This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
SPM
Contributor
‎2024-10-04 10:35 AM

Generic Datacenter object push interval to gateway

In settings  of Generic Datacenter object you can specify the pull interval,  how often management server should update object from the source URL.

But what is push interval to the gateways where this object used in policy rules?

From my experiments on R81 Take92 management server

I am getting around 15 minutes(!) delay between change of the object on management server and enforcement of the change on gateway.

cloud_proxy.elg  shows no errors

Is it by design such interval or where to look for issue or how to change that interval?

 

 

0 Kudos
5 Replies
the_rock
Legend
Legend
‎2024-10-04 11:09 AM

I believe from memory its 300 seconds = 5 mins

0 Kudos
SPM
Contributor
‎2024-10-04 02:00 PM
In response to the_rock

It looks like it is not  5min  but 15min

here is from cloud_proxy.elg  end of one request to push changes to gateway and start of the other

04/10/24 18:39:36,063 INFO ida.api.IDACpridRequestSenderClient [gateway-updater_CP1]: Response from gw xx.xxx.xxx.xxx is 'OK'
04/10/24 19:43:35,344 INFO ida.api.IDACpridRequestSenderClient [gateway-updater_CP1]: Sending update to gw xx.xxx.xxx.xxx: #!/bin/bash

 

one set of objects were changed at 04/10/24 19:29, and the other at 04/10/24 19:35

(there were no more changes since last push at 04/10/24 18:39)

 

Where can I look for this push interval value?

0 Kudos
the_rock
Legend
Legend
‎2024-10-04 06:13 PM
In response to SPM

I thought there was command to check it, but I could be wrong.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-10-05 07:44 AM

How many gateways are involved in the environment with these objects in the policy?

vsec.conf otherwise holds relevant parameters.

 

CCSM R77/R80/ELITE
0 Kudos
SPM
Contributor
‎2024-10-05 11:31 AM
In response to Chris_Atkinson

there are only 2 gateways where these objects used in the policy rules

here is from vsec.conf

# delay time between GW update cycles
enforcementUpdateIntervalTime=10

# TTL (mins) for objects expiration on GW in case
# there are no updates from the Controller
enforcementSessionTimeoutInMinutes=10080

autoUpdateIntervalInSeconds=30

# max number of GWs to update concurrently
enforcementThreadPool=5


# Generic Data Center scanner config
ctf.scannerInterval=60
ctf.deleteTemporaryFiles=true
ctf.ignoreInvalidContent=false
ctf.scanningLogsOn=false
ctf.scanFlatListFiles=false

 

I suppose this parameter ( ctf.scannerInterval=60 ) determines push interval. So it should be 1min.

 

here is a full timeline from another test:

05/10/24 20:23  - Object changed,  1 IP address (lets say it 192.0.2.2) added 

05/10/24 20:38  - Object changed,  IP address removed (the same as was added 15min ago, i.e. 192.0.2.2)

05/10/24 20:40 - Changes detected and pushed to gateways but with IP address 192.0.2.2 that was added 17min ago and removed 2 min ago

05/10/24 20:49 - Changes detected and pushed to the gateway with IP address  192.0.2.2 removed

 

No other Generic Datacenter objects where changed during that period, so no interference from other changes.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events