CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: R77.10 Hit Counters no longer work

  1. #1
    Join Date
    2011-11-09
    Posts
    7
    Rep Power
    0

    Default R77.10 Hit Counters no longer work

    We upgraded our MDS to R77.10 Gaia from R75.45 Splat. Everything is operational and working great except the Hit Counters no longer track the rule hits. We have a case open with CP TAC but was also reaching out to see if anyone ran into this issue as well. We have verifed the Global settings in each CMA (Hit count under "smartDashboard Custom" and advanced configuration) as well as the settings on the GW cluster objects for enabling "hit Counter". Very strange.

    Any input would be great.
    Thanks

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: R77.10 Hit Counters no longer work

    Make sure rulebase_uids_in_logs is marked (Global Properties > SmartDashboard Customization > Advanced Configuration > Configure... > FireWall-1 > General).
    If this is disabled, you might see the following errors in /var/log/message:

    [fw_1]^fwrulematch_rule_id_to_kuuid: fwloghandle_rule_id failed (rule num 49)
    [fw_1]^fwrulematch_set_hitcount: fwrulematch_rule_id_to_kuuid failed (rule num 49)
    [fw_0]^fwrulematch_rule_id_to_kuuid: fwloghandle_rule_id failed (rule num 1836)
    [fw_0]^fwrulematch_set_hitcount: fwrulematch_rule_id_to_kuuid failed (rule num 1836)
    [fw_2]^fwrulematch_rule_id_to_kuuid: fwloghandle_rule_id failed (rule num 1836)
    [fw_2]^fwrulematch_set_hitcount: fwrulematch_rule_id_to_kuuid failed (rule num 1836)

    If it is enabled, then sk98017 may be relevant assuming hitcounts are actually collecting data and we just lost the historical data (check output of fw tab -t nrb_hitcount_table and stattest gettable 1.3.6.1.4.1.2620.1.45.5 1 2 3 4 5 6 7)
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2011-11-08
    Posts
    16
    Rep Power
    0

    Default Re: R77.10 Hit Counters no longer work

    Hi,

    Waht is the gateway version?

    As per TAC. If MDS is R77.10 gaia
    & ur managing old r75 version gateway then hit couts will not work.

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,252
    Rep Power
    14

    Default Re: R77.10 Hit Counters no longer work

    Quote Originally Posted by viplavpatil View Post
    Hi,

    Waht is the gateway version?

    As per TAC. If MDS is R77.10 gaia
    & ur managing old r75 version gateway then hit couts will not work.
    Hit counters were introduced in R75.40. Your gateway must be running at least that level of code for hit counters to work, the version of the Security Management Server does not matter.

  5. #5
    Join Date
    2014-10-03
    Posts
    13
    Rep Power
    0

    Default Re: R77.10 Hit Counters no longer work

    Quote Originally Posted by viplavpatil View Post
    Hi,

    Waht is the gateway version?

    As per TAC. If MDS is R77.10 gaia
    & ur managing old r75 version gateway then hit couts will not work.
    I'm running MDS R77.20 Gaia, and hit counters works just fine here.
    Confirmed with both SPLAT 75.40 gateway, and Gaia 77.20 running VSX.

    We didn't notice sk98017 before the upgrade, but it worked nevertheless.

Similar Threads

  1. SNX problem in R77.10
    By xavmoss in forum R77.10
    Replies: 1
    Last Post: 2014-04-02, 04:19
  2. Problem upgrading from R77 to R77.10
    By unite in forum R77.10
    Replies: 7
    Last Post: 2014-02-27, 15:38
  3. Check Point R77.10
    By Flixis in forum R77.10
    Replies: 22
    Last Post: 2014-02-03, 16:00
  4. Identity sharing - any updates in R77(.10)?
    By Carsten in forum Identity Awareness Blade
    Replies: 0
    Last Post: 2014-01-10, 02:41
  5. Upgrade from SPLAT R65 to R71. Nic no longer work
    By 20100 in forum Installing And Upgrading
    Replies: 16
    Last Post: 2011-04-01, 03:53

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •