Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kyithuaung
Participant

IPS Blade is not responding issue is often

I facing IPS blade is not responding issue is often.Please see the attached file for issue. I facing that issue about three times a month.I know SK to solve that.Please see SK sk163752.The first three times I resolved it.This time, doing so with SK is not a solution. Issue is solved cpstop;cpstart (not described in SK). I have a question is Why it happens so often. I have a check point firewalls 8 Nos in my network, but the current issue is firewall 2 Nos. How to solve it? Why does it happen so often? 

0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend

The status for all blades including IPS is pulled from the cpd daemon running on the gateway.  Anything interesting in $CPDIR/log/cpd.elg on the gateway around the time of the last IPS status failure?

It also possible that fwd may be involved with reporting the status of the IPS blade, which did not have its own individual status reporting until R80.20, so may want to look in $FWDIR/log/fwd.elg as well around the time of the issue.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
kyithuaung
Participant

Hello Timothy_Hall,

Thanks for your reply. I would like to ask you one question. Can I restart IPS service only instead of cpstop;cpstart? or How to resolve this issue? If can, please kindly support to me command or guide line because of I have to traffic swing and make a changed request in operation when I do cpstop;cpstart.

0 Kudos
Timothy_Hall
Legend Legend
Legend

IPS is completely implemented inside the INSPECT engine so there is no process to restart.  When the status isn't working you could try these commands and see if they shake it loose:

ips bypass on;ips bypass off

ips off;ips on

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
the_rock
Legend
Legend

I had customer couple years back with this exact issue and problem went to escalations team in TAC and they ended up opening R&D task and sadly, nothing came out of it, so the best suggestion we ended up getting was to do cpstop;cpstart to fix it, which we knew even before the case was opened.

If I ever see this now days, I just assume its cosmetic, because the the next day, it usually shows ips was updated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events