CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: gavvys

Page 1 of 3 1 2 3

Search: Search took 0.01 seconds.

  1. Replies
    2
    Views
    4,601

    Re: Network Extender

    you can try the following :
    Try to disable Automatic Proxy detection for Internet Explorer to see if it resolves the problem. This is located under: "automatically detect settings", which is located...
  2. Replies
    0
    Views
    1,350

    Error in event log

    Hello All,

    I am facing a strange issue on the edge UTM-x series box with 8.0.42 version.
    I am getting Error:http server :an invalid http request was detected on edge box.I am getting this error...
  3. Re: TCP Packet out of state: First packet isn't SYN

    Hello Robby,
    Thanks for your suggestion but I am dont udnerstand this pattern in fw monitor, I captured this traffic, eth1 in int and eth0 is ext.
    eth1:i[555]: xxx.xxx.xx.112 -> xx.xxx.xx.xx (TCP)...
  4. Re: TCP Packet out of state: First packet isn't SYN

    I am facing a strange problem with one laptop with docking station only, after working fine for 1-2 hours the firewall starts dropping the packets, I change the IP address on laptop again after 1-2...
  5. Re: Installation failed. Reason: Load on Module failed

    Just to add more to this topic, I faced this issue because I was testing to create another firewall object and tried to push a new policy on new installed gateway and there is already existing...
  6. Replies
    2
    Views
    2,006

    Re: Should We Hold a CPUG Conference in India?

    Hello Barry,
    I would like to add something to make this a success.
    Yes it will be good idea to hold a conference in India. But you have to move with Checkpoint, Checkpoint distributors and...
  7. Replies
    2
    Views
    2,112

    Re: Failed - annoyed

    Don't get annoyed due to certs failure, make sure you should have good practical knowledge of the product, you can clear the certs by cramming as well, so certs are not big deal ;)
  8. Thread: IP Cluster

    by gavvys
    Replies
    1
    Views
    1,146

    Re: IP Cluster

    I havn't created any explicit rules for the cluster members.

    Do you check the logs in tracker if the packets are being dropped and you can know the exact reason for drops.Or if you do not see any...
  9. Replies
    7
    Views
    2,143

    Re: Job market for checkpoint

    Yes checkpoint has good market for jobs but make sure you should be good in troubleshooting as well, learn differnet troubleshooting commands ,understand the product thoroughly.You should have good...
  10. Replies
    1
    Views
    1,354

    Re: Question about cp_merge process

    You can migrate the whole policy with cp_merge, for more information in detail you can check out the exact procedure in knowledge base
  11. Replies
    2
    Views
    2,388

    Re: Cant Add a Logging Server

    Add a Checkpoint object and check only log server in the below option, it will be your log server and then you can add there.

    simple!!!!!
  12. Replies
    5
    Views
    2,011

    Re: Migration and Recovery.

    Yeah I think it should work but I havn't tried to move between two CMAs.

    You can do one thing, create a test MDS on a VMware and then you can test all these things before doing on production...
  13. Thread: Object Filler

    by gavvys
    Replies
    7
    Views
    6,083

    Re: Object Filler

    read the pfd file provided with the download if provided, if not provided you can download the pdf file, all the required commands are there in the book.
    Its very easy!!!!
  14. Re: Documentation of best practices? Specifically pushing policies.

    Yeah even I had seen many forums in cpug itself that auditors create lot of nuisance but sometimes they are right.
    The best way to manage a Firewall is that you should always keep a backdoor like...
  15. Re: Beginning with version 3.8 IPSO supports PPPoE connections

    Thank you for the information......any comments about MTU problems???
  16. Re: Beginning with version 3.8 IPSO supports PPPoE connections

    I have just a quick question that the IP address will be static on the interface or not after configuring the PPPoE??
  17. Replies
    5
    Views
    1,863

    Re: Using NAT IP FOR VPN

    Then you can create a rule like this in checkpoint NAT tab and you can NAT the private IP with public IP address:
    In NAT tab
    Source: 10.24.32.2
    Dest :Citrix server
    Service :ANY/Citrix
    ...
  18. Re: Checkpoint TAC and how much they know about Checkpoint products

    Good joke from Checkpoint :).......fill a good survey so that they can know about that...but I am sure nothing will change....
  19. Replies
    5
    Views
    1,863

    Re: Using NAT IP FOR VPN

    Yes you can do this using NAT option in Checkpoint, you can do static NAT, both the clients will go out with dofferent IP address.

    If I understand you properly if you creating a client to site VPN...
  20. Thread: VPN problems

    by gavvys
    Replies
    2
    Views
    1,432

    Re: VPN problems

    May be some of your external network device is blocking the topology download, definitely it could be the issue with some blocking only, its not strange ;)
  21. Replies
    7
    Views
    1,993

    Re: check Point related training - expectations

    I would like to hear about:

    1.Good/practicle knowledge about the Checkpoint product about each option.so that one understand about the in-depth working of the product and how it takes the traffic...
  22. Thread: Hello all

    by gavvys
    Replies
    1
    Views
    1,329

    Re: Hello all

    Hello..

    Welcome to the group...yes that will be a good idea to help people in certifications..

    Great Job!!!!

    Cheers!!!
  23. Re: Check Point Best Practices and Performance book

    Cover licencing as well in simple terms so that everyone should be clear about the licence..most the technical people are not aware of that.It will be good for techs.
  24. Replies
    4
    Views
    2,258

    Re: Static routes disappear

    try the command #route -save
  25. Replies
    3
    Views
    1,704

    Hug Your Security Professional

    This Friday Is "Hug Your Security Professional" Day - Chuck's Blog


    Cheers!!!!!
  26. Replies
    3
    Views
    1,376

    Re: management logging/auditing admin actions

    You can check in smartview tracker.....simple ;)
  27. Replies
    6
    Views
    3,088

    Re: Security Management Platforms?

    It depends on you how you want to use the product, some products have webconsole and some have there own console, checkpoint is good product you can using it with evaluation licence.
  28. Replies
    23
    Views
    5,771

    Re: Provider-1 migration reccomendations

    Let me add my comments also ;)
    Migration of SCS to Provider1 is very easy, you can use ofiller/odumper objects, you can migrate objects/rulebase, policy package.
    Download the tools, follow the...
  29. Replies
    2
    Views
    3,651

    Re: [offer] practice for cissp

    Thanks a lot ;) for such a valuable tests.
  30. Replies
    2
    Views
    1,465

    Re: Site-to-site connectivity problem

    If you are sure about the VPN settings on Checkpoint,cisco and draytech are fine then you need to check the network topology at your side and at destinations, make sure about the encryption domains...
  31. Replies
    7
    Views
    4,847

    Re: How to export Security rules to excell

    yes odumper is quite good tool , you can see the rulebase/objects in the html/excel format, it is very easy, copy the rulebase file from SC and then run the command for udumper......done, you will...
  32. Replies
    12
    Views
    2,560

    Re: A Q&A with Check Point CEO Gil Shwed

    I know there is a price difference but where price doesn't matter for security they will definitely go for different products on different platforms and not all the products on single gateway.I am...
  33. Replies
    12
    Views
    2,560

    Re: A Q&A with Check Point CEO Gil Shwed

    Yeah even I tried to understand about these blades but it seems to be just old wine in new bottles... ;)
    There is no denying the fact that Checkpoint is good for Firewall and VPN but in case other...
  34. Replies
    1
    Views
    1,154

    Re: CheckParam: New joinee

    Yeah you are right!!! njoy learning......
  35. Thread: New Guy

    by gavvys
    Replies
    1
    Views
    1,177

    Re: New Guy

    Welcome to the forum!!!!! njoy learning new things.....
  36. Replies
    4
    Views
    1,702

    Re: SmartCentre Upgrade R62 to R65

    You can also refer some doc for complete upgrade although you are creating a new server so not to worry much, Checkpoint upgrade tools are reliable.

    I havn't heard of any tool to verify the policy...
  37. Replies
    1
    Views
    1,363

    Re: ClusterXL Routing Problem

    can you put some diagram to understand the traffic flow.

    regarding your second problem, you can move your traffic the way you NAT, or the way you put the routes.
  38. Re: NATed Connections are not working on Nokia IP Clustering

    It could be a ARP issue, check your external router for the ARP, try to put the manual ARP entried on the external router.
  39. Replies
    1
    Views
    1,421

    Manual NAT not working

    Hello,
    I am facing a strange problem, I do static NAT creating manual rules but it stops working after sometime and I am getting following error in the tracker, Dropped packet forwarded between two...
  40. Replies
    10
    Views
    1,652

    Re: VPN refuses to connect at times

    You can perform the following check when you get the error:
    -check the logs on the Firewall, what logs you see
    -check the connectivity
    -check for any kind of blocking at the client side like...
  41. Re: how to attach a license via command line in NGX r65

    Yes you can put the licence through command line also, its quite easy,
    You can get the licence commands from the gateway itself, here listed below:
    Usage:
    Local Licensing:
    cplic put ......
  42. Replies
    2
    Views
    1,367

    Re: Bring back the love!

    Checpoint has only licencing issue and rolling out versions which are not stable.
    Otherwise checkpoint is good product technology wise, as per firewall+vpn it is very good product and very...
  43. Replies
    1
    Views
    1,026

    Re: VPN conncurrent users

    yes you can check the user in smartview monitor, you can also check how many site-too-site tunnels are UP also.
    Regarding the bandwidth I think you can check this in eventia reporter, you can have...
  44. Replies
    2
    Views
    1,442

    Re: To NAT or not to NAT

    Yes everything is possible in PAT but the issue is that in RDP session how the client will generate request on diff port other than 3389, or if you want to change the port on server side how will you...
  45. Replies
    2
    Views
    3,863

    Re: site-to-site VPN

    could you please use english so that all can understand and you can good resolution.
  46. Re: Export policy from a smartcenter to import it into another smartcenter

    Yes it is possible, you could have searched the forums there are numerous answers, well below is the resolution, you can import individual policies from the the differnet SC to one SC

    The cp_merge...
  47. Replies
    5
    Views
    2,011

    Migration and Recovery.

    Hi All,

    I had gone through some documents and tested the things and would like to share the experience with newbies and who are not aware.
    Any sort of migration like
    1 smarcenter--->Provider 1...
  48. Replies
    12
    Views
    6,543

    Re: Two SmartCenter sever consoldiation to one

    I hope this will help more in this thread to import the policy


    The cp_merge tool is a merge utility that provides two major functionalities:
    1. The export and import of policy packages.
    ...
  49. Thread: Upgrade to R65

    by gavvys
    Replies
    1
    Views
    1,267

    Re: Upgrade to R65

    You need to download the Nokia R65 wrapper to upgrade to R65, access the voyager and migrate the pkg through ftp and apply the upgrade also for fall back create the image of previous version.
    For...
  50. Replies
    3
    Views
    1,205

    Re: direct upgrade from NGXR62 to NGXR70

    Better go for R65 before moving to R70, let R70 get stabilised.
  51. Replies
    1
    Views
    1,797

    Re: Regarding the VPN Concepts

    hey man no one has so much time to tell you all this over here in this forum, you need to go through the books to understand all this.....give me your email I will forward you a good book on vpn...
  52. Thread: ICA

    by gavvys
    Replies
    5
    Views
    2,127

    Re: ICA

    upgrading is not a much big move, but for proper procedure you can follow the guides, that will give you 2-3 options for minimal downtime.
    Impacts of upgrade as done you, it wil create the new CA...
  53. Replies
    1
    Views
    2,604

    Re: invalid certificate - no vpn tunnel

    Can you please clear me your network diagram, m unable to understand the architecture, otherwise creating a vpn is very simple in checkpoint.
  54. Replies
    3
    Views
    2,239

    Re: 156-315.1 Or 156-315.65

    better go for the latest ie R65.
  55. Replies
    3
    Views
    1,862

    Re: Help a newbie please ...

    As per my understanding you want to upgrade your SC(SPLAT) and EM(Nokia).
    Yes you can follow the simple steps, run the SPLAT cd to upgrade SC, also you can create the image to revert back.After that...
  56. Thread: Welcome message

    by gavvys
    Replies
    3
    Views
    1,544

    Re: Welcome message

    Yes you will learn lot of things here.......

    Welcome to the forum.
  57. Replies
    8
    Views
    3,023

    Re: How to learn nokia checkpoint ??

    Yeah you will get bore from the documentation.
    The fastest way is to sit with some experenced admin..u will catch things fast....
  58. Re: Network behind FW1 not working after adding license

    tell me one thing, if you are changing the IP address, then why you are using the previous IP address, remove that IP and remove the licence related to that IP also.
    Why you are using so old OS and...
  59. Re: Network behind FW1 not working after adding license

    licensing will not create this type of problem please check you logs in tracker if you are still unable to get the resolution check through TCPDUMP tool, or for NATTING issue you can check in fw...
  60. Replies
    8
    Views
    3,023

    Re: How to learn nokia checkpoint ??

    you can join some coaching classed where you can get hands on experienc to manage the nokia boxes, you will not get good exposure from documentation, you can refer docs befire training but you have...
  61. Replies
    5
    Views
    2,791

    Re: Does this tcpdump result has any error?

    yeah TCPDUMP is a good tool to monitor the traffic, keep in mind the flags you will get e better view of the traffic.Also you can see the traffic in fw monitor on the Firewall itself to check how...
  62. Replies
    8
    Views
    2,005

    Re: Noob Needs Help Figuring Out Splat

    yeah pete go for R65 and wait for stability of R70, after that you can upgrade to R70 later on but also in case of R65 make sure you should have good hardware as per the features you are using in...
  63. Replies
    7
    Views
    2,820

    Re: Provider-1 New Project

    Hi,
    I hope my advise will help you,this is really intresting thing to be discussed,everyone is in need of it.
    So as per you scenario you advise the following things:
    1.if you are managing all the...
  64. Thread: Official answer

    by gavvys
    Replies
    2
    Views
    1,754

    Re: Official answer

    Goto checkpoint.com, login there with you checkpoint login credentials, you can have chat,talk or you can send them email.I hope they will reply u asap.
  65. Thread: New member

    by gavvys
    Replies
    1
    Views
    1,288

    Re: New member

    Hi,
    Welcome to the group, yeah you will really learn new things here in Information Security field.

    All the best.
    Regards
    Ranjit
  66. Replies
    13
    Views
    3,624

    Re: How to evaluate hardware performance?

    Yeah go for a bit higher performance hardware for the gateway, in future if you want to test smartdefence or any other application you can do that easily, or if there is some sort of virus outbreak...
  67. Replies
    13
    Views
    3,624

    Re: How to evaluate hardware performance?

    Hi,
    As per my understanding you should consider the following things to select the hardware for a gateway device:
    1.Number of users behind the gateway.
    2.Number of incoming and outgoing...
  68. Replies
    1
    Views
    1,073

    Re: Hello i am new here

    Hello,
    Yes this forum will really help you to enrich your knowledge.Basically in this forum the problems regarding the Checkpoint Firewall are discussed and you can ask questions regarding the same...
  69. Thread: Ports to allow

    by gavvys
    Replies
    1
    Views
    1,410

    Re: Ports to allow

    I am not sure about the ports that need to be opened, to get the exact answer either contact the application managing team, or also you can check the traffic in tracker and look for drops and allow...
  70. re: Help me!!! SecureRemote/SecureClient over Internet (Port Forwarding)

    It will not work in this way.
    You need to put the public IP direct on the Checkpoint device.It will work without any issues.
    You can do one thing, configure your DSL modem in bridge mode and then...
  71. Replies
    3
    Views
    2,026

    Re: Smartview monitor / error code -1

    Hi Polo,

    Let me know one thing you are getting this error first time after installation or it was working before.
    If you are getting this error after installation make sure there were no errors...
  72. Replies
    2
    Views
    1,568

    Re: 2nd Checkpoint Firewall

    I do not think that putting a 2nd Firewall is good idea.If you think that your servers are critical you can apply some authentication solution, it could be single factor or 2 factor authentication as...
  73. Replies
    1
    Views
    1,205

    Re: Unique Rule Names

    Hello,
    I havn't seen any option to set the rule name to unique, I also using the rulenames in the rulesbase but havn't seen such kind of option.
    Also I havn't used the rulename for troubleshooting....
  74. Thread: VPN Performance

    by gavvys
    Replies
    4
    Views
    1,640

    Re: VPN Performance

    Hi,Thank you for the inputs.

    Well at my side Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_17, Hotfix 670 - Build 005.

    On the peer side its ASA 8.x.

    Phase...
  75. Thread: VPN Performance

    by gavvys
    Replies
    4
    Views
    1,640

    VPN Performance

    Hi all,

    I am facing a problem in site-to-site VPN regarding performance,my side is SPLAT and peer is PIX,using NAT on both sides for incoming and outgoing traffic.
    Issue is that inspite of good...
  76. Replies
    2
    Views
    1,358

    Re: Standby Device is "dead"

    check the status of the backup device using the HA command(command varies on the hardware used) that will give you better output.
  77. Re: how do I check the gateway on my CP VN1 Firewalls?

    What is the base OS of your Checkpoint Firewall.
    To check the gateway of your interfaces:
    SPALT--then check with sysconfig.
    Windows---check the interfaces in network configuration....
  78. Replies
    3
    Views
    1,271

    Re: About interfaces status displayed of R55

    Hi,

    You can use following commands to check the status and other details about the interfaces

    mii-tool
    ethtool <interface>
    I hope this will help you.

    Regards
    Ranjit
  79. Replies
    7
    Views
    1,811

    Re: how to identify installed modules

    Yes the command rpm -qa |grep CP works for SPLAT to check the Checkpoint installed packages.
  80. Replies
    1
    Views
    980

    Re: Internet Tracking Software

    Hi,

    For the detailed reports of the internet access and other in details reports you want for internet access you can user Websense, that is the dedicated product for content filtering, it is not...
  81. Replies
    3
    Views
    1,559

    Re: Have purchased now what to do?

    Hi,

    I have not seen any impact on the performance after enabling the smartview monitor.
    If I find any thing regarding this I will let you know.

    Regards
    Ranjit
  82. Replies
    3
    Views
    1,559

    Re: Have purchased now what to do?

    Insert the licence and enable the smartview monitor, make sure it is installed in the dashboard, you will get the reports now.

    Let me know if you require more help.


    Regards
    Ranjit
  83. Replies
    10
    Views
    2,815

    Re: VPNd is not running please help.

    Hi,

    You can check the keys for phase 1 and phase 2 using the command VPN TU and check upto which phase the conenction gets complete.Also apply the filter based on IP address and then check are you...
  84. Replies
    3
    Views
    1,271

    Re: About interfaces status displayed of R55

    Your checkpoint is window based or it is SPLAT(Secure Platform)?
  85. Re: Which option in cpconfig be required to restart CP?

    Hi,
    There is no need to run CP services again if you are modifying something in cpconfig.
    Could you please be more specific what you are changing in cpconfig so that I can give you the exact...
  86. Replies
    3
    Views
    3,488

    Re: Block Gmail Chat

    Hi,

    To block these kind of things you need to go for dedicated content filtering solution like Websense etc where you can block the things in depth.

    I hope this will help you.
    Regards
    Ranjit
  87. Replies
    2
    Views
    1,121

    Re: Deleted Gateways in SmartMonitor/Update

    Hi,

    Try installing the database from the SCS.

    I hope this will help you.

    Regards
    Ranjit
  88. Replies
    6
    Views
    2,703

    Re: Creating NAT List

    Hi,

    I havn't heard of auch script but I believe some linux gou can create that.
    Other option is the Web visualisation tool that you need to run on SCS, you can get all the rules/nat rules in a...
  89. Replies
    3
    Views
    3,417

    Re: Study material for ccsa 156-215.1

    Hi,
    There are two different exams for different version.

    For R62 is 156-215.1
    For R65 is 156.215.65

    As per I have checked on the Checkpoint site.

    I hope this will help you.
  90. Thread: Question

    by gavvys
    Replies
    7
    Views
    2,769

    Re: Question

    Performance I guess......
  91. Replies
    2
    Views
    3,267

    Re: Policy Installation Failed

    Hi,
    Generally I have faced this issue when there is bandwidth issue between the SCS and Gateway.
    If you are installing on the remote gateway kindly check the bandwidth or check the ethernet speed...
  92. Replies
    3
    Views
    1,861

    Re: Can not ping through SecurePlatform Pro

    Hi,

    Please check the logs in the Smartview monitor while you are pinging, check the output in tcpdump, check the traceroute upto which hop you are reachable, if still you are unable to get the...
  93. Replies
    6
    Views
    1,273

    Re: need help VPN site to site cisco

    Hi
    Follow some checkpoint book for detailed option and settings if you are new to this.

    That will be the best option.

    Regards
    Ranjit
  94. Replies
    4
    Views
    2,237

    Re: Cleared CCSA with 85%

    Congrats!!!!!!!!!


    Regards
    Ranjit
  95. Replies
    9
    Views
    2,194

    Re: Credit Card Number Detection

    Hi,
    i had attended a McAfee conference sometime before and they have products for what you are searching for.
    They have product DLP(Data loss prevention)you can set various policies in that even...
  96. Replies
    2
    Views
    2,220

    Re: How to use Upgrade_export 's backup?

    Hi,
    You can refer a Cehckpoint NGX book, in details procedure will be given there and that will too help you yo understand Checkpoint Firewall.

    If you want to download the latest tools, you can...
  97. Re: How am I configure "one vpn tunnel per each pair of hosts" in traditional mode

    Hi,
    I am not getting you why you are saying that there is no community in traditional mode.How you can set up vpn connection without a community, I have checked both in traditional and simplified...
  98. Thread: VPN Error

    by gavvys
    Replies
    1
    Views
    1,397

    Re: VPN Error

    Hi

    Could you please give some more information, whether you are making site-to-site or SecuRemote connection.
    What do u see in the smartvire tacker logs, if you are not getting proper view of the...
  99. Replies
    5
    Views
    1,348

    Re: VPN Domain Problem

    Could you please make me clear about the network diagram....and how VPN setups are there.....
  100. Replies
    7
    Views
    6,278

    Re: Port Scan showing port 264 open

    Hi
    This port is for topology download.
    If you want to control the access, create a rule for your gateway and then mention the public IPs of the sources who are making a VPN connection, this way you...
Results 1 to 100 of 233
Page 1 of 3 1 2 3