SpectroServer crashes when viewing IPSec View of Checkpoint Devices with firmware > 80
Article ID: 206717
Updated On:
Products
CA Spectrum
Issue/Introduction
SpectroSERVER crashes when you try to expand the IPSec sub tree of CheckPoint Firewall information of Checkpoint devices with firmware version > 80
Environment
Release : 20.2
Component : Spectrum Core / SpectroSERVER
Resolution
Install 10.4.2.2 to support checkpoint firewall with firmware version > 80 and prevent the SS crash expanding IPsec statistic info.
This is the algorithm used to discover CheckpointApp and CheckpointR80App.
To create an application model for a Device in Spectrum we map device-specific attributes to default_attr (0x00230006) or default_attr_list (0x00230bd3).
The application model is only created if the default attributes contain any data. It's not created when the device attribute data is empty.
Now, If we specify a Match_Attribute. The application model is only created when the default_attr value equals to Match_attribute value.
In detail:
Both the two models CheckpointApp and CheckpointR80App have set value ofdefault_attr_list 0x00230bd3 the valuesvnVersion
It means if devices contains the object: svnVersion (1.3.6.1.4.1.2620.1.6.4.1.0), both CheckpointApp and CheckpointR80App are created.
Since value of the attribute: Model_Precedence (0x00230010) of the modelCheckpointApp (value 2) is higher than the modelCheckpointR80App (value 1),
the app CheckpointApp is considered to be created first. Note: only one of CheckpointApp or CheckpointR80App is created.
Now, in the model CheckpointApp, the value of Match_Attribute( 0x002305a3) is the Firmware_Version_List.
Spectrum will read svnVersion, if the svnVersion contains at least one value in the Firmware_Version_List, the CheckpointApp
is considered to be matched, and the model CheckpointApp will be created, then the model CheckpointR80App is ignored.
In case the model CheckpointApp is not created, the model CheckpointR80App will be created (no more check).
So, let summary if you want to create model CheckpointApp for your device, you should
1. Get value of svnVersion (1.3.6.1.4.1.2620.1.6.4.1.0)
2. Extract version text in svnVersion and add it to Firmware_Version_List of the model CheckpointApp.
If you don't modify Firmware_Version_List, the CheckpointR80App will be created.
Currently, the list of version in Firmware_Version_List (so the CheckpointApp will be created):
R80.10
R80
R77.30
NGSE
R77.20
R77.10
R77
R76SP.50
R76SP.40
R76SP.30
R76SP.20
R76SP.10_VSLS
R76SP.10
R76SP
R76
R75.47
This is the algorithm used to discover CheckpointApp and CheckpointR80App.
To create an application model for a Device in Spectrum we map device-specific attributes to default_attr (0x00230006) or default_attr_list (0x00230bd3).
The application model is only created if the default attributes contain any data. It's not created when the device attribute data is empty.
Now, If we specify a Match_Attribute. The application model is only created when the default_attr value equals to Match_attribute value.
In detail:
Both the two models CheckpointApp and CheckpointR80App have set value ofdefault_attr_list 0x00230bd3 the valuesvnVersion
It means if devices contains the object: svnVersion (1.3.6.1.4.1.2620.1.6.4.1.0), both CheckpointApp and CheckpointR80App are created.
Since value of the attribute: Model_Precedence (0x00230010) of the modelCheckpointApp (value 2) is higher than the modelCheckpointR80App (value 1),
the app CheckpointApp is considered to be created first. Note: only one of CheckpointApp or CheckpointR80App is created.
Now, in the model CheckpointApp, the value of Match_Attribute( 0x002305a3) is the Firmware_Version_List.
Spectrum will read svnVersion, if the svnVersion contains at least one value in the Firmware_Version_List, the CheckpointApp
is considered to be matched, and the model CheckpointApp will be created, then the model CheckpointR80App is ignored.
In case the model CheckpointApp is not created, the model CheckpointR80App will be created (no more check).
So, let summary if you want to create model CheckpointApp for your device, you should
1. Get value of svnVersion (1.3.6.1.4.1.2620.1.6.4.1.0)
2. Extract version text in svnVersion and add it to Firmware_Version_List of the model CheckpointApp.
If you don't modify Firmware_Version_List, the CheckpointR80App will be created.
Currently, the list of version in Firmware_Version_List (so the CheckpointApp will be created):
R80.10
R80
R77.30
NGSE
R77.20
R77.10
R77
R76SP.50
R76SP.40
R76SP.30
R76SP.20
R76SP.10_VSLS
R76SP.10
R76SP
R76
R75.47
Feedback
Yes
No
Powered by
