Monday, January 18, 2016

Solve many problems with Security Management - clean cache Dashboard

The below article provides solution for different scenarios when problem arises between SmartConsole and Security /Multi-Domain Management server. These problems are not a connectivity issue. Please see the below symptoms and follow the solution.




  • SmartDashboard cannot connect to the Security /Multi-Domain Management server, although the GUI client is properly defined.
    Error: "make sure the server is running and you are defined as the GUI client"

  • "Failed to remove references of Object ???? (Code: 0x800415A4, Object Deletion Failed)" error when trying to delete the Security Gateway object.

  • Policy Verification completes with the following message:
    ndb_open : mmap failed for /opt/CPsuite-RXX/fw1/conf/DaipFwmList.NDB: Cannot allocate memory Rules Verified OK!

  • "Status_connection is 8" system Alert Message in the SmartView Monitor.

  • SmartView Monitor shows "Attention", "Disconnected" or "Waiting" status for the gateway or cluster member, although all services are functioning normally on them.

  • "fwm_create_application_table: failed to update object applications" error in $FWDIR/log/fwm.elg during FWM debug.

  • CMA status is "Uknown", "Lagging" or "Stopped".

  • "Failed to read CA certificate from file" error when creating an External Check Point CA object.
    $FWDIR/log/fwm.elg during FWM debug shows: [CPMI] CCkpConfobjTableImpl::GetObject(internal_ca) - not found
    [CPMI] CCkpTable::GetByContext: Failed to get object internal_ca with err 0x800415a1 (Object Not Found)

  • SmartEvent GUI fails to load with "Machine is not configured as 'SmartEvent' on Management. Exiting..." error message.

  • IPS update fails with the following error:
    Internal Error: Failed to delete Database Object SDT_asm_dynamic_prop_SMB_EXESCAN Object Deletion Failed
    Internal Error: Failed to perform action 'delete' on 'SDT_asm_dynamic_prop_SMB_EXESCAN' at 'sd_topics' in file 'topic_delete'     In addition, policy installation fails with:
    .../conf/<Policy_Name>.pf;, line N: ERROR: function or table 'CVE_2014_0254_0' undefined
    .../conf/<Policy_Name>.pf, line N: ERROR: function or table 'http_slow_handler' undefined
    compilation error
    Operation ended with errors

  • Constant Microsoft .NET Framework error when enabling Application Control blade and URL Filtering blade.

  • SmartDashboard freezes/crashes when selecting a field option like "Topology", in the Edit Object screen.

  • Database Revision Control creation fails with "failed to create version" error.

  • Policy installation fails with one of the following messages:
    • "Unable to save configuration database"
    • "Error while saving policy, Installation will abort"


  • When installing security policy, or saving / modifying the Application & URL FIltering policy, the following message appears:
    Application Control - Policy Failure
    Internal error, please call technical support

  • The mdsstart_customer command fails with error:
    FireWall-1: This is a Management Station. No Security Policy will be Loaded
    FireWall-1 started
    Starting SMS for CMA < CMA_Name >
    SMS started successfully.
    bash-2.05# 15000: Can't contact database

  • Adding a new object fails with errors:
    • Object <Object Name / IP> already created by another user
    • Object <Object Name / IP> contains invalid data and therefore cannot be created

  • SmartDashboard / SmartView Monitor shows a wrong expiration date for the Application Control / URL Filtering / Anti-Virus / Anti-Bot blades.
    Outputs of "cpstat" commands (e.g., "cpstat antimalware -f subscription_status", "cpstat appi -f subscription_status") show the correct information that these blades are up-to-date.

  • SmartEndpoint GUI - "Policy" tab - "Media Encryption & Port Protection" section - "Actions" column for each policy shows "There is no policy found".
    It is not possible to create new policies, or edit existing policies. 
  • CheckPoint SmartView Monitor doesn't show anything
  • SmartDashBoard shows message "The object is not used" when you want to understand where that object is used in firewall-rules

Solution
To resolve the problem, clear the SmartConsole cache on the Security Management server. To do so, see the Table of Contents for the appropriate OS / Product below.

Important Note: Before implementing this procedure, close all SmartConsole windows (SmartDashboard, SmartView Tracker, SmartView Monitor, etc.).
Also it is recommended to clear the cache on the local GUI client machine.
To do so, delete the C:\Program Files (x86)\CheckPoint\SmartConsole\R7x.xx\PROGRAM\data\CPMICache\ <machine name> 

Procedure for dedicated Security Management Server running on Gaia / SecurePlatform / Linux OS

  1. Connect to command line on Security Management server (over SSH, or console).

  2. Log in to Expert mode.

  3. Stop Check Point services:
    [Expert@HostName]# cpstop

  4. Backup and remove the current cache files:
    [Expert@HostName]# mkdir -v  /var/log/GUI_cache_bkp
    [Expert@HostName]# mv $FWDIR/conf/applications.C* /var/log/GUI_cache_bkp/
    [Expert@HostName]# mv $FWDIR/conf/CPMILinksMgr.db* /var/log/GUI_cache_bkp/
  5. Start Check Point services:
    [Expert@HostName]# cpstart

  6. Wait for 5-10 minutes for the cache to rebuild.

  7. Connect with SmartDashboard to Security Management Server.

Procedure for dedicated Security Management server running on Windows OS

  1. Connect/Log in to Security Management Server.

  2. Open Windows Command Prompt.

  3. Stop Check Point services:
    C:\> cpstop
  4. Backup and remove the current cache files:
    C:> mkdir C:\GUI_cache_bkp
    C:> move %FWDIR%\conf\applications.C* C:\GUI_cache_bkp\
    C:> move %FWDIR%\conf\CPMILinksMgr.db* C:\GUI_cache_bkp\
  5. Start Check Point services:
    C:\> cpstart

  6. Wait for 5-10 minutes for the cache to rebuild.

  7. Connect with SmartDashboard to Security Management server.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)