Hi Kyle,

Surely that is not a secure option to turn it to fail-open? 

Is that the only way of getting around this?

Thanks

I can definitely understand the caution about the security impact.

If you want to stay in Fail-Close, there is an option to change the Content Awareness settings to avoid these errors. You can see this documented in SK11851.

Take note that changing these is not recommended unless you need to.

Thanks Kyle, I've put SK11851 into Google and CheckPoint site and nothing comes up? Please could you link me

Looks like I missed a digit -- sk118516.

thank you!

So my current value for # fw ctl set int fileapp_max_upload_file_size is 0, surely that can't be right if the default value is 10mb?

If I want to set this as 200mb for example, would I just enter # fw ctl set int fileapp_max_upload_file_size <200> ?

I'm going back and forth to our vendor, then to CheckPoint support and then back. I'm debating whether to turn on fail-open as this is just using up too much of my time and stopping a lot of users from uploading & downloading files. It seems there's some sort of limit at 200mb, although when running fw ctl get int fileapp_max_upload_file_size it  = 0.

When in fail-open, if the gateway is unable to extract text does it still get analysed by all the other blades for malicious content?

Hello @Kyle_Danielson, thanks for your help and brief explanation, I just made this change and looks like it's working, but can you explain what are the differences between fail-open and fail-close options? Does it mean if there is an error with the content awareness system, it will "bypass" traffic and won't inspect it through content awareness?

I am having a similar issue, but in this case, our mode is set to fail-open.

That's a different problem that has a solution: https://support.checkpoint.com/results/sk/sk167173