Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
eth4_
Contributor

Errors on 3 blades - yet they're enabled and seem to be working, according to logging

We see this on an R81.10 gateway:

 

Error: 'URL Filtering' is not responding. Verify that 'URL Filtering' is installed on the gateway. If 'URL Filtering' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Gateway > General Properties > Check Point Products List). This error may occur if the Security Cluster is in Multi-Version Cluster mode. After upgrading all the cluster members to the same version, this error should disappear.

 

Error: 'Identity Awareness' is not responding. Verify that 'Identity Awareness' is installed on the gateway. If 'Identity Awareness' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Gateway > General Properties > Check Point Products List). This error may occur if the Security Cluster is in Multi-Version Cluster mode. After upgrading all the cluster members to the same version, this error should disappear.

 

Error: 'Application Control' is not responding. Verify that 'Application Control' is installed on the gateway. If 'Application Control' should not be installed verify that it is not selected in the Products List of the gateway (SmartDashboard > Gateway > General Properties > Check Point Products List). This error may occur if the Security Cluster is in Multi-Version Cluster mode. After upgrading all the cluster members to the same version, this error should disappear.

 

Output from 'fw stat' and 'enabled_blades':

[Expert@gateway:0]# fw stat
HOST POLICY DATE
localhost Perimeter 7Feb2024 16:06:12 : [>eth0] [<eth0] [>eth1] [<eth1] [>vpnt200] [<vpnt200] [>vpnt201] [<vpnt201] [>vpnt100] [<vpnt100] [>vpnt101] [<vpnt101]
[Expert@gateway:0]# enabled_blades
fw vpn urlf av appi ips identityServer SSL_INSPECT anti_bot content_awareness mon

We see logs for all three blades on this gateway:

image.png

So I'm thinking this is cosmetic but the OCD in me doesn't like seeing the splats on the overview page.  Also, this survives a reboot.

Anyone have any helpful suggestions?

0 Kudos
12 Replies
the_rock
Legend
Legend

I saw this few times in my labs before (on different versions) and way I fixed it was simply by installing policy and also database from smart console. Not sure if its cosmetic, but if blades are enabled and functioning, seems like it could be.

Best,

Andy

(1)
Lesley
Leader Leader
Leader

You running VSX? You cannot have those blades enabled in vs0 -> https://support.checkpoint.com/results/sk/sk106496

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
eth4_
Contributor

Hello, thank you for your reply, we are not running VSX.

0 Kudos
the_rock
Legend
Legend

When did you notice this? Any changes recently? ie upgrade, policy change, any other blades?

Best,

Andy

0 Kudos
eth4_
Contributor

It has been this way for several months but I haven't been too worked up about it because it seemed to be cosmetic.  I did try disabling the blades, install database, enable the blades and install database just prior to a service window to change affinity for CoreXL (which requires a reboot).  When the gateway came up from reboot the Identity Awareness blade error went away but the other two still show the error.

0 Kudos
the_rock
Legend
Legend

One easy fix (if it works of course) wuld be to disable those blades, install policy, re-enable, install policy again. No guarantee, but easy to try.

Best,

Andy

0 Kudos
eth4_
Contributor

Hello, 

Unless I'm missing something, it isn't that easy to do without re-writing my rulebase to remove dependencies for rules written on those blades?

0 Kudos
the_rock
Legend
Legend

Only way to know would be to uncheck it, save and see if it complains about anything.

Best,

Andy

0 Kudos
Lesley
Leader Leader
Leader

I think it will give messages if you disable blades that are in 'use'

Maybe we should focus on the mgmt and not gateways? Have you rebooted FWMGT? 

Maybe this SK helps:

https://support.checkpoint.com/results/sk/sk111944

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend

Thats good sk to follow, agree.

Andy

0 Kudos
CheckPointerXL
Advisor
Advisor

reboot mgmt fixed the issue for me last week

0 Kudos
the_rock
Legend
Legend

I always found rebooting the gateway fixed it for me, but does not hurt to reboot the mgmt, for sure...no downtime needed.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events