CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Can anyone try give some logical understand to this!!

  1. #1
    Join Date
    2017-11-01
    Posts
    37
    Rep Power
    0

    Default Can anyone try give some logical understand to this!!

    Hi,

    I really will not bore you all with ins and outs. But this is part of a 2 month high priority ticket, that is still open with Check Point TAC. Their support is disgraceful.

    The below is part of a much bigger issue, but it is the root cause. I need the IPS blade to be disabled, and it will not disable. Check Point are utterly clueless as to why.

    FYI - It is unticked in SmartDashboard, and policy pushes are done to that firewall instance everytime - trust me.

    VS 5 is the firewall with the issue, and origin of the bigger issue.

    This is what we have:
    [Expert@01:0]#
    [Expert@01:0]#
    [Expert@01:0]# enabled_blades
    fw
    [Expert@01:0]# vsenv 0
    Context is set to Virtual Device 01-vsx (ID 0).
    [Expert@:0]# enabled_blades
    fw
    [Expert@01:0]# vsenv 1
    Context is set to Virtual Device vs-test (ID 1).
    [Expert@01:1]# enabled_blades
    fw
    [Expert@01:1]# vsenv 2
    Context is set to Virtual Device vs-cord (ID 2).
    [Expert@01:2]# enabled_blades
    fw
    [Expert@01:2]# vsenv 3
    Context is set to Virtual Device vs-CT (ID 3).
    [Expert@01:3]# enabled_blades
    fw
    [Expert@01:3]# vsenv 4
    Context is set to Virtual Device vs-Comp (ID 4).
    [Expert@01:4]# enabled_blades
    fw
    [Expert@01:4]# vsenv 5
    Context is set to Virtual Device vs-ency (ID 5).
    [Expert@01:5]# enabled_blades
    fw ips


    Okay - so IPS is off, and it shown to be off in all instances by VS5.

    I go to disable it...

    [Expert@01:5]# ips off
    IPS is already disabled
    [Expert@01:5]# enabled_blades
    fw ips
    [Expert@01:5]# ips off
    IPS is already disabled
    [Expert@01:5]# enabled_blades
    fw ips

    It wont disable.

    Anyone with any suggestions of why this is happening, and also how to disable it. Its stuck - and I do believe theres a system bug somewhere, but the 'experts' dont know.

  2. #2
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,637
    Rep Power
    9

    Default Re: Can anyone try give some logical understand to this!!

    Not sure if this works for a debug or not, but you can try this to get more info.

    export TDERRROR_ALL_ALL=5 ; ips off >& ~/output.txt

    then look at output.txt in home dir. Might be a lot of data in the file or maybe nothing more then normal.. but if there is data look for the line about ips already being off then start going backwards.

  3. #3
    Join Date
    2016-06-27
    Posts
    1
    Rep Power
    0

    Lightbulb Re: Can anyone try give some logical understand to this!!

    Hi @JPYDX
    Are you by any chance managing this GW with a R80.X MGMT?
    If so, I suspect this is related to sk121102 but with an impact on "enabled_blades" command (other than the impact on "ips stat" command documented in that sk).
    If you run "ips stat" and it shows the profile name "No_protection_xxxx" then it should corroborate my suspicion. In that case, IPS _is_ off and it's just a CLI text glitch.
    Please let us know what you come up with.

    Tnx

Similar Threads

  1. Here's how to give direct feedback to CP on IPS
    By RayPesek in forum IPS Blade (Formerly SmartDefense)
    Replies: 0
    Last Post: 2010-12-31, 00:07
  2. Now's your chance to give us some Feedback
    By PhoneBoy in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 0
    Last Post: 2010-10-09, 15:46
  3. Can someone give me some guidances on this? Thanks.
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 5
    Last Post: 2009-10-17, 20:56
  4. Please help me to understand UTM
    By rotherdrummer in forum Check Point UTM-1 Appliances
    Replies: 1
    Last Post: 2009-10-16, 07:56
  5. I will give it a go (seing no one else will).
    By Brentd in forum Introductions
    Replies: 5
    Last Post: 2007-06-25, 01:39

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •