This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Karel_Mate
Participant
‎2020-03-08 06:59 PM
Jump to solution

IPS Update failed after upgrade from R80.10 to R80.30

Hi Sirs,

 

We are having issue on IPS update, right after we successfully migrated to new Open Server Appliance running R80.30 coming from R80.10, IPS Update is failing, We also tried updating using an offline update file but still failing. Connection to checkpoint is fine as well as the PC used on SmartConsole. Below is some output requested by the TAC who is handling the case.

 

[Expert@PSBANK-mgmt:0]# nslookup
> ^C[Expert@PSBANK-mgmt:0]# nslookup cws.checkpoint.com
Server: 10.11.25.4
Address: 10.11.25.4#53

Non-authoritative answer:
cws.checkpoint.com canonical name = wildcard-dual.checkpoint.com.edgekey.ne t.
wildcard-dual.checkpoint.com.edgekey.net canonical name = e14576.dscg.aka maiedge.net.
Name: e14576.dscg.akamaiedge.net
Address: 184.87.247.148

[Expert@PSBANK-mgmt:0]# curl_cli -v -1 --cacert $CPDIR/conf/ca-bundle.crt https: //updates.checkpoint.com
* Rebuilt URL to: https://updates.checkpoint.com/
* Trying 104.67.182.6...
* Connected to updates.checkpoint.com (104.67.182.6) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH
* successfully set certificate verify locations:
* CAfile: /opt/CPshrd-R80.30/conf/ca-bundle.crt
CApath: none
* *** Current date is: Tue Feb 18 11:23:56 2020
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Tue Feb 18 11:23:56 2020
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* err is -1, detail is 2
* *** Current date is: Tue Feb 18 11:23:56 2020
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* err is -1, detail is 2
* *** Current date is: Tue Feb 18 11:23:56 2020
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* servercert: Activated
* servercert: crl_download_timeout: 10
* servercert: crl_weak_validation: 1
* servercert: Calling cp_verify_certificate
* servercert: cp_verify_certificate returned: CURLE_OK
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.checkpoint.com
* start date: Oct 31 20:24:10 2018 GMT
* expire date: Oct 31 20:24:10 2020 GMT
* subjectAltName: updates.checkpoint.com matched
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http:// certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify ok.
* servercert: Finished
< HTTP/1.1 200 OK
< Content-Type: text/plain; charset=utf-8
< Content-Length: 8
< Server: awselb/2.0
< Date: Tue, 18 Feb 2020 03:23:59 GMT
< Connection: keep-alive
<
* Connection #0 to host updates.checkpoint.com left intact
it works[Expert@PSBANK-mgmt:0]# curl_cli -v -1 --cacert $CPDIR/conf/ca-bundle.cr dl3.checkpoint.com
* Rebuilt URL to: https:dl3.checkpoint.com/
* getaddrinfo(3) failed for https:80
* Couldn't resolve host 'https'
* Closing connection 0
curl: (6) Couldn't resolve host 'https'
[Expert@PSBANK-mgmt:0]# curl_cli -v http://cws.checkpoint.com
* Rebuilt URL to: http://cws.checkpoint.com/
* Trying 184.87.247.148...
* Connected to cws.checkpoint.com (184.87.247.148) port 80 (#0)
< HTTP/1.1 200 OK
< Server: Apache
< Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT
< Content-Type: text/html
< Date: Tue, 18 Feb 2020 03:24:34 GMT
< Content-Length: 44
< Connection: keep-alive
< X-Cache-Remote: TCP_REFRESH_HIT from a23-43-48-140.deploy.akamaitechnologies.c om (AkamaiGHost/9.8.5.1.1-27758809) (S)
<
* Connection #0 to host cws.checkpoint.com left intact

 

Thanks,

Karel Mate

0 Kudos
1 Solution

Accepted Solutions
Tomer_Kashayov
Employee
Employee
‎2020-06-16 01:21 AM
In response to Hasse_Haglund
Jump to solution

Hi, 

Fix include in R80.40

R80_30_jumbo take 163 and higher.

R80_20_jumbo take 143 and higher.

Or follow sk155052 to resolve. 

View solution in original post

9 Replies
_Val_
Admin
Admin
‎2020-03-09 01:03 AM
Jump to solution

Might be related to sk155052. Look in cpm.elg file forAssertionError has been caught: found too many objects error

0 Kudos
Karel_Mate
Participant
‎2020-03-09 05:01 AM
In response to _Val_
Jump to solution

Thanks for the feedback, we'll check this tomorrow and see if this is the cause.

Regards.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-09 06:12 AM
In response to Karel_Mate
Jump to solution

Check on the SMS with the following command:
psql_client cpm postgres
select task.objid,displayname,creator,starttime,lastupdatetime,progresspercentage from tasknotification task, (select name,objid from domainbase_data where dlesession=0 and not deleted) cma where status = 0 and cma.objid = task.domainid and (displayname='Application Control & URL Filtering' or displayname='IPS Management Update');
\q
See if there is anything in 10% progresspercentage.
If so send me a PM and I will be able to link you to a TAC engineer I have been working with about this problem.
Regards, Maarten
0 Kudos
Karel_Mate
Participant
‎2020-03-09 08:14 PM
In response to Maarten_Sjouw
Jump to solution

Hi Maarten, 

Sure, will check this one also tomorrow, during my visit to the client and provide feedback here, Thanks,

 

Regards,

0 Kudos
Karel_Mate
Participant
‎2020-03-12 04:48 AM
In response to _Val_
Jump to solution

Saw this symptoms on the client's management server, already shown this to the TAC that's handling.

 

Thanks and Regards

0 Kudos
Bharat_Sudi
Explorer
‎2020-05-27 12:23 AM
In response to Karel_Mate
Jump to solution

Dear Karel & team,

 

We are facing a similar issue. can you help me out with some inputs.

What's the solution.

Thanks and Regards

Bharath

0 Kudos
Hasse_Haglund
Participant
‎2020-06-12 04:45 AM
Jump to solution

Hi, 

We are facing the same issue as you did. Have you resolved it now or what is the status? 

0 Kudos
Tomer_Kashayov
Employee
Employee
‎2020-06-16 01:21 AM
In response to Hasse_Haglund
Jump to solution

Hi, 

Fix include in R80.40

R80_30_jumbo take 163 and higher.

R80_20_jumbo take 143 and higher.

Or follow sk155052 to resolve. 

Karel_Mate
Participant
‎2020-06-16 01:38 AM
In response to Hasse_Haglund
Jump to solution

Hi,

 

I just checked the sk155052, all symptoms on the cpm.elg was found on the client side, we requested the fix from the TAC. Or follow Sir Tomer Kashayov response on this trail.

 

Thanks,

Karel Mate

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events