This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Fabz
Contributor
‎2023-09-20 04:31 AM

How to Manage a HCP Report

Hi Checkmates,

Since the auditor requested that I do a health check on all security devices, I discovered great tools from CP. I learned what the current condition of our FW is and what to do next from HCP.

Some discoveries I already know how to manage it, but a few others need double-check. And I have a question about that:

  1. Almost in the every FW had a Core Dumps issue, such as cpviewd and daemon. The suggestion is to contact TAC.
    Do I need to contact TAC to examine the FW because there is no problem with it right now? Or is this discovery simply information? Can I include it as a minor discovery?
  2. In VSX, we discovered that VS0, which is VS management, has the finding "Concurrent connections exceed the connection limit" and, once again, since this finding is not now affecting the operation, do I need to be concerned? Do you have any ideas how to validate this discovery?
  3. Last one is regarding Interface Errors [rx_fifo_errors], although the quantity is pretty low (under 20). checking in checkmates  and some SK This is due to latency. But currently is not impacting in the production.

What is the best time to run this feature? Monthly/Quarterly or Yearly?

 

Thank you 🙂

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-09-20 04:39 AM

Some answers, questions and suggestions:

1. How recent are those core dumps? How many of them do you have? Occasional crashes should not be of concern, but if you see them often recently, do go to TAC.
2. VS0, if only used for management purposes, should not bring this error. Most probably the tool is covering all VSs. Compare the numbers and act accordingly. I suspect a cosmetic issue, but it needs to be looked into.

3. A low and not growing number of errors should not raise a concern.

I would suggest to run HCP on a monthly basis or even more oftern.

(1)
Fabz
Contributor
‎2023-09-25 01:00 AM
In response to _Val_

Hi Val,
Thanks!

  1. Just 1 time, other FW max 2 time crash dump for 1 week. still acceptable right?
  2. The status is warning not critical. Peak Connection also under 200. This warning appears since the connection limit set to 0.
  3. Well noted!

Thanks for the answer @_Val_ !

0 Kudos
_Val_
Admin
Admin
‎2023-09-25 01:35 AM
In response to Fabz

Keep an eye on the crashes, if they come periodically it is probably something you want to take with TAC. The rest is just fine, in my opinion

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events