This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Udupi_krishna
Contributor
‎2018-12-14 04:11 AM

Application Control and URL filtering DB problem

Hey Everyone,

I am observing an odd behavior with a set of firewalls running on R77.30. All these firewalls are managed by the same SMS. App control and URL filtering blades are enabled on all these firewalls, and licenses are valid.

While I started to investigate because we had issues in blocking certain Websites, I identified that firewall's appi update status doesn't show anything on firewalls where we have an isssue.

[Expert@FW1:0]# cpstat appi -f update_status

Update status:
Update description:
Next update description:
DB version:

The working firewalls show the DB version and the update status, licenses are pretty clear.

[Expert@FW1:0]# cpstat appi -f subscription_status

Subscription status: valid
Subscription expiration date: Sun Mar 31 00:00:00 2019
Subscription description: Contract is up to date.

[Expert@FW1:0]# cat appi_status.C
(
:status (0)
:status_short_desc ()
:status_long_desc ()
:app_update_status ()
:app_update_description ()
:app_next_update_description ()
:app_db_version ()
:urlf_status_code (0)
:urlf_status_short_description ()
:urlf_status_long_description ()
:appi_rad_status_code (0)
:appi_rad_status_description ()
:urlf_rad_status_code (0)
:urlf_rad_status_description ("URL Filtering engine is up and running")
:app_subscription_expiration_date ("Sun Mar 31 00:00:00 2019")
:app_subscription_status (valid)
:app_subscription_description ("Contract is up to date.")
:urlf_subscription_expiration_date ("Sun Mar 31 00:00:00 2019")
:urlf_subscription_status (valid)
:urlf_subscription_description ("Contract is up to date.")

I ran curl_cli to updates.checpoint.com and secureupdates.checkpoint.com. Don't see any issues, except these errors.

* servercert: cp_verify_certificate returned: CRL_ERR_DOWNLOAD
* servercert: Warning:
Failed to download CRL from: http://crl.godaddy.com/gdroot-g2.crl

Not sure if the above output is related, because we have a firewall which can't event resolve these URLs but has necessary DB updated. Tried enabling/disabling App and URL blades, didn't change anything. Installed the latest jumbo, though I did not have enough evidence to proceed, but that did not change anything either.

Has anyone seen this behavior before. 

P:S - This behavior is seen on quite a set of firewalls, about 10 Cluster pairs to be specific.

4 Replies
PhoneBoy
Admin
Admin
‎2018-12-14 06:22 AM

The curl_cli command error is a red herring here as you need to specify the certificate store to validate HTTPS certificates with. 

Might first start and verify the blades are enabled on the relevant gateways: enabled_blades

I’d also recommend a TAC case if you haven’t already opened one.

Udupi_krishna
Contributor
‎2018-12-15 07:26 AM
In response to PhoneBoy

I can confirm that enabled_blades does show appi and urlf on the firewalls I am troubleshooting this issue on.

Engaging TAC now, will update this discussion thread once I have more information

0 Kudos
Manoj_Kumar2
Contributor
‎2018-12-17 05:49 AM
In response to Udupi_krishna

Hi Krishna,

I am facing the same problem but in my situation below output is showing the details:-

 
Update status:           failed
Update description:      Update failed.  Gateway can not access internet ('https://secureupdates.checkpoint.com/appi/v3_1_0/gw/appi_urlf_db_pkg.tar'). Check connectivity and proxy                                         settings.

Next update description: The next try will be within one hour.
DB version:              18121101

If you have raised the tac case do let me know the progress on this. Also in my situation everything is fine but since last 5-6days it stops updating the DB.

Thanks,

Manoj

 
 

 

0 Kudos
Flo
Contributor
Contributor
‎2020-10-23 07:02 AM

@Udupi_krishnahow do you fix this problem? Do you have a solution for me?

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events