- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: remove proxy config
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
remove proxy config
we used to get all ips and other updates via a proxy,
we are decommissioning these but the mgmt boxes are still going to proxy for signature checks
where in the CLI can i find where the proxy setting has stuck, even though its turned off in gui and smartconsole
this is for R81
thanks
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
sigcheck.checkpoint.com | Blocked | 72.247.177.81 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you check all areas of SmartConsole including the object itself and global properties?
Menu > Global Properties > Proxy
Object > Network Management > Proxy
clish > show proxy
After the change does the issue persist even following a cpstop/cpstart or reboot?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
I work with Steve and I've been looking into this issue. We've checked all proxy configuration on the appliances themselves and also via SmartConsole, all of which don't have the proxy settings configured. The appliances/management platforms have been rebooted following the removal of the proxy configuration.
I've identified the proxy configuration remains under the ics_configuration > signature > updates > proxy_address of the management platform database - this was identified with GuiDBedit.
From what I understand this section is applicable for threat prevention signature updates. We're in the process of decommissioning our proxies and having the proxy configured may cause us a problem once they've been turned off.
Are you able to confirm whether my understanding is correct? i.e. signature updates will cease once the proxies are turned off, and also whether we can use GuiDBedit to remove the proxy configuration?
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello there,
We have noticed the same issue with our appliances and management server.
Recently removed the proxy configuration via Clish, SmartConsole, and Global Properties, however some connections are still using the proxy.
Via GuiDBEdit I found the following setting still configured with the proxy:
- Managed Objects > asm > ProductVPN1PRO > fdt_proxy_address
- Other > content_security > Global_EDGE_Settings > signature_updates > proxy_address
- Other > content_security > Global_AV_Settings > signature_updates > proxy_address
- Other > ics_configuration > Global_ICS_Settings > signature_updates > proxy_address
- Other > uf_policy > Global_UF_DB_Updates_user_modified > proxy_address
@jgriffiths did you manage to resolve this by editing the database?
@Chris_Atkinson is editing the database the preferred way to fully remove the proxy?
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, the config still exists in the DB, we were advised against directly editing the database if possible. We were able to confirm the Gateways/Management servers were able to reach the required FQDN using curl
curl_cli sigcheck.checkpoint.com:80 -v
You should get a response like the below
Connected to sigcheck.checkpoint.com (72.247.177.160) port 80 (#0)
Even though the proxy config remains its not in use. The proxies are no more and it still works.
Cheers,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please work with TAC to address, generally editing the database in such a fashion is otherwise unsupported.
