This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Timothy_Hall
Legend Legend
Legend
‎2020-04-01 08:06 AM

R80.40: fw ctl set int XXX -a errors

While writing the R80.40 addendum for my book, I've come across some strange behavior when setting SIM kernel variables in R80.40 in the context of disabling anti-spoofing "on the fly":

[Expert@gw-38a56d:0]# fw ctl get int sim_anti_spoofing_enabled -a
FW:
Get operation failed: failed to get parameter sim_anti_spoofing_enabled
PPAK 0: sim_anti_spoofing_enabled = 1


[Expert@gw-38a56d:0]# fw ctl set int sim_anti_spoofing_enabled 0 -a
PPAK 0: Get before set operation succeeded of sim_anti_spoofing_enabled
Set operation failed: failed to get parameter sim_anti_spoofing_enabled
set: Operation failed
Killed


[Expert@gw-38a56d:0]# fw ctl get int sim_anti_spoofing_enabled -a
FW:
Get operation failed: failed to get parameter sim_anti_spoofing_enabled
PPAK 0: sim_anti_spoofing_enabled = 0

Clearly the set command is working correctly but throwing all kinds of errors and giving a strong impression that it did not work.  Didn't see this error output in R80.20 and R80.30.  This is on vanilla R80.40, and I don't see any mention of this behavior in the R80.40 Jumbo HFA.  Can someone from R&D explain if there is some better way I should be setting SIM kernel variables as it definitely doesn't seem happy with this technique. Setting "regular" fw kernel variables works fine with no errors.  Tagging @PhoneBoy 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
1 Reply
shais
Employee
Employee
‎2020-04-02 12:32 AM

Hi,

The "fw ctl set int" command was changed during R80.20 to allow changing both FW and PPAK global variables.

The command will try to set the variable at the same time in FW and PPAK - if the variable only exist in one of them then the other will fail.

In your examples below, you tried to set global parameter that exist only in PPAK, because of that you can see that FW is failing (no such parameter) and PPAK manage to get/set the parameter 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events