CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: Antibot not updating on secondary firewall

  1. #1
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Antibot not updating on secondary firewall

    Hi Folks,

    In our setup we are using one central management server and 2 firewalls in a Active/Standby cluster. We have enable Antibot/Antispam blade and configured auto update of database for every one hour. All devices are running on R77.10 version.
    We are able to update the signatures on Primary firewall successfully. But it's getting failed on Secondary firewall.
    It's shows no internet access to reach "https://secureupdates.checkpoint.com /AMW/v4/version" website.
    When i tried to telnet the site from Secondary firewall on port 443 it was happening perfectly.There is no messages/errors on var/log folder regarding Antibot.
    Please provide some solution/Troubleshooting steps for this.

    Thanks in advance!

    Regards,
    Ram T S

  2. #2
    Join Date
    2015-05-27
    Location
    London
    Posts
    35
    Rep Power
    0

    Default Re: Antibot not updating on secondary firewall

    Have you got hide behind cluster IP ticket in the cluster properties? Seen this a few times, traffic leaves the secondary, hides behind the vip and the return traffic goes to the primary instead of secondary.

  3. #3
    Join Date
    2014-09-23
    Location
    Austin, TX
    Posts
    136
    Rep Power
    6

    Default Re: Antibot not updating on secondary firewall

    I concur with brian, you can run packets captures to see if the traffic is returing to the VIP and then being forwarded to the active memeber, if it is you can edit the user.def file on the mgt server for the no_hide_services_ports, sk43807 has the procedure

  4. #4
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Re: Antibot not updating on secondary firewall

    Thanks Brain and Cory.

    I will perform the same and update you the status.

  5. #5
    Join Date
    2015-03-31
    Posts
    43
    Rep Power
    0

    Default Re: Antibot not updating on secondary firewall

    Hi Team,

    I have followed the sk43807 and checked the https and http advanced properties. There the option "Synchronize connections on Cluster" is already enabled.
    And checking about step 3 we are not using VIP for communication. We are directly using the physical IP for the outside communication.
    Please help to resolve the issue.

    Regards,
    Ram T S

  6. #6
    Join Date
    2014-09-23
    Location
    Austin, TX
    Posts
    136
    Rep Power
    6

    Default Re: Antibot not updating on secondary firewall

    run tcpdump and fw ctl zdebug drop on both gateways for successful update and on the gateway it fails on. once we're able to see whats happening to the traffic we'll have a better understanding of whats going on

  7. #7
    Join Date
    2007-06-04
    Posts
    3,313
    Rep Power
    17

    Default Re: Antibot not updating on secondary firewall

    I had a similar issue and had to reboot the Secondary Unit. Did a Remote Session with Check Point who confirmed that the Secondary Node had actually been updating and was simply SmartView Monitor showing that was failing, as the Gateway wasn't updating the information to the Manager correctly.

    Like you it was reporting failing, however could ping and on the system itself doesn't log a failure connecting when following the sk articles.

Similar Threads

  1. Backup not working from secondary firewall
    By Andim in forum Check Point Backup Procedures
    Replies: 4
    Last Post: 2012-12-11, 03:55
  2. Secondary SmartCenter behind firewall - SIC Not Establishing
    By networkuser in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 1
    Last Post: 2009-05-07, 22:49
  3. secondary FireWall-1 module
    By lbraid in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2007-11-09, 06:30
  4. Manually updating Policy on standalone Firewall
    By JoeShmoe in forum Miscellaneous
    Replies: 1
    Last Post: 2007-01-25, 12:57
  5. Secondary firewall using VIP address
    By sid.guru in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 0
    Last Post: 2006-04-24, 11:31

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •