This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fcamus
Participant
‎2023-04-05 06:26 AM
Jump to solution

rad errors : "Failed to parse CP Site Response.", response expired several days ago.

Hi,

I have two clusters of CP 16200 running R80.40 T192 with thousands of internet users.

I started url filtering blade to block some application using https categorization (no https inspection).

It's working as expected, but i have now hundreds of "Failed to parse CP Site Response" logs in smartconsole.

$FWDIR/log/rad_events/Errors is full of error files (hundreds per minute).

In attach an example of flow error (proxy IP changed)

We are not using anti-virus or anti-bot.

I opened a case (SR #6-0003583350)  but for now, it doesn't help.

I have a strange "response expired" message in the error files : 

---------------------

[rad_xml_urlf.cpp:350] CRadXmlUrlf::listen: [INFO] Found response UTC: 1680631251
[rad_xml_urlf.cpp:359] CRadXmlUrlf::listen: [ERROR] response expired: seconds difference: 68797 now: Wed Apr 5 15:07:28 2023
response time: Tue Apr 4 20:00:51 2023

---------------------

In this example, response time is 68797s (=19 hours) before current time. This value varies from 40000 up to 400000s = more than 4 days.

I'm looking for the possible cause of such errors.

thanks,

fred

 

 

 

 

 

 

Preview file
50 KB
0 Kudos
1 Solution

Accepted Solutions
fcamus
Participant
‎2023-06-08 08:31 AM
Jump to solution

Hi

I reply to my post.

After a (painfull) case where TAC asked me to do some tuning, modify my custom application objects, the case reached R&D where it was rapidly identified that rad process refused the cached proxy reply.

The problem was resolved as soon as the proxy administrator disabled cache for cws.checkpoint.com

If rad doesn't accept cached response, it would be better to use the cache-control functionalities of http protocol !

So if you use proxy, verify that caching is disabled. Hope this will help some members.

 

fred

 

View solution in original post

1 Reply
fcamus
Participant
‎2023-06-08 08:31 AM
Jump to solution

Hi

I reply to my post.

After a (painfull) case where TAC asked me to do some tuning, modify my custom application objects, the case reached R&D where it was rapidly identified that rad process refused the cached proxy reply.

The problem was resolved as soon as the proxy administrator disabled cache for cws.checkpoint.com

If rad doesn't accept cached response, it would be better to use the cache-control functionalities of http protocol !

So if you use proxy, verify that caching is disabled. Hope this will help some members.

 

fred

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events