StormAgentMsg: Failed to access URL

[AlexLewisLnk]

stormcenter blocklist fails to download after SANS/ICS changes to different CA in Sept 2007. SmartTracker shows following in log:

StormAgentName: CPDShield
StormAgentAction: Retrieve blocklist
StormAgentMsg: Failed to access URL

Check Point engineer gave me a link for attached file which is replacement CA cert to load on firewall. Steps to install:

1. On the gateway, backup $FWDIR/conf/equifax.cer
2. On the gateway, copy new equifax.cer file to $FWDIR/conf
3. Install policy to the gateway
4. Wait a minute or so, and on the gateway, check "dynamic_objects -l". The CPDShield object should show the block list.

[melipla]

Confirmed......

Error messages:

Quote:

Number: 1
Date: 26Nov2007
Time: 11:11:11
Product: VPN-1 Power/UTM
Origin: firewall
Type: Control
Action:
Information: StormAgentName: CPDShield
StormAgentAction: Retrieve blocklist
StormAgentMsg: Failed to access URL


Number: 2
Date: 26Nov2007
Time: 11:11:12
Product: VPN-1 Power/UTM
Origin: firewall
Type: Control
Action:
Information: StormAgentName: CPDShield
StormAgentAction: Retrieve blocklist
StormAgentMsg: Data has expired. Clearing defined ranges

Before cert update:

Quote:

# dynamic_objects -l

object name : CPDShield
range 0 : 0.0.0.1 0.0.0.1

Operation completed successfully

After cert update:

Quote:

# dynamic_objects -l

object name : CPDShield
range 0 : 58.68.76.0 58.68.76.255
range 1 : 60.168.84.0 60.168.84.255
range 2 : 67.15.204.0 67.15.204.255
range 3 : 69.56.243.0 69.56.243.255
range 4 : 78.60.40.0 78.60.40.255
range 5 : 78.128.39.0 78.128.39.255
range 6 : 84.19.184.0 84.19.184.255
range 7 : 121.14.136.0 121.14.136.255
range 8 : 123.253.134.0 123.253.134.255
range 9 : 139.55.63.0 139.55.63.255
range 10 : 139.55.82.0 139.55.82.255
range 11 : 139.55.113.0 139.55.113.255
range 12 : 148.208.199.0 148.208.199.255
range 13 : 172.187.159.0 172.187.159.255
range 14 : 195.110.148.0 195.110.148.255
range 15 : 202.76.108.0 202.76.108.255
range 16 : 209.173.166.0 209.173.166.255
range 17 : 209.173.181.0 209.173.181.255
range 18 : 218.1.65.0 218.1.65.255
range 19 : 222.90.65.0 222.90.65.255

Operation completed successfully

[RayPesek]

Thanks, that fixed that problem.

Have you had any success sending logs via R65 to DShield? Their pages say you need to use their ID but SmartDashboard only gives you a place to put in your email address and password. I can see the logs going out but my page says I'm not submitting logs.

Take care,

Ray

[Brentd]

Thanks

Great info thanks

Love this site, so many answers so little time!

:)

Brent

[RayPesek]

And the answer to my problem is that CP does not support the current method of sending logs to DShield. It changed and they did not know it and have not issued a fix yet.

Ray

[phelanre]

Would this have any effect on a VPN tunnel?
I tried following these steps and started getting different logs/failure messages from one of my vpn tunnels, so I uninstalled the new cert.
I can look up the specific vpn errors if necessary.

[RayPesek]

No, it wouldn't have any effect on VPNs.

Ray