CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: have you ever seen this and how do you go about solving it?

  1. #1
    Join Date
    2006-09-26
    Posts
    3,163
    Rep Power
    16

    Default have you ever seen this and how do you go about solving it?

    I have a Provider-1 with a single CMA running R77.30 with JHFA_216. The CMA manages about 8 pairs of ClusterXL running H/A also R77.30 with JHFA_216.

    I am in the processing of cleaning unused Firewalls rules and group objects and nodes. I would like to do this so that it will make things easier when we migrate from Checkpoint to Palo Alto next year. There are a lot of unused nodes and group objects in the policy, roughly about 8,000 out of 25,000 objects.

    I normally right-click on the object and select "where used" and it will tell me which group object or Firewall rule where this object is being used. Simple, right?

    The problem is that I've found in ten different instances where this is not the case. In other words, the object is being used in another group object and yet, in the "where used", it said that the object is NOT being used. WTF... The other issue is that in the same scenario for that object, it will let me delete the object but when I tried to save the policy, the GUI crashes.

    Questions:

    #1 -Is there a way for me to identify those trouble nodes or group objects when I tried to delete 8,000 objects at once because that process takes a lot of time on the GUI (up to 45 minutes) and then when I tried to save the policy, it crashes.

    #2- Can I really trust the "where-used" in checkpoint? I've found several instances that were not the case.

    I've opened a TAC case with Checkpoint and the first thing come out of TAC is upgrade to R80. Not sure if I will get resolution from TAC on this.

    Thoughts?

  2. #2
    Join Date
    2007-06-04
    Posts
    3,276
    Rep Power
    16

    Default Re: have you ever seen this and how do you go about solving it?

    Have only seen something similar where the Search / Query Network Objects then use the Unusued Objects ib the refined fllter says some object unused and when you do a right click where used on an object then it shows as used

    So similar but not the same

  3. #3
    Join Date
    2016-06-10
    Posts
    22
    Rep Power
    0

    Default Re: have you ever seen this and how do you go about solving it?

    Hi, thank you for this feedback. Can you please message me the ticket number so I will check whether someone is looking at its root cause?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •