It is a interesting error on Checkpoint Smartview Monitor Gateway Status page.
One of cluster members shows disconnected, and another one shows attention. Usually after I refreshed the status, attention will go away, but disconnected status keeps no change in this case.
Followed KB32920, this issue fixed.
| SYMPTOMS |
 |
|
 |
| CAUSE |
|
| Some files on the Security Management server are corrupted. |
|
| SOLUTION |
|
|
To resolve the problem, remove the corrupted files from the Security Management server. To do so, perform:
After completing this procedure, the SmartView Monitor displays correct information regarding the Security Management server or the Security Gateway.
|
——————————
[Expert@CP-Management]# cp $FWDIR/conf/applications.C .
[Expert@CP-Management]# cp $FWDIR/conf/applications.C.backup .
[Expert@CP-Management]# cp $FWDIR/conf/CPMILinksMgr.db .
[Expert@CP-Management]# cp $FWDIR/conf/CPMILinksMgr.db.private .
[Expert@CP-Management]# ls
CPMILinksMgr.db CPMILinksMgr.db.private applications.C applications.C.backup
[Expert@CP-Management]# rm $FWDIR/conf/applications.C
[Expert@CP-Management]# rm $FWDIR/conf/applications.C.backup
[Expert@CP-Management]# rm $FWDIR/conf/CPMILinksMgr.db
[Expert@CP-Management]# rm $FWDIR/conf/CPMILinksMgr.db.private
[Expert@CP-Management]# ls
CPMILinksMgr.db CPMILinksMgr.db.private applications.C applications.C.backup
[Expert@CP-Management]# cpstart
cpstart: Power-Up self tests passed successfully
cpstart: Starting product – SVN Foundation
SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
SVN Foundation: cpsnmpd already running
SVN Foundation: Starting PostgreSQL Database
Multiportal daemon: starting mpdaemon
SVN Foundation started
cpstart: Starting product – VPN-1
Local host is not a FireWall-1 module
FireWall-1: Starting fwd
FireWall-1: Starting fwm (SmartCenter Server)
FireWall-1: This is a SmartCenter server. No security policy will be loaded
FireWall-1 started
cpstart: Starting product – SmartView Monitor
SmartView Monitor: Not active
cpstart: Starting product – Eventia Suite
evstart: dbsync started
Starting SmartReporter…
Starting SmartReporter Server.
Done.
evstart: Starting product – SmartEvent Server
evstart: Starting product – SmartEvent Correlation Unit
Check Point SmartEvent Server started
Check Point SmartEvent Correlation Unit started
cpstart: Starting product – Edge Embedded Connector
cpwd_admin:
Process VPN-1 Embedded Connector started successfully (pid=11771)
cpstart: Starting product – Management Portal
Management Portal: Starting CPWMD
CPWMD Started
Management Portal: Starting CPHTTPD
CPHTTPD started
cpstart: Starting product – SmartLog
cpwd_admin:
Process SMARTLOG_SERVER started successfully (pid=11791)
cpstart: Starting product – Mobile Access
Mobile Access service is disabled.
If you wish to start Mobile Access, please enable the Mobile Access blade in the SmartDashboard and configure the Mobile Access policy.
cpstart: Starting product – Advanced Routing
Advanced Routing is not enabled. Please use ‘cpconfig’ to enable it.
———————————-
Note: You may need to repeat this process for a couple of times to let management server generate those files correctly.
HI
We get Checkpoint Firewall Disconnected error on our arcsight logs, is this related to the one in this post?
Hi Allwyn,
It is hard to tell without detailed log information and how those logs have been collected from firewalls.
I met one issue with checkpoint CONFD process was consuming too much resources and SNMP polling failed. That may cause your SNMP server show your firewalls disconnected.
Check post at http://51sec.blogspot.com/2015/09/checkpoint-gateway-ssh-connection.html
HI
Thanks for the reply.
I will check this further.
Your blog is very cool, could you write more about carving out a career path in security for young people like me who are just starting out like covering topics on certifications, positions, degrees etc.