CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 7 of 7

Thread: Confirm Policy Override Question/Problem

  1. #1
    Join Date
    2016-04-06
    Location
    Germany
    Posts
    57
    Rep Power
    3

    Question Confirm Policy Override Question/Problem

    Hi,

    I have a question, and maybe a problem.

    In my test environment I have a distributed depoyment with gateways running on ClusterXL.

    If I want to install a new Policy Package the warning appers "Confirm Policy Override".

    The message is a great thing, but it only shows one of my cluster members, not both.

    Is this a normal behaviour?

    When I check the Policy state on the gateways with "fw stat" it shows the newly pushed Policy Package on both gateways.

    The Policy is working fine, but maybe it is a bug in the SmartDashboard?

    Does anybody has the same issue?

    Click image for larger version. 

Name:	000163.png 
Views:	48 
Size:	21.4 KB 
ID:	1374

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,229
    Rep Power
    13

    Default Re: Confirm Policy Override Question/Problem

    Quote Originally Posted by Dom2201 View Post
    Hi,

    I have a question, and maybe a problem.

    In my test environment I have a distributed depoyment with gateways running on ClusterXL.

    If I want to install a new Policy Package the warning appers "Confirm Policy Override".

    The message is a great thing, but it only shows one of my cluster members, not both.

    Is this a normal behaviour?

    When I check the Policy state on the gateways with "fw stat" it shows the newly pushed Policy Package on both gateways.

    The Policy is working fine, but maybe it is a bug in the SmartDashboard?

    Does anybody has the same issue?

    Click image for larger version. 

Name:	000163.png 
Views:	48 
Size:	21.4 KB 
ID:	1374
    The "two boxes vertically stacked" icon shown in the warning represents the cluster object, which logically represents all individual physical members of the cluster in the SmartConsole. Note that the icon for a single cluster member is just a single box.
    --
    Second Edition of my "Max Power" Firewall Book
    Now Available at http://www.maxpowerfirewalls.com

  3. #3
    Join Date
    2016-04-06
    Location
    Germany
    Posts
    57
    Rep Power
    3

    Default Re: Confirm Policy Override Question/Problem

    I don’t think this is correct, because the Objekt (Icon) is only one of my Gateways. The name of the object ist not the cluster object name. It shows only SG2, and not CLUSTER (how I named my cluster object)




    Gesendet von iPhone mit Tapatalk

  4. #4
    Join Date
    2016-06-10
    Posts
    23
    Rep Power
    0

    Default Re: Confirm Policy Override Question/Problem

    Quote Originally Posted by Dom2201 View Post
    I don’t think this is correct, because the Objekt (Icon) is only one of my Gateways. The name of the object ist not the cluster object name. It shows only SG2, and not CLUSTER (how I named my cluster object)




    Gesendet von iPhone mit Tapatalk
    Hi, I will really appreciate if you could open a task for this so that Check Point Support will be able to identify the cause for this.

  5. #5
    Join Date
    2016-04-06
    Location
    Germany
    Posts
    57
    Rep Power
    3

    Default Confirm Policy Override Question/Problem

    Ok I will do this and write the solution, if there is one.
    Last edited by Dom2201; 2018-03-05 at 18:36.

  6. #6
    Join Date
    2016-04-06
    Location
    Germany
    Posts
    57
    Rep Power
    3

    Thumbs up Problem solved!!

    Hi everyone,

    so I had a case with checkpoint support to clarify this problem.

    It turns out, that the SmartConsole has some issues, the techician could rebuild this problem in his environment.

    Checkpoint said, that this is only a display failure, because everything is working fine.

    The solution was a new SmartConsole Version: SmartConsole_991574001_1

    Now everything is working correctly when I push an other policy to my cluster gateways.

    I donīt know if checkpoint will update their SmartConsole version on the download portal.

    Greetz Dom

  7. #7
    Join Date
    2016-06-10
    Posts
    23
    Rep Power
    0

    Default Re: Problem solved!!

    Quote Originally Posted by Dom2201 View Post
    Hi everyone,

    so I had a case with checkpoint support to clarify this problem.

    It turns out, that the SmartConsole has some issues, the techician could rebuild this problem in his environment.

    Checkpoint said, that this is only a display failure, because everything is working fine.

    The solution was a new SmartConsole Version: SmartConsole_991574001_1

    Now everything is working correctly when I push an other policy to my cluster gateways.

    I donīt know if checkpoint will update their SmartConsole version on the download portal.

    Greetz Dom

    Hi, I saw your case. This is expected to be available for everyone in the next R80.10 Jumbo Hotfix that will be released, both at the website and through the "updates" page in web UI of the Management server. https://supportcenter.checkpoint.com...ionid=sk116380

Similar Threads

  1. NTP (how to confirm)
    By pat13b in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 6
    Last Post: 2011-03-10, 06:03
  2. Confirm sk41784 bug with R75? (utm-1 270 interface reorder)
    By abusharif in forum Check Point UTM-1 Appliances
    Replies: 0
    Last Post: 2011-02-14, 09:44
  3. SYN Attack IPS signature override SYNDefender ?
    By khungbo33 in forum VPN-1 VSX
    Replies: 0
    Last Post: 2011-02-13, 23:44
  4. Override modules’ SYNDefender configuration
    By sganganath in forum IPS Blade (Formerly SmartDefense)
    Replies: 1
    Last Post: 2008-07-29, 04:59
  5. 2 MLMs defined - how can I confirm syncing ?
    By WinchesterVA in forum Provider-1 (Multi-Domain Management)
    Replies: 3
    Last Post: 2007-04-23, 08:25

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •