Sunday, 16 September 2012

[Technical] - Folders used by Voyager for backups and packages in IPSO 6.2



The following folders are used by voyager for packages and backups.

You can SCP files directly to an CheckPoint IP appliance and use them from voyager if you select the correct directories.

- If you place your .tgz files in /var/backup then they are visible in voyager to be restored. (You will likely need to create the /var/backup folder)

- If you place your .tgz packages in /opt/package then they are visible from  voyager to install under “Install Packages”

Bob

[Technical] - Unable to save IPSO config changes or install any packages on a Check Point IP Appliance running IPSO 6.2



After a config restore we were unable to save IPSO changes in either voyager or CLI. We were also not able to install any packages.

The symptoms we saw were;

-          In voyager we would be logged out if the “save” button is pressed.
-          From the CLI if we “save config” the following error would be displayed.

NMSSYS0026 libdb_do_transaction: connection closed during operation

-           Packages will not install from voyager with a db xpand process error.
-          Or packages will not install with a “Installation Aborted…” error

Can not find your /opt/CPshared/5.0/tmp/.CPprofile.sh file
Installation Aborted...

The issue here is documented in a hidden SK (sk59440) and following the solution has resolved both issues;

After seemingly successful restore from the backup, the following error appears while trying to save configuration in Voyager, clish or through dbset. Configuration can still be applied."libdb_do_transaction: connection closed during operation" attempt to save configuration results in xpand process crash.

SOLUTION
Check point say the solution is;

“Changing the configuration database (copying intial file) in Voyager -> Configuration -> Configuration Sets -> Select a database for next reboot clears the issue e.g. xpand process stops coring and configuration can be saved.”

We found it was better to save the current “locked” config to a new “configuration set” name. For good measure we rebooted after.

Wednesday, 22 August 2012

[Technical] - Bluecoat ProxyAV failes to get Kaspersky engine after upgrade

I have just resolved the following issue on a Bluecoat ProxyAV running 3.4.1.4.

After an software upgrade the AV wouldn't scan traffic and the Kaspersky AV engine couldn't be downloaded even if forced.
  The system was showing the error "Some files that are required by Antivirus were not found on your system. ProxyAV will attempt to update the files the next time you connect to the Internet." on the GUI and trying to download the engine would most times fail after 15mins.


No traffic was being scanned and the Internalinfo diagnostic log was showing;

2012-08-22 22:40:36+00:00UTC AV Updater: "get filelist" state, full AV update chosen
2012-08-22 22:47:06+00:00UTC AV Updater: "get full" state, 'BackgroundUpdaterThread' started
2012-08-22 22:47:09+00:00UTC AV Updater: "local file 'kaspersky_1xxx9931.zip' decrypted
2012-08-22 22:47:15+00:00UTC AV Updater: Files are present,test the new AV engines...
2012-08-22 22:47:15+00:00UTC AV Updater: starting test...
2012-08-22 22:48:05+00:00UTC AVScanner: eicar scanning failed MP_ERROR=29
2012-08-22 22:48:05+00:00UTC
2012-08-22 22:48:05+00:00UTC file d:\ositis\Temp\kaspersky_1xxx931.zip successfully backedup as DLxxx01378.log
2012-08-22 22:48:05+00:00UTC AV Updater: failed to scan eicar, re-copying backup engines...

The key here is the "eicar scanning failed MP_ERROR=29" which forces a restore from a non-existant backup..

After a number of attempted fixes, the solution was to downgrade to 3.3.1.2 then upgrade to 3.4.1.1 and finally to 3.4.1.4 whilst forcing the engine updats at each point.
 This worked for us, hope it helps for you.

Sunday, 19 February 2012

[Technical] - Checkpoint/Nokia Firewall SFP - NIY4437

The Nokia 5048 - NIY4437 SFP (OEM Part Number FTLF1319P1BTL-NK) is stated on Checkpoints website as a 1000Base-SX SFP, this implies that its a Multimode SFP operating at a 850nm wavelength.




However this is misleading, (or outright wrong) the SPF operates at 1310nm and is compatable with other LH GBICs like the Cisco SFP-GE-L or GLC-LH-SM.

So its a Single-Mode SFP (SMF) rather than a Multi-Mode SFP.