This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2023-08-21 09:52 AM
Jump to solution

IPS not enabled but still receiving notice of expired blade

All,

I have an r81.10 install that does not have IPS enabled in the gateway object.

The settings on the gateway device as presented by SmartConsole Threat Prevention tab are as follows:

Custom Threat Prevention is ticked.

All other boxes are unticked on that tab,

 

The drop down menus on the left do not contain any IPS related entries so it would seem it is not activated.

However, the main overview of all gateways & servers I have big red X and an Alert for this device that IPS

is 'Expired'.

 

I imagine this due to the installed license key on this device since this device is retired,

I assume I can still use this device for some basic blocking. Is there a way to remedy the Alert

for an unused blade or just live with it?

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:31 AM
In response to Tony_Graham
Jump to solution

Technically, you could delete one from May of this year, I believe command is cplic del CK-whatever ck number is

Or detach it from smart update

But, just to be sure 100%, I would still confirm with License folks.

Even after 16 years, I still dont understand CP licensing...if I was to live 1000 years, that would never change lol

Andy

Best,
Andy

View solution in original post

11 Replies
the_rock
MVP Gold
MVP Gold
‎2023-08-21 09:58 AM
Jump to solution

Can you please send a screenshot of it, as well as output of cplic print -x?

Andy

Best,
Andy
0 Kudos
Tony_Graham
Advisor
‎2023-08-21 10:13 AM
In response to the_rock
Jump to solution

I may have located the issue. While Smart Console shows IPS is disabled, the device console shows IPS is activated but expired.

Since they are out of synch with each other it is probably where the issue lies. The attached screenshots, the one labelled 'device' shows the active but expired blade output on the device itself the other two screenshots are out of Smart Console (81.20)

Preview file
24 KB
Preview file
18 KB
Preview file
14 KB
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:15 AM
In response to Tony_Graham
Jump to solution

That would make sense, for sure. Maybe if you can locate license string for it from ssh, you can do cplic del command. Just make sure you dont get rid of existing license needed.

Andy

Best,
Andy
0 Kudos
Tony_Graham
Advisor
‎2023-08-21 10:21 AM
In response to the_rock
Jump to solution

 

Here is the cplic mess with some redactions.

28May2023       CPSM-C-U CPSB-NPM CPSB-EPM CPSB-LOGS CPSB-MNTR CPSB-PRVS CPSB-UDIR CPSB-W
KFL-100 CPSB-WS CPSB-MPTL CPVP-SNX-U-NGX CPSB-SWB CPSB-ADNC-M CPSB-RPRT-U CPSB-EVCR-U CPSB-SSLVPN-MOBMAIL+5000 CPSB-COMP-150


 28May2023      CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB
-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT
  never       CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSL
VPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APCL CPSB-ASPM CPSB-AV CPSB-CTNT

Contract Coverage:
#   ID          Expiration   SKU                  
===+===========+============+====================
1    |  1May2023  | CPSB-EBP-TE
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
2    |  1May2023  | CPSB-EBP-URLF
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
3  |  1May2023  | CPSB-EBP-TEX
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
4  |  1May2023  | CPSB-EBP-CTNT
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
5   |  1May2023  | CPSB-EBP-ABOT
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
6    |  1May2023  | CPES-SS-PREMIUM-ADD
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
7    |  1May2023  | CPSB-EBP-IPS
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
8    |  1May2023  | CPSB-EBP-ASPM
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
9    |  1May2023  | CPSB-EBP-APCL
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
10   | 16May2017  | CPSB-IPS-S1-1Y
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================
11    |  1May2023  | CPSB-EBP-AV
  +-----------+------------+--------------------
  |Covers:     CPAP-SG320X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-ABOT CPSB-APC
L CPSB-ASPM CPSB-AV CPSB-CTNT
===+===========+============+====================

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:31 AM
In response to Tony_Graham
Jump to solution

Technically, you could delete one from May of this year, I believe command is cplic del CK-whatever ck number is

Or detach it from smart update

But, just to be sure 100%, I would still confirm with License folks.

Even after 16 years, I still dont understand CP licensing...if I was to live 1000 years, that would never change lol

Andy

Best,
Andy
Tony_Graham
Advisor
‎2023-08-21 10:35 AM
In response to the_rock
Jump to solution

'Even after 16 years, I still dont understand CP licensing...if I was to live 1000 years, that would never change lol'

Diddo, except I have 27 years dealing with it. It never gets better.

(1)
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:36 AM
In response to Tony_Graham
Jump to solution

I dont disagree with you mate, meaning, I AGREE : - )

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:39 AM
In response to the_rock
Jump to solution

By the way @Tony_Graham 

I find that method cplic del the best, girl from Account services always uses that, cant recall name now, in my opinion, she is the best there, very patient and does not give up until issue is solved.

Andy

Best,
Andy
0 Kudos
Tony_Graham
Advisor
‎2023-08-21 10:41 AM
In response to the_rock
Jump to solution

I think I've worked with her before as well. 5 star service.

(1)
the_rock
MVP Gold
MVP Gold
‎2023-08-21 10:42 AM
In response to Tony_Graham
Jump to solution

Madison, thats it...she is the best, in my opinion. Hope she gets some sort of recognition if anyone from her department sees this discussion.

Andy

Best,
Andy
(1)
Tony_Graham
Advisor
‎2023-08-30 09:37 AM
In response to the_rock
Jump to solution

Quick synopsis of the eventual resolution. Alerts changed in Smart Console after updating to 81.20. Red X stayed on errant device but Yellow alerts appeared on main firewall. As I don't have to alert message detail, I am going on memory which isn't great anymore, but as I recall it was something related to IPS again but on the main firewall. Something in the message made me decide to alter the IPS on main firewall. I switched it to Autonomous. I had been running it with everything on except Threat Extraction (for another reason) but thought I would give Autonomous a go. When I went to push policy I got a message that certain devices were scheduled for uninstall of IPS. Hmmm, I thought. As the retired firewall had not had policy pushed to it in awhile, I enabled it for policy push and let her rip. That cured both alerts on the main firewall and fixed the red X on the retired unit. This path of repair did not present itself until 81.20 was installed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events