Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Florian_B
Participant

fwkern.conf modified at boot.

Hi, first time posting here. Apologies in advance for my limited english : )

 

So, we've been working with Checkpoint for years now, but since the 80.40 Jumbo 100 update applied a few days ago, the strangest bug happens.

 

At boot, the fwkern.conf file is being backup in a new file, copy_fwkern.conf, and a line added at the end of the custom fwkern.conf. But the addition is messed up, and If I reboot with this fwkern.conf, the gateway is stuck at loading.

So, I believe is was a problem due tu multiples updates on top of another. I re-done a gateway (we are in high availability cluster) from scratch, starting with the r80.40 iso, and then patching up to latest jumbo 100. No restore, no snapshot used. Same behaviour.

This is my fwkern.conf :

cphwd_nat_templates_support=1
cphwd_nat_templates_enabled=1
enhanced_ssl_inspection=0
bypass_on_enhanced_ssl_inspection=1
fwha_resend_arp_unicast=1
fwha_forw_packet_to_not_active=1
fwha_arp_forward_standby=1

 

after a reboot :

cphwd_nat_templates_support=1
cphwd_nat_templates_enabled=1
enhanced_ssl_inspection=0
bypass_on_enhanced_ssl_inspection=1
fwha_resend_arp_unicast=1
fwha_forw_packet_to_not_active=1
fwha_arp_forward_standby=1


nac_max_enforced_identities=90000

 

Doesn't matter if I put the file in read only, since it's regenerated at boot... Before opening a ticket, have you some stuff to look at ?

 

Thx 🙂

Florian -

 

 

 

 

 

0 Kudos
7 Replies
genisis__
Leader Leader
Leader

I would open a TAC case regardless

0 Kudos
Florian_B
Participant

Yes, I did too, I'm waiting for the support now. It's really strange. If I delete fwkern.conf, It comes back after a reboot, with the same nac_max_enforced_identities=90000 line only... So something is generating or adding this line to the file, but I really don't know what... Especially since it's doing the same thing on a "brand new" gateway too...

0 Kudos
genisis__
Leader Leader
Leader

I don't have the entry in our systems but we are running JHFA91 at the moment.

0 Kudos
Florian_B
Participant

We didn't have the problem with the Take 93. It's really since the Take 100... I'll let you know what the support says.

0 Kudos
genisis__
Leader Leader
Leader

Great,  have you also seen reduced CPU utilisation since applying JHFA100?  

Also are you running Identity Awareness blade?  Wondering if it has something to do with that parameter.

0 Kudos
PhoneBoy
Admin
Admin

The parameter name suggests it's related to Identity Awareness.

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

I would open a TAC case.

As an emergency solution. You can also set the file with an "s" or "t" bit, then it can no longer be overwritten by the system:

chmod u+s fwkern.conf

The chmod command is also capable of changing the additional permissions or special modes of a file or directory. The symbolic modes use 's' to represent the setuid and setgid modes, and 't' to represent the sticky mode. The modes are only applied to the appropriate classes, regardless of whether or not other classes are specified.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events