This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Tieho_Molefe
Explorer
‎2018-03-26 01:51 AM

CheckPoint Firewall R80.10 stability issues

I seek help with technical guidance for CheckPoint Firewall R80.10 stability issues. I have upgraded firewall to R80.10. The issues that I have experienced with this version are:

• Internal system error in HTTPS Inspection due to categorization service timeout. When this error occur, firewall will drop all traffic for couple of minutes to an hour.

• URL Filtering blade – Rad service not available. This error occurs most of the time when trying to make any configuration changes to the firewalls. It happens most of the time when I try to switch firewalls running in cluster mode from HA to load sharing

• Log unification error – too many update log, logs has been truncated

Reply
7 Replies
AlekseiShelepov
Advisor
‎2018-03-26 02:40 AM

Just as a reminder, jumbo hotfix  accumulator is a must for R80.10 for now:

Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf) 

Take_85 is the latest General Availability release...

Do you have it or any previous version installed?

There are also updates for SmartConsole itself:

R80.10 SmartConsole Build 029 

0 Kudos
Reply
Marco_Valenti
Advisor
‎2018-03-26 03:51 AM

Looks like that something similar was already discussed here

https://community.checkpoint.com/message/12728-rad-kernel-errors 

But as usual before making any changes to your environment consult with your local partner or check point support

0 Kudos
Reply
Gaurav_Pandya
Advisor
‎2018-03-26 03:56 AM

Yeah, As you are facing issue with various things, it would be better to ask TAC

0 Kudos
Reply
Markus_Genser
Participant
‎2018-03-26 06:07 AM

Are core dumps being created for the services?

Do you have IPv6 active for the management interface?


Had the same issue with HTTPS categorisation, RAD daemon and vpnd. Generated a lot of core dumps for wstlsd, rad an vpnd.

I was able to pinpoint it to the /etc/hosts entry for an old IPv6 address (multiple upgrades from R75.40) which was missing the colons.

First step was removing the entry in /etc/hosts and then delete and set the address again in clish for the listed interface.

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2018-03-26 06:27 AM

First of the three issue had already been posted in CheckMates as R80.10 URL Filtering - rad admin service is not available when switching from High Availability to l....

0 Kudos
Reply
Filip_Wennerhul
Participant
‎2018-06-05 12:00 AM

Have the same problem as the first one.

Tieho Molefe Did you ever solve the first problem? We have the same issues. however we have fail open so the traffic is not dropped.

Günther W. Albrecht‌ how is that the solution to the problem? (not questioning you but i dont see the same problem/symptom related in the checkmates post or in the SK). I have checked the SK and have connection to the services. The issue happens from time to time and not always. 

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2018-06-05 12:57 AM
In response to Filip_Wennerhul

I did only reference a similar issue, not suggesting any solution - there is near to none details about the confiduration, so it could as well be a StandAlone deployment...

0 Kudos
Reply