This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kyithuaung
Participant
‎2021-08-27 08:04 AM

IPS Blade is not responding issue is often

I facing IPS blade is not responding issue is often.Please see the attached file for issue. I facing that issue about three times a month.I know SK to solve that.Please see SK sk163752.The first three times I resolved it.This time, doing so with SK is not a solution. Issue is solved cpstop;cpstart (not described in SK). I have a question is Why it happens so often. I have a check point firewalls 8 Nos in my network, but the current issue is firewall 2 Nos. How to solve it? Why does it happen so often? 

ips blade issue.png
Preview file
39 KB
0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend
‎2021-08-27 08:47 AM

The status for all blades including IPS is pulled from the cpd daemon running on the gateway.  Anything interesting in $CPDIR/log/cpd.elg on the gateway around the time of the last IPS status failure?

It also possible that fwd may be involved with reporting the status of the IPS blade, which did not have its own individual status reporting until R80.20, so may want to look in $FWDIR/log/fwd.elg as well around the time of the issue.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
kyithuaung
Participant
‎2021-08-30 09:31 AM
In response to Timothy_Hall

Hello Timothy_Hall,

Thanks for your reply. I would like to ask you one question. Can I restart IPS service only instead of cpstop;cpstart? or How to resolve this issue? If can, please kindly support to me command or guide line because of I have to traffic swing and make a changed request in operation when I do cpstop;cpstart.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-08-31 04:44 AM
In response to kyithuaung

IPS is completely implemented inside the INSPECT engine so there is no process to restart.  When the status isn't working you could try these commands and see if they shake it loose:

ips bypass on;ips bypass off

ips off;ips on

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
the_rock
Legend
Legend
‎2021-08-30 10:54 AM

I had customer couple years back with this exact issue and problem went to escalations team in TAC and they ended up opening R&D task and sadly, nothing came out of it, so the best suggestion we ended up getting was to do cpstop;cpstart to fix it, which we knew even before the case was opened.

If I ever see this now days, I just assume its cosmetic, because the the next day, it usually shows ips was updated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    Top