This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
G_W_Albrecht
Champion
Champion
‎2019-05-27 06:38 AM

Searching Network Objects in R80.xx is crippled

Jump to solution

Managing large networks is easier if searching in Dashboard does simply work ! In R77.30, it was easy to search for e.g. servers in network objects > hosts, see here an example from Demo mode:

server.png

In the search results, we can find the objects having a name containing "server" as well as objects having "server" in comment field - so, it is easy to find all server objects.

But not in R80.xx - in Demo, we see a list of Hosts named using "server":

Server1.png

So when searching, we would expect to get all objects with "server" in its name, but not the one with "srv". But what do we really get ? Not much:

server2.png

It will not show the FileServer and WebCalendarServer. But now. try it yourself and do not search "Server" but "erver" - nothing will be shown at all !

I am thinking that this is not a search function anymore !

But what about other users, is this kind of searching unusable or not needed anymore ? Does anyone else miss it ? And what did really happen to Dashboard that did the searching very well in R77.30 ?

Reply
2 Solutions

Accepted Solutions
Tomer_Noy
Employee
Employee
‎2019-09-18 01:22 PM
In response to CoolKangaroo

Jump to solution

Thanks all for sharing this feedback. I will try to explain why things work as they do, and also how we are planning to improve that.

Before R80, the SmartDashboard loaded all DB objects into the client memory upon login. When you searched for an object, it scanned the entire list, looking for your sub-string. This worked reasonably well in most environments, but sometimes was slow on huge DBs.

In R80.x, we have all our objects in a modern DB and strive to avoid loading everything into memory. Also, we have an indexing engine (Solr) that maintains an index of all the "words" in the various objects in the DB. When you are searching in Object Explorer or a picker, we look for objects with words that begin with your sub-string. This catches object names that begin with your word, but also examples like searching "Server" to find "Web Server". Although "Server" appears in the middle of the value, our indexing engine understands that it's a separate word that should be indexed (because of the space character). The searching is done using the index in order to return results quickly and to avoid loading the server by a full scan.

Following feedback, we understand that this may be frustrating (especially with examples like "WebServer").
What are we doing to improve?

In the upcoming R80.40 we will add two new behaviors:

1) You will be able to prefix your searches with '*' in order to force a full search, for example "*Server". This will be less efficient, but will find everything you are looking for (like in R77.x).

2) We are modifying the indexing tokenization algorithm to take into account changes in case. This means that words like "WebServer" will be considered two words => "Web" and "Server", due to the capital 'S', even without using a space character. Hopefully, this will catch most searches efficiently, without the need to use '*'.

Let me know if you think this will be useful.

View solution in original post

Reply
G_W_Albrecht
Champion
Champion
‎2020-04-28 03:30 AM

Jump to solution

At least we now have wildcard * at position 1 in R80.40 and starting R80.30 JT 195 with SmartConsole R80.30(GA Build #76) is now available 

More details see  sk164873: New ability to search in the Management Server by adding asterisk before any sequence of ...

View solution in original post

Reply
25 Replies
Reinhard_Stich
Contributor
‎2019-05-27 07:03 AM

Jump to solution

 

I also miss that feature and I hope CP will update the console with that feature soon

Reply
Maarten_Sjouw
Champion
Champion
‎2019-05-27 07:04 AM

Jump to solution
Try the same from Object explorer.
Regards, Maarten
0 Kudos
Reply
Reinhard_Stich
Contributor
‎2019-05-27 07:09 AM
In response to Maarten_Sjouw

Jump to solution
it's the same in object explorer.
Reply
G_W_Albrecht
Champion
Champion
‎2019-05-27 07:31 AM
In response to Maarten_Sjouw

Jump to solution

It is just the same behavior - only that there is additional highlighting:

Server3.png

And the "erver" behavior is replicated there, too:

Server4.png

Reply
Timothy_Hall
Champion
Champion
‎2019-05-27 08:22 AM
In response to G_W_Albrecht

Jump to solution

Bring up the legacy SmartDashboard by pretending to configure HTTPS Inspection from the R80+ SmartConsole, then do your searches from there.  🙂

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply
Reinhard_Stich
Contributor
‎2019-05-27 10:38 PM
In response to Timothy_Hall

Jump to solution
this is a dirty workaround that helps in some cases. but for daily operations this is not really useful.
check point pretends to pay attentions to usability - and there are several features in R80+ that are really useful. I just wonder if only my customers and I miss that feature that much or others too ...
Reply
OliverSuess
Explorer
‎2019-05-27 08:23 AM
In response to G_W_Albrecht

Jump to solution

Our customers are also complaining about this issue, they don't really understand why this "feature" was removed!

Reply
Timothy_Hall
Champion
Champion
‎2019-05-27 09:22 PM
In response to OliverSuess

Jump to solution

My opinion is that it wasn't really "removed", but is a byproduct of the architectural changes in the R80+ SMS.  In R77.30 and earlier, the SmartDashboard had a lot more "intelligence" (for lack of a better word), and operations such as searches we performed completely by the SmartDashboard who had a copy of all objects and rules cached in its local memory for as long as the SmartDashboard was connected to the SMS.  Note that this information was never written to the SmartDashboard system's hard drive.

However in R80+, the vast majority of the "intelligence" was moved to the SMS which was now able to successfully leverage multiple cores for security management operations.  This was probably necessary in R80+ due to multiple administrators in read/write mode accessing the configuration simultaneously.  The R80+ SmartConsole is basically just a thin display client for what the SMS is telling it to display.  As a result, operations such as searches are actually happening up the SMS; this is also why on some screens only a limited number of objects are shown initially, and scrolling down into a new set of objects will cause a bit more delay as the additional objects must be retrieved from the SMS instead of being cached (and searched) locally.  This also becomes readily apparent when there is high latency (>100ms) between the R80+ SmartConsole and the SMS as operations will become noticeably slower.

 

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
Reply
Stefan_Lassnig
Explorer
‎2019-05-27 07:21 AM

Jump to solution

Hi,

also miss this "simple" and very useful feature in R80.x 😞

BR Stefan

0 Kudos
Reply
Martin_Hofbauer
Participant
‎2019-05-27 01:42 PM

Jump to solution

Perhaps this massive backwardness of functionality is not so well known to all who only do installations and upgrades( I assume when asking to try in Object explorer), but if you maintain Rulebases every day it is something that almost always means a (big) limitation.

Example: "Group with Exclusions": If you do not find all the objects that you expect for these "Exclusions", and have this object in the SRC field of a Allow Rule: that could lead to a security problem.

My first customers who had upgraded to R80 were surprised by this restriction and expected a return of the missing features in R80.10. Since both R80.20 and R80.30 (after 3 years) did not address this restriction, I have consistently noticed considerable displeasure among my customers. Again: EVERY R80 customer see this limitation several times a day. Frustration for Checkpoint is growing constantly.

Thanks
Martin

Reply
Maarten_Sjouw
Champion
Champion
‎2019-05-27 10:42 PM
In response to Martin_Hofbauer

Jump to solution

I just tested the search in Object Explorer in R80.30 and searched for a word I knew for sure was in the comments, it found both the name and comment occurrences.

Also in the normal list on the right side it finds things from the comments again.

Regards, Maarten
0 Kudos
Reply
Wolfgang
Leader
Leader
‎2019-05-27 11:12 PM

Jump to solution
This a real and very bad limitation. Too on the newest release.
I can't understand why we can search for "server" getting resulsts and for "erver" and does not get any results. A working search function should be no problem.
I'm always wondering that CheckPoint is fighting again GenV security threads, going into the cloud to allow agile security management, but a simple search function is problematic.
Maybee we have to wait for this function for some more years.
Remember, everyone needs more then one working administrator and it tooks much more then 10 years to get this functionality.

I saw sk113603, from september 2016 describing this problem. Only three years ! Yes I'm sarcastic, but it is a shame to not have this simple search feature 3 years later.

Wolfgang
Reply
Reinhard_Stich
Contributor
‎2019-05-28 02:42 AM
In response to Wolfgang

Jump to solution
the SK says:
"Not finding objects when using substrings in the middle of the word, is an expected behavior."
at least most users expect something else 🙂
Reply
Benedikt_Weissl
Advisor
‎2019-05-28 03:16 AM

Jump to solution

I've just tested this with R80.20. The seems to me that the algorithm is "cutting" the names/comments apart at white spaces and then tries to match your searchstring 1:1 onto each piece.

0 Kudos
Reply
Bernhard_Sayer
Contributor
‎2019-05-28 06:12 AM

Jump to solution

It´s back-breaking and it´s hard to tell this "new" limitation every customer who i do an upgrade from R77.30 ….

 

Reply
CoolKangaroo
Explorer
‎2019-09-12 12:18 AM

Jump to solution

Hi,

I also miss the good old search like it was in 77.30. What is called search now in 80.20 hurts me every day 😞

 

Reply
Tomer_Noy
Employee
Employee
‎2019-09-18 01:22 PM
In response to CoolKangaroo

Jump to solution

Thanks all for sharing this feedback. I will try to explain why things work as they do, and also how we are planning to improve that.

Before R80, the SmartDashboard loaded all DB objects into the client memory upon login. When you searched for an object, it scanned the entire list, looking for your sub-string. This worked reasonably well in most environments, but sometimes was slow on huge DBs.

In R80.x, we have all our objects in a modern DB and strive to avoid loading everything into memory. Also, we have an indexing engine (Solr) that maintains an index of all the "words" in the various objects in the DB. When you are searching in Object Explorer or a picker, we look for objects with words that begin with your sub-string. This catches object names that begin with your word, but also examples like searching "Server" to find "Web Server". Although "Server" appears in the middle of the value, our indexing engine understands that it's a separate word that should be indexed (because of the space character). The searching is done using the index in order to return results quickly and to avoid loading the server by a full scan.

Following feedback, we understand that this may be frustrating (especially with examples like "WebServer").
What are we doing to improve?

In the upcoming R80.40 we will add two new behaviors:

1) You will be able to prefix your searches with '*' in order to force a full search, for example "*Server". This will be less efficient, but will find everything you are looking for (like in R77.x).

2) We are modifying the indexing tokenization algorithm to take into account changes in case. This means that words like "WebServer" will be considered two words => "Web" and "Server", due to the capital 'S', even without using a space character. Hopefully, this will catch most searches efficiently, without the need to use '*'.

Let me know if you think this will be useful.

View solution in original post

Reply
Reinhard_Stich
Contributor
‎2019-09-18 02:20 PM
In response to Tomer_Noy

Jump to solution

this sounds really good. I will have a loot at the EA of 80.40 and check out the new feature.

I like !!

thanks !

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2019-09-18 02:28 PM
In response to Reinhard_Stich

Jump to solution
Tomer,
Question, will this also work in a administrator list as in a MDS where we have 250 admins that have their name end in a 3 or 4 digit number. This number is the last octet of the IP for the domain they are entitled to. As we needed to resotre those rights for about 20 domains with around 50 admins that search ability would have been very helpful.
Regards, Maarten
0 Kudos
Reply
Tomer_Noy
Employee
Employee
‎2019-09-18 10:40 PM
In response to Maarten_Sjouw

Jump to solution
Sure. Adding the '*' in the beginning of your search with the desired number, should work in the admins list as well.
0 Kudos
Reply
CoolKangaroo
Explorer
‎2019-09-18 10:52 PM
In response to Tomer_Noy

Jump to solution
Sounds good. Looking forward to R80.40!
Thanks a lot!
0 Kudos
Reply
Norbert_Bohusch
Advisor
‎2019-09-19 06:01 AM
In response to Tomer_Noy

Jump to solution
really nice to see that this gets finally addressed!
0 Kudos
Reply
quncy
Explorer
‎2020-04-27 10:30 PM
In response to Tomer_Noy

Jump to solution

will index the comment field as well? 

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2020-04-28 03:30 AM

Jump to solution

At least we now have wildcard * at position 1 in R80.40 and starting R80.30 JT 195 with SmartConsole R80.30(GA Build #76) is now available 

More details see  sk164873: New ability to search in the Management Server by adding asterisk before any sequence of ...

View solution in original post

Reply
quncy
Explorer
‎2020-04-28 03:59 AM
In response to G_W_Albrecht

Jump to solution

ya just test 80.30 t140,  the * work. also search comment field. 

this help are lot when we need to search rule by ticket number

0 Kudos
Reply