This morning i have come across a Checkpoint problem: No way to perform a succesful policy installation in any of the several virtual system gateways I have in my environment.
As you can see the returning error is: Policy installation failed on the gateway. If the problem persists contact Check Point support [Error code: 0-2000040].
Fortunately i found a generic … Read more
I manage a 2 node VSX clusterXL environment that hosts 3 firewalls (virtual systems).
Some days ago I came across a problem in which one of them started (or maybe more time ago but not aware) to experience bad performance, outages, timeouts…
Trying to make a failover and move the VS to the other node fixed the problem until … Read more
Due to some network infrastructure changes, the traffic passing through my internal FW (a Checkpoint VSX virtual system) started to suffer latency and packet loss.
No change had been made to the Checkpoint VSX, but for any reason, since that network changes, Checkpoint was not processing the traffic succesfully.
Performing a top on the VSX appliance containing the active “iNTERNAL … Read more
When suffering random network interruptions, a possible cause (and diffcult to find) is our firewall ARP table overflow. In Checkpoint systems, the Linux kernel Gaia is based on would log messages like "kernel: neighbour table overflow" to /var/log/messages.
After living two small crisis due to this problem (network scanning software and mask B networks are dangerous for the … Read more
Having our Checkpoint VSX Virtual System active connections under control can be very important to avoid problems, configure a higher connection limit, be ready for growth (and so scalate our environment)…
Nagios and SNMP can be used to configure a VS connection monitor plugin:
Steps needed to configure the plugin:
SNMP OID for virtual systems active connections
Develop an script
… Read more