CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: th0i3

Search: Search took 0.01 seconds.

  1. Thread: Any CCSP here?

    by th0i3
    Replies
    13
    Views
    5,831

    Re: Any CCSP here?

    Now we have the ottawa TAC supporting Checkpoint products. Alot easier to deal with. Probably allow them some time to cross skill.
  2. Sticky: Re: Panic When SecureXL and NAT Are Used and a Malformed Packet Is Received

    I am working on a high profile case where the customer is running IP2250, IPSO 4.2 build 096 + R65 HFA04 where the IPSO is panicking with adp errors.

    We have to switch off SecureXL to stabilise...
  3. Replies
    11
    Views
    7,185

    Re: NOKIA IP390 CPU Utilization 99%

    what was the outcome?
  4. Replies
    13
    Views
    4,535

    Re: Poor performance 1280, 4.2, R65

    You will need to obtain the best practices guide from Nokia. To lower the CPU usage you will need to fine tune your firewall. i.e SecureXL, most used rules at the top, no natting, miminise logging...
  5. Thread: fw ctl pstat

    by th0i3
    Replies
    5
    Views
    5,927

    Re: fw ctl pstat

    Great. That was what I needed. I need to obtain the management 3 guide.

    I also found, negative integer means the number is too large and does not mean errors.

    Thanks all.
  6. Replies
    8
    Views
    3,236

    Re: can you do tcpdump on utm appliances?

    I don't see why not. I do not have experience with UTM appliances. I am thinking if the small Edge device can perform packet capture, I don't see why the UTM appliance from Checkpoint can't do this....
  7. Thread: fw ctl pstat

    by th0i3
    Replies
    5
    Views
    5,927

    Re: fw ctl pstat

    Noone knows the answer?
  8. Replies
    9
    Views
    9,428

    Re: Checkpoint rule hit counts

    I mean from the CST file provided, Nokia TAC can generate (offline) output below.

    # Rule hit counts

    Total Number of connections: 2699
    ============================
    Started: 1017...
  9. Replies
    9
    Views
    9,428

    Re: Reg. Checkpoint rule hit counts

    I have seen Nokia TAC generation the tops used rules and services from the Connection Table which is provided with the CST. I am unsure what tools were used to generated this.
  10. Thread: fw ctl pstat

    by th0i3
    Replies
    5
    Views
    5,927

    fw ctl pstat

    Anyone know the relationship between the following from the command fw ctl pstat

    1. Hash kernel memory (hmem)
    2. System kernel memory (smem)
    3 kernel memory (kmem)

    I am struggling to find...
  11. Replies
    1
    Views
    1,660

    Re: UTM-1 570 Central Managed Conectra R66

    I found a few bugs on Connectra R66. From memory, I don't believe you can switch connectra from locally manage to centrally managed with a single command. (I could be wrong).
  12. Replies
    7
    Views
    2,262

    Re: Is smartview monitor worth buying?

    I didn't realise SmartView Monitor needs to be purchased.
  13. Replies
    3
    Views
    1,844

    Re: Secure XL with Nokia IP 560...

    And also certain features of SmartDefense. Best if you ask the Nokia TAC to send the 'Best Practices Guide for SecureXL' so you can fine tune your firewalls.
  14. Replies
    10
    Views
    7,911

    Re: Crossbeam COS Documentations

    Yes, this is correct. I remember downloading the VSX hotfix from this particular FTP server which contains the docs.
  15. Replies
    10
    Views
    7,911

    Re: Crossbeam COS Documentations

    I have them. I went to the IXOS (Introduction to XOS) training and I have the configuration guide for COS/XOS. PM me your email adddress and I will send them to you.
  16. Thread: CST command

    by th0i3
    Replies
    2
    Views
    3,288

    Re: CST command

    Yes, it does.

    I forgot to mention. This file contains a lot of information about your firewall. I suggest you encrypt this file and transfer over a secure channel to Nokia or CSSP.
  17. Replies
    7
    Views
    3,862

    Re: AD integration with R66

    Not to worry. I got this working in the test lab.

    You will need to ask your CCSP partner to provide you and eval license.

    Cheers.
  18. Replies
    7
    Views
    3,862

    Re: AD integration with R66

    Default authentication scheme' under 'Users' default values' to make it work

    Please advice where this setting is.
  19. Replies
    7
    Views
    3,862

    AD integration with R66

    I am trying to setup AD(LDAP) integration using Connectra locally managed gateways. I am using 30 days EVAL license which I generated for myself from Checkpoint.

    If anyone has working example,...
  20. Replies
    13
    Views
    4,180

    Re: Connectra R66 LM / CM available for download

    I can't get this work, maybe I am not doing something right. I built 1 DC windows 2003 and Connectra locally managed gateway. Any documentation that you can share chillyjim?

    I keep getting...
  21. Re: Connectra Integrated with LDAP and Microsoft CA

    I am still in the process of labbing this out using R66 (locally and centrally managed) to help a customer.

    Anything else, I should know besides from the information posted on this thread?
    ...
  22. Replies
    13
    Views
    4,180

    Re: Connectra R66 LM / CM available for download

    Do you guys know if the Connectra R66 support LDAP integration with AD in locally manage mode?
  23. Re: Can't update SecureRemote/Client Topology - Invalid Username/Password

    Try to delete and recreate your VPN certificate on the gateway which is terminate the remote VPN.

    However, the error message is wrong username is password????
  24. Replies
    4
    Views
    5,541

    Re: HA module not started

    Under Cpconfig, ensure the CPHA is enabled. In your SC, the property for ClusterXL needs to be ticked your firewall object and push the policy. You also need to the appropriate license. Now, I work...
  25. Replies
    8
    Views
    3,047

    Re: provider-1 server sizing tool

    Sorry for the delays, I havent had time to logon to CPUG this week.
    The SK is sk33142 and details below. The cases I dealt with was for 2.4.x kernel.

    IBM Security gateway freezes during boot
    ...
  26. Replies
    10
    Views
    3,345

    Re: P1 R65 random CMA stop

    You need to log a case with local Checkpoint rep and advised Checkpoint to release a hotfix. This hotfix is to be installed ontop of HFA02 which addressed the memory leak issue. Now, i don't know how...
  27. Replies
    5
    Views
    4,099

    Re: VRRP -Secondary Firewall flapping

    I have seen a couple of incidents of late. If you perform TCPDUMP on the interface (active and standby), you will see the primary firewall isn't sending out multicast VRRP hello for 'n'...
  28. Re: Anyone using Dell 2950 III series Hardware Platform?

    Any problems running SPLAT 2.6 kernel? As in any reported problems on this kernel ver?
  29. Replies
    5
    Views
    1,824

    Re: Routing restoration

    The point to note is routes are not restored when using upgrade import / export. As routing is done on the OS level. Manual intervention is needed here when you have static routes configured.
    ...
  30. Replies
    4
    Views
    2,828

    Re: aggressive aging on VSX / Crossbeam

    I had the impression aggressive ageing was a Smart Defense Feature. Try checking your smart defense options on SC/CMA.
  31. Replies
    9
    Views
    3,594

    Re: Bad Flash on Nokia Appliance - Now What ?

    I can't remember on top of my head IP390 is diskbased, hybrid or flash based. I have disk-based Nokia IP390 in the lab. In disk-based system, if you flash is corrupted, all you need to do is replace...
  32. Thread: CMA Backup

    by th0i3
    Replies
    2
    Views
    2,550

    Re: CMA Backup

    I will test this out. This makes sense because by creating the CMA first, it writes the MDS containter information to the MDS conf files. Then just import the existing configuration to the folders to...
  33. Replies
    8
    Views
    3,047

    Re: provider-1 server sizing tool

    cciesec2006, this may be out of topic on this thread. Do you have to install the kernel patch for your USB/reboot issues on IBM3650. That is a patch for the SMP kernel.
  34. Thread: CMA Backup

    by th0i3
    Replies
    2
    Views
    2,550

    CMA Backup

    Is it possible to perform CMA level backup. I am familiar with mds_restore and mds_backup and it works beautifully.

    I found some SK on CP which suggests to copy these folders. (sk26034)
    ...
  35. Thread: R65 and VMware

    by th0i3
    Replies
    17
    Views
    4,660

    Re: R65 and VMware

    That was what I thought VE was originally. SPLAT CD with the option to install GW and SmartCenter specially built for Vmware. Hence, virtual edition.
  36. Replies
    10
    Views
    5,179

    Re: URGENT HELP!!!!! CluserXL Unicast mode

    Is it possible if you put static ARP entries for the firewall and multicast MACs. If this is case, are there any impact to your other mysterious devices?

    To be honest, I have never seen this issue...
  37. Replies
    10
    Views
    5,179

    Re: URGENT HELP!!!!! CluserXL Unicast mode

    Have you tried using Vendor/Ethernet/Bluetooth MAC Address Lookup and Search to find out what these mac addresses are. Most important, what impact is this causing to your environmnet?
  38. Replies
    4
    Views
    3,507

    Re: VRRP Rx Bad Addr List increase!!!!

    To capture only vrrp multicast traffic. The command is

    tcpdump -i <interfacename> proto vrrp
  39. Replies
    4
    Views
    1,748

    Re: Upgrade_Export Windows to Unix

    I was posting this on another post. Here it is again. I replicated a customer environment where the OSs of the upgrade_export was miscommunicated. Customer had SC on Windows and I tried to export...
  40. Replies
    6
    Views
    3,061

    Re: VPN Problem within China

    I was in China in March this year and found wikipedi was blocked. Now, I can imagine encrypted traffic being blocked.
  41. Thread: Any CCSP here?

    by th0i3
    Replies
    13
    Views
    5,831

    Re: Any CCSP here?

    Yes, I work for CCSP. All my customer in my region are tagged 'Co-Standard' or 'Co-Premium' Support.

    Sometimes, it isn't fun dealing with Checkpoint on a daily basis. The American TAC just...
  42. Replies
    7
    Views
    2,933

    Re: Migration OS Smartcenter HA

    Yes, I was replicating a customer's environment where the customer miscommunicated his OS details. The upgrade export was from Windows. I tried to import this file to SPLAT and received some errors....
  43. Replies
    5
    Views
    1,986

    Re: smartdashboard crash

    According to Checkpoint, not all fixes are published in the 'release notes'.
  44. Thread: cpinfo Output

    by th0i3
    Replies
    4
    Views
    6,576

    Re: cpinfo Output

    If you are generating the cpinfo from the SmartCenter Server. You can use the Infoview to view the rulebases/VPN configuration etc. To do this, in the Infoview you map all versions of SmartDashboard....
  45. Replies
    7
    Views
    2,758

    Re: Configuration Backup (WIN & Nokia)

    Yes, this is correct. As upgrade_export and upgrade_import are Checkpoint tools, it is available across all OSs as long as Checkpoint is installed.

    When transfering the tgz file, please ensure you...
  46. Re: gateways R55 stop sending log to NGx R65 CLM and stand-alone log server

    Yup, that is the exact symptom my customer is having.
  47. Re: R65 Migration from Splat to 2003 Server - help needed

    Please stay on SPLAT. Having said that I haven't seen any major reported incidents on Windows. Cciesec2006 is right SPLAT 2.6 is still very unstable.
  48. Replies
    12
    Views
    4,525

    Re: UTM-1 appliances hardware overview

    I was troubleshooting UTM2050 and the dmesg logs suggested the NICs driver module were Crossbeam. Also, the Checkpoint TAC confirmed they had an alliance with Crossbeam and is made by Crossbeam.
    ...
  49. Re: Get WSE0020001 illegal header format detected with https service

    Good idea to submit RFE(Request for enhancements) to Checkpoint. This may be included in the next release of Checkpoint, if you're lucky.
  50. Thread: R65 and VMware

    by th0i3
    Replies
    17
    Views
    4,660

    Re: R65 and VMware

    cciesec, i think the cpinfo infos reveal all information. Further more, from the vendor portion of the mac address which one can easily lookup.

    Jim: You are right, i had an impression VE was like...
  51. Thread: What is R65.1?

    by th0i3
    Replies
    7
    Views
    2,640

    Re: What is R65.1?

    I also encountered this weird naming convention fixing a bug apparently caused by SmartConsole (R65). Checkpoint provided a new SmartConsole (R65.3). I asked the TAC and apparently this is a fix (.3)...
  52. Replies
    5
    Views
    2,338

    Re: New NGX Book coming out

    Private message your email address and I will send this to you.
  53. Replies
    4
    Views
    4,423

    Re: CheckPoint VSX R65 on Nokia IPSO

    I have seen this Nokia article and downloaded the packages. However, I do not have time to test this out. Will need at least 4 -5 hours of work.

    Let me know if you have any success, vice versa.
    ...
  54. Replies
    5
    Views
    3,185

    Re: Nokia IP390 Firewalls simply hang

    Abu may be right as you may be hitting a bug with RTM.

    run the following command. This will crash your firewall.

    rtm monitor -k ip -v pkt dir=in acc=sum -v pkt dir=out acc=sum -v pkt acc=sum...
  55. Replies
    12
    Views
    4,525

    Re: UTM-1 appliances hardware overview

    They are made by Crossbeam for Checkpoint. Similar to C-Series.
  56. Re: gateways R55 stop sending log to NGx R65 CLM and stand-alone log server

    Fortunately, I came across this issue before. This is a bug which is apparently fixed in R65 HFA02 (enforcement module). You need to turn on kernel debug for logging which you'll have to research....
  57. Thread: R65 and VMware

    by th0i3
    Replies
    17
    Views
    4,660

    Re: R65 and VMware

    The right question to ask is "if you run into to problems, will Checkpoint officially support this setup".

    There is the VPN-1 VE version which I believe is the official supported version. How...
  58. Replies
    5
    Views
    1,881

    Re: Nokia IP350 @100%

    I like their document/support/ISPO OS. However, they have some serious problems with their manufacturing. Let me quote especially their "IP2250" and ADP + encryption cards.
  59. Replies
    5
    Views
    2,338

    Re: New NGX Book coming out

    I got the book in PDF. Don't ask me how I obtained this.
  60. Re: SmartDefense - DNS Spoofing Vulnerability Protection

    I have seen incidents where turning this SD feature degraded the performance on the gateway. The customer upgraded to R65 HFA02 and this issue is now resolved.
  61. Thread: Pointsec for Mac

    by th0i3
    Replies
    11
    Views
    5,555

    Re: Pointsec for Mac

    There has been alot of buzz with endpoint security of late. Unified client is also another term CP uses.

    I have yet to review these endpoint apps. Any thoughts?
  62. Replies
    5
    Views
    2,270

    Re: Connection to Remote Edge site failing.

    Please advice if you are running the latest firmware on the Edge and also the latest libsw files on your SmartCenter Server.
  63. Replies
    5
    Views
    1,881

    Re: Nokia IP350 @100%

    msjouw: You could be running into a bug with Checkpoint RTM (Real Time Monitor). There is a hotfix from Nokia which you need to request Nokia/Reseller to provide.

    To determine this, you need to...
  64. Replies
    2
    Views
    1,958

    Re: Nokia 390 Platform Vs UTM-1

    UTMs are specially made by Crossbeam for Checkpoint. If you parse the dmesg you will see traces of Crossbeam drivers.

    Otherwise, everything else is exactly the same as SPLAT.
  65. Replies
    14
    Views
    4,166

    Re: DL380G5+NC346T+XL+SPLAT+v2.6 Traffic drops

    If you don't need additional kernel driver support, please stick to 2.4 kernel.
    I don't see any reason to migrate to 2.6 unless you have an unsupported driver or platform.
  66. Replies
    5
    Views
    2,060

    Re: CheckPoint VSX and Nokia: does it work well?

    Unless you are keen on having phone conference with Canadian Global TAC on daily or weekly basis, then install Nokia/VSX. I think the official supported release is till NMDS4.x and VSX NG AI 2.xN
    ...
  67. Replies
    5
    Views
    2,060

    Re: CheckPoint VSX and Nokia: does it work well?

    No, do not install VSX on Nokia platform. I've seen Nokia's AGP card causing so much pain and it is not worth the time. Also support of VSX on IPSO have proven to be difficult.

    Look into...
  68. Thread: VOIP - HELP

    by th0i3
    Replies
    0
    Views
    1,928

    VOIP - HELP

    When definining sip what is SIP and SIP_ANY services?
  69. Replies
    2
    Views
    1,612

    Re: Connectra R62 CM HFA01

    Sounds bad, but at least we could be hitting a bug. I thought it was my config.
  70. Replies
    0
    Views
    1,625

    VOIP on R55 HFA20

    Has anyone tried to configure SIP on R55 HFA20?

    I have never been able to get it to work. It keeps complaining SIP packet malformed. The only way i could get it to work is to use service any. As...
  71. Replies
    2
    Views
    1,612

    Connectra R62 CM HFA01

    Connectra does not allow me to have 7 Antivirus rules. When I do, Connectra does not allow the clients to connect.

    If i have 6, that is fine. Do anyone have this issue?
  72. Replies
    58
    Views
    22,047

    Re: CCSE NGX (Unicert aka Pass4sure)

    The link is broken. Please share again.

    Thank you in advance.

    Cheers.
  73. Replies
    36
    Views
    11,536

    Re: clear CCSE NGX 100% with pass4sure

    I went to Pass4sure website and did a search on CCSE. I am unable to find it. The only dump offered was the accelerated CCSE.
  74. Thread: Passed today

    by th0i3
    Replies
    6
    Views
    2,519

    Re: Passed today

    Congrats! Keep up the good work.
  75. Replies
    0
    Views
    1,405

    Passed CCSA last week!

    All,

    I have passed my CCSA last week with 80%. It wasn't overly too hard, but there were questions with spelling/grammar mistakes. The question itself was confusing, in the sense of English and...
  76. Replies
    15
    Views
    2,882

    Re: CCSA Passed 88% Today 12 March 07

    I usually read the book twice(line per line). Lab out the scenerio using dynamips/dynagen or real equipment. Then use braindump for the exam. Some good ones are TK and Pass4sure.

    I don't have...
  77. Replies
    1
    Views
    2,234

    hex to numerical ip address translater

    Does any has a HEX to numerical ip address traslater. I'm sick of working HEX out as it is time consuming.

    For example.



    [Expert@enforceav]# fw tab | grep block*
    -------- jpeg_block_state...
  78. Replies
    15
    Views
    2,882

    Re: CCSA Passed 88% Today 12 March 07

    Mine is on Thursday. This will be interesting as this is my first Checkpoint exam.
    I hope to do well too. If i really like it, i will purse my CCSE/CCSE+ as well.
  79. Thread: I've passed exam

    by th0i3
    Replies
    8
    Views
    3,589

    Re: I've passed exam

    Confusing enough, for B. This feature is not on R60. The smartcenter server does not have SIC in cpconfig. The SIC menu is only located on the enforcement module.

    In short, the SIC option is only...
  80. Thread: I've passed exam

    by th0i3
    Replies
    8
    Views
    3,589

    Re: I've passed exam

    I put my money on D.
  81. Replies
    19
    Views
    6,369

    Re: Finally a CCSA on 20th Feb(88%)

    Two persons in a week. Not very encouraging is it, for me.
  82. Replies
    19
    Views
    6,369

    Re: Finally a CCSA on 20th Feb(88%)

    I'm worried after reading your post. Mine is on the 17th of March. I'm not sure how to test my readiness. I have built VMWARE running R60. Went through the syngress book once and read TK and AT.
    ...
  83. Replies
    19
    Views
    6,369

    Re: Finally a CCSA on 20th Feb(88%)

    All,

    Can someone tell me where I can get this Nizmo doc?

    Sorry i'm new here.

    Thanks.

    Godspeedcapri: I've been using R60 running in VMWARE using a distributed topology. What are the...
Results 1 to 83 of 83