Checkpoint Smartview Monitor Shows Firewall Disconnected - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Thursday, February 20, 2014

Checkpoint Smartview Monitor Shows Firewall Disconnected

It is a interesting error on Checkpoint Smartview Monitor Gateway Status page.

One of cluster members shows disconnected, and another one shows attention. Usually after I refreshed the status, attention will go away, but disconnected status keeps no change in this case.

Followed KB32920, this issue fixed.

SYMPTOMS
  • In SmartView Monitor, several properties in the 'Gateway View' (such as Security Policy, Security Policy Status, or Firewall Status) display incorrect information about the Security Management server or the Security Gateway.
CAUSE
Some files on the Security Management server are corrupted.

SOLUTION
To resolve the problem, remove the corrupted files from the Security Management server. To do so, perform:
  1. Close all GUI clients.
  2. Run cpstop.
  3. Back up the following files:

    $FWDIR/conf/applications.C 
    $FWDIR/conf/applications.C.backup 
    $FWDIR/conf/CPMILinksMgr.db 
    $FWDIR/conf/CPMILinksMgr.db.private 

    Note: Backups are not necessary for files that do not exist.
  4. Remove the following files:

    $FWDIR/conf/applications.C 
    $FWDIR/conf/applications.C.backup 
    $FWDIR/conf/CPMILinksMgr.db 
    $FWDIR/conf/CPMILinksMgr.db.private 
  5. Run cpstart.
  6. Open SmartDashboard.
  7. Install the Security policy.

After completing this procedure, the SmartView Monitor displays correct information regarding the Security Management server or the Security Gateway. 



------------------------------

[Expert@CP-Management]# cp $FWDIR/conf/applications.C  .
[Expert@CP-Management]# cp $FWDIR/conf/applications.C.backup .
[Expert@CP-Management]# cp $FWDIR/conf/CPMILinksMgr.db  .
[Expert@CP-Management]# cp $FWDIR/conf/CPMILinksMgr.db.private .
[Expert@CP-Management]# ls
CPMILinksMgr.db  CPMILinksMgr.db.private  applications.C  applications.C.backup
[Expert@CP-Management]# rm $FWDIR/conf/applications.C
[Expert@CP-Management]# rm $FWDIR/conf/applications.C.backup 
[Expert@CP-Management]# rm $FWDIR/conf/CPMILinksMgr.db 
[Expert@CP-Management]# rm $FWDIR/conf/CPMILinksMgr.db.private 
[Expert@CP-Management]# ls
CPMILinksMgr.db  CPMILinksMgr.db.private  applications.C  applications.C.backup
[Expert@CP-Management]# cpstart
cpstart: Power-Up self tests passed successfully

cpstart: Starting product - SVN Foundation

SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
SVN Foundation: cpsnmpd already running
SVN Foundation: Starting PostgreSQL Database
Multiportal daemon: starting mpdaemon
SVN Foundation started

cpstart: Starting product - VPN-1

 Local host is not a FireWall-1 module
FireWall-1: Starting fwd
FireWall-1: Starting fwm (SmartCenter Server)

FireWall-1: This is a SmartCenter server. No security policy will be loaded
FireWall-1 started

cpstart: Starting product - SmartView Monitor

SmartView Monitor: Not active

cpstart: Starting product - Eventia Suite

evstart: dbsync started
Starting SmartReporter...
Starting SmartReporter Server.
Done.
evstart: Starting product - SmartEvent Server
evstart: Starting product - SmartEvent Correlation Unit
Check Point SmartEvent Server started
Check Point SmartEvent Correlation Unit started

cpstart: Starting product - Edge Embedded Connector

cpwd_admin: 
Process VPN-1 Embedded Connector started successfully (pid=11771) 

cpstart: Starting product - Management Portal

Management Portal: Starting CPWMD
CPWMD Started
Management Portal: Starting CPHTTPD
CPHTTPD started

cpstart: Starting product - SmartLog

cpwd_admin: 
Process SMARTLOG_SERVER started successfully (pid=11791) 

cpstart: Starting product - Mobile Access

Mobile Access service is disabled.
If you wish to start Mobile Access, please enable the Mobile Access blade in the SmartDashboard and configure the Mobile Access policy.

cpstart: Starting product - Advanced Routing

Advanced Routing is not enabled. Please use 'cpconfig' to enable it.
----------------------------------



Note: You may need to repeat this process for a couple of times to let management server generate those files correctly.

3 comments:

  1. HI

    We get Checkpoint Firewall Disconnected error on our arcsight logs, is this related to the one in this post?

    ReplyDelete
    Replies
    1. Hi Allwyn,
      It is hard to tell without detailed log information and how those logs have been collected from firewalls.

      I met one issue with checkpoint CONFD process was consuming too much resources and SNMP polling failed. That may cause your SNMP server show your firewalls disconnected.

      Check post at http://51sec.blogspot.com/2015/09/checkpoint-gateway-ssh-connection.html

      Delete
  2. HI

    Thanks for the reply.

    I will check this further.

    Your blog is very cool, could you write more about carving out a career path in security for young people like me who are just starting out like covering topics on certifications, positions, degrees etc.

    ReplyDelete