Roy Smith

Strange Issue with Anti-Bot Updates

Discussion created by Roy Smith on Jan 7, 2019

Hi

 

I am wondering if anyone else has come across this issue?

 

For the past several weeks, we had an issue where our gateways would appear to intermittently fail to connect to https://updates.checkpoint.com. By intermittent, I mean that Smartconsole would show a red cross and when you look in monitor, the AB blade said it failed to connect. This appeared to be random on different gateways.

 

When using curl_cli to test, the first connection would timeout and fail. If you then immediately ran curl_cli again, the connection succeeded. If you then ran it again, it would work. but wait for several minutes and it would fail again. We discovered that updates.checkpoint.com was resolving primarily to 209.87.209.87, which always failed on the first attempt, and very occasionally to 194.29.34.19, which always worked.

 

This was happening on a VSX standalone and a VSX cluster, at VS0 level and other VS. I raised a TAC call and after several days of troubleshooting and some discussion with them and our ISP, we seem to have it resolved now.   

 

Resolution involved creating a host name on each VSX box to point updates.checkpoint.com to the IP 194.29.34.19. Since doing this the updates now seem stable and I am happy to leave it like this.

 

I realise there have been issues with the Check Point update servers in the past week, but the TAC engineer did not indicate this was anything to do with it. However, I'm curious to know if anyone else has come across this issue where 1 IP works and the other one does not.

 

Many Thanks

Roy

Outcomes