champion
‎2022-12-13 05:42 AM

FYI this templating issue appears to be fixed in R81.20 GA, not sure about whether the fix is included in a R81.10 Jumbo HFA; I don't see any reference to it as of R81.10 Jumbo Take 81.  @Ilya_Yusupov?

Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events