This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamilazat
Advisor
a week ago

LDAP connections are not closed and accumulating on the gateway

Hello everyone.

We have a recurring situation. Some time ago we noticed that the output of fw ctl conntab | grep '<IP-of-LDAP-server,389' | wc -l kept increasing to a point that it started showing numbers bigger than the number of users. We opened a TAC ticket, tried changing the priority of the problematic server from 1 to a higher number and it didn't work. What worked was deleting the server and readding with lower priority. The problem was observed in multiple gateways that used that server.

Now, more than a year later, the same problem is occurring with the same ldap server. Back then we thought that something got 'stuck' somewhere and readding simply resolved it. But now the fact that it is happening again on gateways with different versions (varying from R81.10 Take 110 to R81.20 Take 41) is pretty confusing. Currently the only potential solution is to do what we did in the previous incident.

I am thinking of opening a TAC ticket again, but have a hunch that they will tell us to do the same thing and won't tell us why this is happening in the first place. And we have the experience of not getting satisfactory answers to 'why' questions as long as the issue at hand is not critical.

So before asking for a blind help from TAC, I feel consulting you guys' experience and knowledge will give me some insight.

Thanks as always.

 

Cheers!

0 Kudos
1 Reply
Lesley
Mentor Mentor
Mentor
a week ago

- What is the difference between the problem server and other servers (think about software version, network location etc).

- Do you use IDC? If not would recommend to move over from adquery to IDC (just checking)

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_IdentityAwareness_AdminGuide/Topic...

- Would also recommend to step over from 389 to 636, this maybe also could solve the issue. Also best practice from security point of view. Read this first before you consider. 

https://support.checkpoint.com/results/sk/sk42905

- Have you tried to remove and recreate the ldap account unit itself? Do all servers have all same priority (would recommend)

If the issue is active, leave it and contact TAC. If you do the workaround and it is solved it is very hard to troubleshoot

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events