This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Payne1
Contributor
‎2021-11-01 04:34 AM

remove proxy config

we used to get all ips  and other updates via a proxy,

 

we are decommissioning these but the mgmt  boxes are still going to proxy for signature checks

where in the CLI can i find where the proxy setting has stuck, even though its turned off in gui and smartconsole

this is for R81

thanks

sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
sigcheck.checkpoint.comBlocked72.247.177.81
0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2021-11-01 05:19 PM

Did you check all areas of SmartConsole including the object itself and global properties?

Menu > Global Properties > Proxy
Object > Network Management > Proxy

clish > show proxy

 

After the change does the issue persist even following a cpstop/cpstart or reboot?

 

CCSM R77/R80/ELITE
0 Kudos
jgriffiths
Explorer
‎2021-11-12 03:35 AM
In response to Chris_Atkinson

Hi Chris,

I work with Steve and I've been looking into this issue. We've checked all proxy configuration on the appliances themselves and also via SmartConsole, all of which don't have the proxy settings configured. The appliances/management platforms have been rebooted following the removal of the proxy configuration.

I've identified the proxy configuration remains under the ics_configuration > signature > updates > proxy_address of the management platform database - this was identified with GuiDBedit.

From what I understand this section is applicable for threat prevention signature updates. We're in the process of decommissioning our proxies and having the proxy configured may cause us a problem once they've been turned off.

Are you able to confirm whether my understanding is correct? i.e. signature updates will cease once the proxies are turned off, and also whether we can use GuiDBedit to remove the proxy configuration?

Thanks,

0 Kudos
GMynott
Explorer
‎2022-03-10 04:20 PM
In response to jgriffiths

Hello there,

We have noticed the same issue with our appliances and management server.
Recently removed the proxy configuration via Clish, SmartConsole, and Global Properties, however some connections are still using the proxy.

Via GuiDBEdit I found the following setting still configured with the proxy:
- Managed Objects > asm > ProductVPN1PRO > fdt_proxy_address
- Other > content_security > Global_EDGE_Settings > signature_updates > proxy_address
- Other > content_security > Global_AV_Settings > signature_updates > proxy_address
- Other > ics_configuration > Global_ICS_Settings > signature_updates > proxy_address
- Other > uf_policy > Global_UF_DB_Updates_user_modified > proxy_address

@jgriffiths did you manage to resolve this by editing the database?
@Chris_Atkinson is editing the database the preferred way to fully remove the proxy?

Cheers

0 Kudos
jgriffiths
Explorer
‎2022-03-11 01:40 AM
In response to GMynott

Hi, the config still exists in the DB, we were advised against directly editing the database if possible. We were able to confirm the Gateways/Management servers were able to reach the required FQDN using curl

curl_cli sigcheck.checkpoint.com:80 -v

You should get a response like the below

Connected to sigcheck.checkpoint.com (72.247.177.160) port 80 (#0)

Even though the proxy config remains its not in use. The proxies are no more and it still works.

Cheers,

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-03-11 04:12 AM
In response to GMynott

Please work with TAC to address, generally editing the database in such a fashion is otherwise unsupported.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events