This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kyithuaung
Participant
‎2021-08-27 08:04 AM

IPS Blade is not responding issue is often

I facing IPS blade is not responding issue is often.Please see the attached file for issue. I facing that issue about three times a month.I know SK to solve that.Please see SK sk163752.The first three times I resolved it.This time, doing so with SK is not a solution. Issue is solved cpstop;cpstart (not described in SK). I have a question is Why it happens so often. I have a check point firewalls 8 Nos in my network, but the current issue is firewall 2 Nos. How to solve it? Why does it happen so often? 

Preview file
39 KB
0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend
‎2021-08-27 08:47 AM

The status for all blades including IPS is pulled from the cpd daemon running on the gateway.  Anything interesting in $CPDIR/log/cpd.elg on the gateway around the time of the last IPS status failure?

It also possible that fwd may be involved with reporting the status of the IPS blade, which did not have its own individual status reporting until R80.20, so may want to look in $FWDIR/log/fwd.elg as well around the time of the issue.

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
kyithuaung
Participant
‎2021-08-30 09:31 AM
In response to Timothy_Hall

Hello Timothy_Hall,

Thanks for your reply. I would like to ask you one question. Can I restart IPS service only instead of cpstop;cpstart? or How to resolve this issue? If can, please kindly support to me command or guide line because of I have to traffic swing and make a changed request in operation when I do cpstop;cpstart.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2021-08-31 04:44 AM
In response to kyithuaung

IPS is completely implemented inside the INSPECT engine so there is no process to restart.  When the status isn't working you could try these commands and see if they shake it loose:

ips bypass on;ips bypass off

ips off;ips on

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
the_rock
Legend
Legend
‎2021-08-30 10:54 AM

I had customer couple years back with this exact issue and problem went to escalations team in TAC and they ended up opening R&D task and sadly, nothing came out of it, so the best suggestion we ended up getting was to do cpstop;cpstart to fix it, which we knew even before the case was opened.

If I ever see this now days, I just assume its cosmetic, because the the next day, it usually shows ips was updated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events