Solved: is_whitelist_domain_enable ?

r1der · ‎2023-04-19

When I'm saving our policy, this shows up next to the threat prevention policy. I'm not finding much information about this.

Has anyone seen this before, or what I should be looking for to fix this?

- is_whitelist_domain_enable: is_ok_for_whitelist_domain_look_for_any_at_global_tbl() returned false for services
--------------------------------------------------------------------------------

R81.10, Take 79.

PhoneBoy · ‎2023-04-21

Recommend a TAC case to investigate: https://help.checkpoint.com

View solution in original post

r1der · ‎2023-05-03

TAC provided a fix and I'm no longer seeing the Info icon.

View solution in original post

the_rock · ‎2023-04-19

Never ever seen that before, not in any R80 or R81 flavor at all. I did look for it in Guidbedit and nothing came up.

Best,
Andy

PhoneBoy · ‎2023-04-21

Recommend a TAC case to investigate: https://help.checkpoint.com

r1der · ‎2023-05-03

TAC provided a fix and I'm no longer seeing the Info icon.

the_rock · ‎2023-05-03

Just curious, what was the fix?

Andy

Best,
Andy

r1der · ‎2023-04-25

Thanks @the_rock and @PhoneBoy. I will update back when I hear from TAC.

the_rock · ‎2023-04-25

Let us know, Im super curious how it gets solved. I literally looked everywhere, as this was bugging me and cant find anything useful...sorry mate.

Best,
Andy

Nik_Bloemers · ‎2023-04-25

Curious to see what the result from TAC is. I'm getting this message on multiple gateways as well now, but so far doesn't seem to impact anything (it also has like a blue 'informational' icon rather than a warning or error one.

r1der · ‎2023-04-27

TAC informed me there is a portfix (I think they meant postfix?) for it, and I am currently uploading cpinfo logs for it. Correct, there doesn't seem to be any impact to anything.

the_rock · ‎2023-04-26

@r1der

Just curious, when did you first notice this issue? I tried replicating this in my current R81.10 lab with same jumbo, newly built one as well and no success, it never comes up.

Andy

Best,
Andy

r1der · ‎2023-04-27

I only noticed it on take 79. However, it could've been on there before that. TAC informed me there is a portfix (think they meant postfix) for it that they'll provide after submitting further cpinfo details.

the_rock · ‎2023-04-27

They definitely meant portfix : ). Either way, does not matter the terminology, as long as it fixes the problem. Portfix simply means fix installed on top of your existing jumbo. Be mindful of those things, as you may end up asking for new portfix every single time in the future there is an issue...just saying, something to keep in mind.

Best,
Andy

Jones · ‎2023-06-16

I'm also seeing the informational message. I'm on recommended JHF95 on R81.10, so it's not fixed maintrain. Do we need the portfix to get rid of the messages or can we just safely ignore it?

the_rock · ‎2023-06-16

Personally, if everything works, then I assume you could ignore it. But, to be on a safe side, maybe open TAC case and send them this post or @r1der can confirm what was the fix they were given in order to resolve this issue.

Cheers,

Andy

Best,
Andy

r1der · ‎2023-06-16

@Jones per the notes on my case:
"a private fix was provided to resolve this issue and requires a TAC case.
fw1_wrapper_HOTFIX_R81_10_JHF_T79_560_MAIN_GA_FULL.tar - The fix will be installed on the SMS."

Based on R&D, this is an "unclear and unnecessary warning" that does not affect the functionality of the product.

I ended up uninstalling the fix because like @the_rock mentioned above, it will have to be ported over to the new Hotfixes.
So, you'd have to email TAC to upgrade to newer versions that has the fix. Otherwise you'd get a message "JHF Take XX is not allowed".

Are you a member of CheckMates?

is_whitelist_domain_enable ?