CPVIEW Software-Blades R80.10

Jerom_van_den_H · ‎2018-02-27

In CPVIEW Software-blades overview

I do see an update time for Anti-Virus and Anti-Bot.

But when I install the latest IPS update I don't see any Update Time.

Any ideas what this would cause.

See attached a screenshot.

When I Look in the Smartdashboard I do see an Update Time.

We also have a monitor that does a check to see a last updates time and this does work

See the script below.

CLI

grep -A2 "sd_last_update_time" /var/opt/CPsuite-R80/fw1/state/local/AMW/local.IPS.set

: (sd_last_update_time

:type (int)

:val (1519719370)

EPOC time: 1519719370

date -d @1519719370

Tue Feb 27 09:16:10 CET 2018

XBensemhoun · ‎2018-02-27

I, could you share with us the Security Management Server version (R80 or R80.10) and Jumbo HF installed ?

I've check on R80 and R80.10 known limitations but your issue is not part of those sk.

I see that scheduled update is not planned : could you try to enable this ?

Gaurav_Pandya · ‎2018-02-27

I suspect this is bug and may be overcome with latest hotfix or upcoming hotfix. However you can check by scheduling IPS update as suggested by Xavier.

G_W_Albrecht · ‎2018-02-28

I can see this issue replicated on my Lab GW R80.10 JT 70 - but there, only IPS is N/A, the other three show Update Time values, even APCL... So it seems that currently this is available in Dashboard only - # ips stat only shows the version, not the update date & time.

G_W_Albrecht · ‎2018-02-28

I had planned a fresh GW installation, so in performed that this morning and monitored the cpview IPS update display during install:

- installed Check_Point_R80.10_T462_Gaia.iso

- after FTW + load configuration, no policy installed: only AV showed Update Time (all 4 blades showed disabled)

- after establishing SIC and installing Acces Control policy: APCL and AV showed Update Time (3 blades showed disabled, APCL enabled)

- after installing Access & Threat policy: only IPS showed no Update Time (all 4 blades showed enabled)

- after installing Jumbo Take 85: No change...

XBensemhoun · ‎2018-02-28

and what about scheduling IPS updates ? does it change anything ?

G_W_Albrecht · ‎2018-02-28

Sorry, fact is that all TP updates are scheduled in Dashboard, e.g. APCL at 00:00 and IPS at 00:20, but without policy install. So the GW will only learn about the last IPS update during policy install...

I have set schedule for IPS update in 5 mins with policy install and then will update here!

G_W_Albrecht · ‎2018-02-28

Did not find new IPS version, so the scheduled update did neither download anything nor perform a policy install. After a manual policy install (both Access +TP) nothing has chamged and the IPS date still is missing.

Danny · ‎2018-03-07

I added your grep routine to our ccc script. Thanks for the hint!

Vladimir · ‎2018-03-11

Danny,

Any chance of implementing automated updates for CCC?

Danny · ‎2018-03-14

Vladimir,

I was already thinking about this, too. Unluckily our ccc thread cannot be accessed without a CheckMates login. I would need to move it to some other location to enable this feature.

Danny · ‎2018-04-10

Vladimir,

I implemented automated updates in version 1.6 of our ccc script.

Vladimir · ‎2018-04-10

Thank you Danny!

You are awesome

PhoneBoy · ‎2018-03-09

This might be worth raising a TAC case about: Contact Support | Check Point Software

On my own gateway, IPS shows N/A and App Control shows a date.