RRAS stops after Policy Push

[issdragon0]

Hello,

RRAS (Routing and Remote Access Service) stops sporadically upon my enforcement modules after pushing a policy. It doesn't happen every time and it doesn't always happen on the same enforcement point.

Check Point tech support's only recommendation was RRAS shouldn't even be enabled because its a security risk, and IP forwarding should be enabled.

Understood, I say, but I've just walked into this position and the powers that be do not subscribe to this point of view.

I have been told that these enforcement modules have seen many CP revs, OS upgrades, and updates. I'm beginning to think that a fresh install would benefit prevent potential software instabilities.

Until then, I have allowed the OS to conduct a self-recovery of the service upon failure.

Anyone seen this before?

Thanks

[chillyjim]

Not this one per-say, but I have seen FW1 on windows kill services during a policy push. It is usually services that don't recover from their network connection being reset as the new policy is activated.

IMHO windows is a bad platform choice for a VPN1 gateway. It's much too heavy of an operating system and very difficult to harden without breaking it. For that matter I don't see any compelling reason to run SmartCenter on windows for the same reason.

SPLAT is free, pre-hardened and supported by CHKP.