The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Gateway Object still exists in "Distributed Enforcement" under "Device Status" view after being deleted via SmartConsole
Technical Level
Solution ID
sk165612
Technical Level
Product
Security Management
Version
R80.10, R80.20, R80.30, R80.40
OS
Gaia
Platform / Model
All
Date Created
17-Mar-2020
Last Modified
18-Mar-2020
Symptoms
The PEP gateway has been removed from the SmartConsole, but the gateway object is still showing up under the PDP gateway or gateway cluster -> Device information -> Device Status -> Identity Awareness -> Distributed Enforcement
The PEP gateway is sharing the identity from the PDP gateway.
Cause
Status from "Distributed Enforcement" was reading from FWM cache by SmartView Monitor. The FWM cache failed to be updated after object removed from the SmartConsole.
Solution
Make a backup (sk91400 - System Backup and Restore feature in Gaia ) of the Security Management server or backup the management database using "migrate export" command. For Multi-Domain Management server, use "mds_backup".
Verify the object is deleted from the Postgresql:
[Expert@HostName:0]#psql_client -c "select objid,name,objclass,deleted from dleobjectderef_data where objid='NAME' and dlesession=0;"
The "deleted" field should be "t".
Example:
[Expert@HostName:0]#psql_client cpm postgres cpm=# select objid,name,objclass,deleted from dleobjectderef_data where name='FFDFW' and dlesession='0';
-[ RECORD 1 ]---------------------------------------------------------- objid | 00000014-002d-004e-a48a-13c7a4ee6574 name | FFDFW objclass | com.checkpoint.objects.classes.dummy.CpmiInstalledPackages deleted | t
cpm=#\q
If the "deleted" field show "f", then using the following API command remove the object from the database.
If the object is still showing up under "Distributed Enforcement", then restart the FWM process.
Logout from the SmartConsole Clients.
For Security Management server:
[Expert@HostName:0]#for PROC in $(pidof fwm);do kill -9 $PROC;done
Wait for few minutes the FWM should start itself.
For Multi-Domain Server:
Find the FWM pid for the specific customer (CMA) from the output of [Expert@HostName:0]#mdsstat
and run:
[Expert@HostName:0]#kill -9 <FWM_PID_for_CMA>
Wait for few minutes the FWM should start itself.
Verify if the object is still showing up under "Distributed Enforcement"
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?
