{"id":5211,"date":"2024-09-09T06:38:12","date_gmt":"2024-09-09T11:38:12","guid":{"rendered":"http:\/\/109.199.106.156\/~indeni\/wp\/?p=1540"},"modified":"2024-09-09T06:38:12","modified_gmt":"2024-09-09T11:38:12","slug":"top-5-issues-to-look-for-when-troubleshooting-your-check-point-firewalls","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/09\/top-5-issues-to-look-for-when-troubleshooting-your-check-point-firewalls\/","title":{"rendered":"Top 5 Issues To Look For When Troubleshooting Your Check Point Firewalls"},"content":{"rendered":"

We\u2019ve recently taken a snapshot of alerts across all the customers using our indeni Insight<\/a> service. It\u2019s amazing to see what indeni finds in different devices, made by different vendors. I\u2019d like to take the opportunity to share what we\u2019ve found for Check Point firewalls in this post.<\/p>\n

So, if you own Check Point firewalls<\/a>, here are the top 5 challenges; you should look out for. We recommend printing this and taping to the wall. You\u2019ll need it in your next outage.<\/p>\n

\"Top Top 5 Challenges<\/p>\n

1. NTP misconfigured \u2013 it\u2019s amazing how this small configuration can be wrong in so many devices. It\u2019s quite simple really \u2013 at the point when you\u2019ve configured the NTP server everything worked flawlessly. Then somebody changed the NTP server\u2019s IP, or a rule in the firewall, or a route in a router, or a\u2026 (you get the idea)\u2026and it breaks. The trouble is, you don\u2019t know it\u2019s broken. If you\u2019re lucky, you find out about it in an audit. If you\u2019re unlucky, you find yourself scratching your head wondering why the logs coming out of your firewall are completely off.<\/p>\n

Our Recommendation: run periodic checks to make sure the clocks are correctly set on all of your devices.<\/strong><\/p>\n

2.Policy install resulting in high CPU and a cluster fail over \u2013 a policy installation is a CPU-intensive process in many cases. The high CPU that results from policy installation may in turn result in the ClusterXL functionality misbehaving. We recommend looking out for traffic loss and\/or cluster fail overs during policy installations and considering following SK32488<\/a>.<\/p>\n

Our Recommendation: if you notice flaky network traffic behavior post a policy install, take a look at SK32488.<\/strong><\/p>\n

3. Communication issues between the gateways and management \u2013 these result in a variety of issues. From the loss of logs (and firewalls logging locally) to VPN tunnel being taken down due to the gateway\u2019s inability to check the CRL (which is on the management server\u2019s certificate authority).<\/p>\n

Download our free ultimate runbook and learn how proactive alerting can help you manage your Check Point Firewalls<\/b><\/a><\/p>\n

Our Recommendation: place the communication between gateways and management\/log-servers on a separate, dedicated network and ensure that network isn\u2019t touched. If it\u2019s not possible to create this network physically, a logical one that is well communicated within the organization would help too.<\/strong><\/p>\n

4. Differences in configurations across cluster members \u2013 Check Point have been generous enough to allow its users to tune and configure every little knob in their products. The complication this presents, however, is that some configurations must be copied manually across cluster members or set differently in different members. If someone makes a change in one member and forgets to change the other, this can break. We\u2019ve also seen many occasions where an RMA resulted in such a situation as a new device was brought on line.<\/p>\n

Our Recommendation: don\u2019t make changes to cluster members in the middle of the night \ud83d\ude42 Seriously though, when clusters behave oddly, check routing, .def files, .conf files, kernel parameters, SecureXL configs, CoreXL configs,etc. and make sure the configurations match across the cluster.<\/strong><\/p>\n

5. Errors, drops, collisions and various traffic issues \u2013 while these are basic, you\u2019d be surprised how easily they are missed. Errors normally result from wrong duplex settings while drops from bursty traffic or from lack of resources to handle the traffic that\u2019s flowing (NIC resources or CPU\/IRQ resources).<\/p>\n

Our Recommendation: monitor the various interface stats closely and identify increases promptly.<\/strong><\/p>\n

Alternatively, you can use indeni to identify all of the above issues and hundreds more. For us, it\u2019s all about avoiding outages by pin-pointing issues before they turn critical. It takes less than 45 minutes to install, no agents (download now<\/a>) and we\u2019ll be happy to help you do it (contact our support<\/a>).<\/p>\n

BlueCat Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

We\u2019ve recently taken a snapshot of alerts across all the<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2655],"tags":[2656],"class_list":["post-5211","post","type-post","status-publish","format-standard","hentry","category-check-point","tag-check-point"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Blue Cat","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/bluecat\/"},"category_info":"Check Point<\/a>","tag_info":"Check Point","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5211"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5211\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}