Support Center > Search Results > SecureKnowledge Details
Traffic that should be blocked by Application Control might pass when two custom applications get the same UID in SmartDashboard
Symptoms
  • Traffic that should be blocked by Application Control might pass when two custom (user defined) applications get the same UID in SmartDashboard.

  • Applications Picker marks two custom applications, while only one is really chosen.

  • Unhandled exception when trying to choose a custom application in the Application Control Policy or Applications Picker:

    Unhandled exception has occurred in a component in your application.

    CDleException Exception:
        Error Code:    33 (Bad object XML)
        User Message:
        Debug Message: Mandatory field 'app_type' has no associated DOM element
        File Name:    CDleObject.cpp
Cause

'Where Used' mechanism incorrectly reports custom application object is deleted, hence, its UID (cp_id) becomes "free" for use by SmartDashboard.

Since the original object is still in use, it is not deleted and its UID is not really "free" for use by SmartDashboard.

Creation of new object uses the "free" UID.

The result is two objects, new and original, with the same UID (cp_id).


Solution

Procedure:

  1. Download the "Application Control Duplicates Tool" from the User Center:



  2. Run the tool to fix the problematic Application Control objects:

    1. UnZIP the downloaded archive on your computer.

    2. Copy all the files to your Management Server:

      • on SecurePlatform / Gaia / IPSO / Linux / Solaris OS - on Security Management Server:

        into the $FWDIR/conf/ directory

      • on SecurePlatform / Gaia / Linux / Solaris OS - on Multi-Domain Security Management Server:

        into the $FWDIR/conf/ directory in the context of each relevant Domain Management Server:

        [Expert@HostName]# mdsenv <Domain_Name | Domain_IP_Address>
        [Expert@HostName]# mcd conf

      • on Windows OS:

        into the %FWDIR%\conf\ folder


    3. Assign all the permissions to these files (read, write and execute):

      • on SecurePlatform / Gaia / IPSO / Linux / Solaris OS - on Security Management Server:

        [Expert@HostName]# cd $FWDIR/conf/
        [Expert@HostName]# chmod x+rwx,g+rwx sqlite3
        [Expert@HostName]# chmod x+rwx,g+rwx appi_find_duplicates.sh

      • on SecurePlatform / Gaia / Linux / Solaris OS - on Multi-Domain Security Management Server:

        in the $FWDIR/conf/ directory in the context of each relevant Domain Management Server:

        [Expert@HostName]# mdsenv <Domain_Name | Domain_IP_Address>
        [Expert@HostName]# mcd conf
        [Expert@HostName]# chmod x+rwx,g+rwx sqlite3
        [Expert@HostName]# chmod x+rwx,g+rwx appi_find_duplicates.sh

      • on Windows OS:

        There is no need to assign any permissions.


    4. Close all SmartConsole client (SmartDashboard, SmartView Tracker, etc.). If SmartConsole client is connected, running the tool might fail!

    5. Connect to command line on your Security Management Server / Multi-Domain Security Management:

      • on SecurePlatform / Gaia / IPSO / Linux / Solaris OS:

        over SSH, or console

      • on Windows OS:

        use Command Prompt (Start - Run... - type cmd - click OK)


    6. Execute the 'appi_find_duplicates' script:

      • on SecurePlatform / Gaia / IPSO / Linux / Solaris OS - on Security Management Server:

        [Expert@HostName]# cd $FWDIR/conf/
        [Expert@HostName]# sh appi_find_duplicates.sh

      • on SecurePlatform / Gaia / Linux / Solaris OS - on Multi-Domain Security Management Server, for each Domain Management Server:

        [Expert@HostName]# mdsenv <Domain_Name | Domain_IP_Address>
        [Expert@HostName]# mcd conf
        [Expert@HostName]# sh appi_find_duplicates.sh -c <Domain_IP_Address> -u <Domain_SmartConsole_Login_UserName> -p <Domain_SmartConsole_Login_Password>

      • on Windows OS:

        go to %FWDIR%\conf\ folder and double-click on the appi_find_duplicates.bat file


    7. Tool will fix duplications if they exist, and will output "Database was updated successfully".
      If no duplications exist, the Tool will output "Application Control is safe! All records are unique".


  3. Check if improved SmartConsole is needed for your Security Management Server / Multi-Domain Security Management Server:

    • For R75.20 or R75.30, contact Contact Check Point Support to get the improved SmartConsole.
    • For R75.40 and above, the necessary fix for SmartConsole is already integrated.
This solution is about products that are no longer supported and it will not be updated
Applies To:
  • 00853153 , 01100818 , 01100819

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment