HOWEVER while it would allow access back into the SmartDashboard, it would immediately break SIC with all managed gateways, and could also cause a delayed or immediate failure of any Intranet site to site VPNs using certificates (due to CRL retrieval problems) if configured between the managed gateways. The solution was to either generate a new SMS certificate or to simply reinitialize the entire ICA completely from cpconfig which would generate a new SMS certificate. The debugs you provided seem to point towards a SMS SIC issue which tracks with what I've seen before. Because it did not have a valid certificate to present, it would never allow GUI connections and would never start. In R77.30 and earlier, on several occasions over the years I observed fwm bombing out on initialization because it could not find a valid certificate for the SMS and therefore itself. The fwm and cpm processes not getting off the ground is a major clue. Hmm I've seen something like this before, although not specifically in R80.10. ![]() Please read this entire post and its warnings before taking any action. Is there any way to extract either the objects / rulebase from any of the above resources and import into a blank or clean install of the Management Server? I have gateways which have the latest policy installed. I have the pre R80 upgrade, migrate export I have backups created from the webui->system backups (there are NO snapshots in either the MGTSERVER or VMWARE) Right now the gateways are logging locally, what happens if they run out of log space? (crashing gateways, or just overwrites in existing logs) It was 3 little warnings saying a certain object (which was no longer used in the policy) was causing a validation error. It lights the bulb and rings the bell now, but at the time operations were not affected because of it. They(i'm not sure what tier of engineering support was working on this) informed us that they were unable to recreate within their environment with the exports provided. They asked for a migrate export so they could determine why. We had a case open with CP regarding the validation errors from when we first migrated over to R80.10. Note at this point: A case from the past which has not yet been resolved seems to be related to what we are experiencing now. BACK TO SQUARE 1 (original issue is now replicated on the New VM, by the way if its not obvious, this was not the goal!) Login to Gaia Web UI and import the backups to the repository Loads with no issue (albeit its a blank console with nothing but defaults) Check proceses that failed on the original VM (clean build without imports) proceses are OK Copied Several Backups from before the Host Maintenance Initial configuration wizard Gaia config done with orginal IP and Hostname Deployment New VM with R80.10 Build 421 Take 15. I'm Rebuilding, disaster recovery mindset: cpm_debug.sh -t Login webservices crud Solr -s INFO [23Ptail fw debug fwm on TDERROR_ALL_ALL=5Ĭannot signal process fwm (3980), make sure the process is running.: No such fw debug fwm on TDERROR_DBG_OPT=time,host,prog,topic,pid,ti dĬannot signal process fwm (3980), make sure the process is running.: No such tail cpinfo ![]() cpm_debug.sh -t Login webservices crud Solr -s DEBUG INFOġ6:09:39,426 INFO .Cpm.enableLocalSic:15 - Enabling local sic. cpm_debug.sh -t Login webservices crud Solr -s DEBUGġ6:07:52,259 INFO .Cpm.enableLocalSic:15 - Enabling local sic. Setting cp.ssl_=localįailed to check status, cpm server is probably downįw debug fwm on cd. SmartConsole Login: Unable to connect to fw debug fwm onĬannot signal process fwm (9388), make sure the process is running.: No such processĬheck status of CPM $MDS_FWDIR/scripts/cpm_status.shĬheck Point Security Management Server is during initializationĬheck to see if server is up and ready to receive $MDS_FWDIR/scripts/server_status.shġ3:05:52,326 INFO .Cpm.enableLocalSic:15 - Enabling local sic. Normally services are gracefully shutdown on this VM, but not in this instance. The host ESX server the VM runs on was having maintenance performed during a change window. policy installations, object creations no issue.įast forward to 1st week of Oct 2017. SmartConsole indicated some validation errors for some objects, but did not hinder operations i.e. Export was Imported into new VM with R80.10 Build 421 Jumbo Hotfix Take 15 Export was taken and imported into R80.10 along with all of the tools to verify pre-upgrade. Upgrade performed from R77.30 to R80.10 in July 2017. Manages about 11 Security Gateways along with Policies for FW, URL, APP, HTTPS INSPECTION, THREAT PREVENTION. ![]() ![]() Management server is a VmWare virtual machine. I will start by saying that I do have a Checkpoint TAC case open for this but I'm looking into any avenue to get this resolved as quickly as possible. Any help and feedback is much appreciated.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |