- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
For the past few days we have been fighting a battle to get JHF 217 installed on a pair of 6600 gateways running R80.30 (we even have a TAC case open but no 6600 devices in the lab for TAC to test on). When a manual import is done through CPUSE UI it just hangs and never imports. When you import through CLI using 'installer import local /blah/yay/JHF.tgz' the command prompt immediately goes back to the clish prompt and says the package was imported successfully but never went through the interactive import prompts. Viewing the packages imported then shows nothing. Today we took it one step further and completely disabled MDPS, rebooted, and were able to use CPUSE in the UI as well as CLI commands, everything worked as expected.
I see sk169576 stating that cloning when MDPS is enabled fails because of the xinetd service needs to be bound to the mplane. Does anyone know what services, if any, need to be added to the mplane above the default added when MDPS is enabled, to get CPUSE working properly? Below is a list of the services/tasks that are added when enabling MDPS.
add mdps task process cloningd
add mdps task process httpd2
add mdps task process ntpd
add mdps task process snmpd
add mdps task process snmpmonitor
add mdps task service cpri_d
add mdps task service ntpd
add mdps task service sshd
add mdps task service syslog
Thanks in advance!
- Mike
The fix for this issue is below.
add mdps task process DAService
add mdps task process AutoUpdater
save config
Reboot Gateway
You can also cat /proc/<PID OF DAService>/nsid to verify which plane DAService is running in. Prior to the commands above, plane is "0", after commands and a reboot, you should observe "1" in nsid.
Aviad_Hadarian
Hi @Mike_A , you will need to update cpuse the most up-to-date release in order to "move" it into management plane tasks
Thanks @Aviad_Hadarian, correct. The Deployment Agent was updated as I believe it was stated this was "fixed" in the newest version although the mdps commands are not set automatically for DAService/AutoUpdater like they are for the others like sshd, syslog, etc. The import still failed with 1959, only until the commands above were added.
Will the DAService/AutoUpdater commands be auto set in future releases when mdps is enabled?
- Mike
Aviad_Hadarian
Hi @Mike_A , The answer is yes.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY