I have had several phone calls from our medical staff over the last few weeks indicating that they get blocked to certain websites that are usually allowed. When I receive a call about traffic not passing as expected, I always do a health check on the server to spot anything funky. The times that I’ve had this report, I have seen the PDPD daemon pegging the cpu (#top). As I understand it, the PDPD daemon is responsible for logging identities. It seems that the rules that are not working are the ones that are utilizing Access Roles as the source. Has anyone had this issue? What did you do to fix it? I would love any direction to be pointed. This is R77.30, open server, cluster (active/active…don’t ask!).
Double check that you are not collecting identities from subnets that do not have users on them, for example server subnets.
See this: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86560