CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: avdonzzz

Search: Search took 0.00 seconds.

  1. Re: add new sub interfaces to an existing cluster running clusterXL

    I think the cluster will go down, anyhow if you setup the new vlan from standby FW first then followed by active FW that shouldn't cause any impact to the services
  2. Replies
    3
    Views
    10,831

    Re: Host Header Redirection

    This should not be the job of the firewall. A load-balancer can does this pretty easily.
  3. Replies
    7
    Views
    4,828

    Re: Failover in cluster

    Or you can start using monitoring tools to monitor the cluster status via snmp?
  4. Replies
    5
    Views
    1,520

    Re: How to remove entry from connection table

    The values needs to be in hex, so you need to convert the IP address and port number to hex.
    http://www.binaryhexconverter.com/hex-to-decimal-converter...
  5. Re: Can we Check routing table through Smart Dashboard

    Nope, but you can view the routing table from Smartview Monitor
  6. Replies
    4
    Views
    1,301

    Re: firewall can't be connected

    Check the permission of /tmp directory as well it should be full permission, I encountered this before after upgrade.
  7. Re: HOWTO: Deal with stale ARP issues on adjacent routers

    Wow I didnt know about the ARPING command, thanks for sharing!
  8. Re: Restrict r/w admin access from specific location

    why not use the legacy authentication client authentication?

    rule:

    src:user@location dest:FW action:"Accept" service:"FW services"
    Stealth rule src:ALL dest:FW action:"Drop" service:"All"
  9. Replies
    3
    Views
    3,040

    Re: 3rd Party SSL Certificate Renewal Issue

    Yes you are right, you can only have 1 DN

    it's a lame method, remove the cert/create the CRL file but do not push policy until you got the cert.

    but I encounter before when I removed the cert...
  10. Replies
    3
    Views
    3,040

    Re: 3rd Party SSL Certificate Renewal Issue

    We got the same issue aswell..

    What we did is to have the new cert prepared 1 month before it expires.

    Remove the old cert -> add new Cert with a different nickname -> push policy -> rename...
  11. Re: Checkpoint R76VS and cluster member failover

    In SmartDashboard -> cluster object -> cluster Members

    You can adjust the cluster member priority and remember to push policy after the change
  12. Re: Cluster XL , non-routable IPs and remot SmartManagement

    Reinstall remote Cluster, I assume you will down 1 cluster at a time while maintain the active connection? This will not break the VPN connection.
    You could always remove the FW from the cluster and...
  13. Replies
    2
    Views
    1,445

    Re: Testing the clustering but error messge

    Did you uncheck the box "For Gateway Clusters install on all the memers, if it fails do not install at all" when installing policy?
  14. Replies
    2
    Views
    2,813

    Re: blackhole subnet route

    you're trying to blackhole your whole /24 production subnet to null route or I got the wrong meaning?

    Personally I believe such temporary solution should apply nearer to the internet edge...
  15. Re: RX errors increasing on External Interface of Splat firewall

    It could also due to half-speed/duplex or mtu size
  16. Re: Not Getting logs from one of the firewall in smart view tracker

    Is this a HA cluster or load sharing cluster?
  17. Replies
    0
    Views
    1,005

    3rd party certificate

    Does Checkpoint UTM appliances support renewal for 3rd party internal certs?

    I have certs about to expire within a month, but the "Renew" option is greyout.

    Do I really have to remove and add a...
  18. Replies
    1
    Views
    1,106

    Re: Utility to monitor Windows Processes

    Microsoft has a sysinternal suites which includes the Process monitor, you may want to check that out

    http://technet.microsoft.com/en-us/sysinternals/
  19. Replies
    4
    Views
    1,881

    Re: R60 policy rules to Excel, text or pdf

    have you try to use web visualization tool?
    sk64501
  20. Replies
    1
    Views
    1,295

    Multiple certificates tie to a Gateway

    as per topic,

    I got a internal cert installed for client authentication using port 950 it is working fine.

    now we want a new cert tie to one of the interface of the firewall, is this possible?
  21. Re: Unable to install policy due to SIC error number 148 - R75 Checkpoint 12207 Appli

    like what alienbaby said, have you check the time/timezone between the sms and gw?


    if you do a cpd_admin list did you get the below process?
    [Expert@fw]# cpd_admin list
    InstallPolicy...
  22. Re: Unable to install policy due to SIC error number 148 - R75 Checkpoint 12207 Appli

    do a "cpwd_admin list to see if this is related to CPD process issue

    have you try reset the SIC for this gw?

    "not communicating" maybe you want to first fix the communicaition link between gw...
  23. Re: Unable to install policy due to SIC error number 148 - R75 Checkpoint 12207 Appli

    Do a "Test SIC Status" on the Smart Dashboard for both clusters to check the connectivity between the SMS and GW.

    Do a cphaprob stat in SPLAT to see what's the current status of the cluster

    Do...
  24. Replies
    1
    Views
    958

    network traffic monitoring via console

    recently I cam across a network traffic monitoring tool for linux/BSD servers:

    vnStat - a network traffic monitor for Linux and BSD

    Anyone have this tool installed in their box? or is this tool...
  25. Re: Checkpoint 4600(2012 appliance) External Interface

    I guess you didn't configure the interfaces correctly?

    External interface should be the ISP public IP (static ip assign by ISP)
    Mgmt interface should be 192.168.1.1
    LanX interfaces will be your...
  26. Replies
    3
    Views
    1,237

    Re: VLAN Configurations on 2012 Appliance

    correct me if I'm wrong.

    in Splat
    1. vconfig add eth2 VLAN_num
    2. ifconfig eth2.VLAN_num 192.168.1.10 netmask 255.255.255.0
    ifconfig --save

    in Dashboard
    1. Go to FW topology, get all...
  27. Replies
    1
    Views
    909

    Re: Partial user missing in AD group

    did you check the ldap account unit property?

    the field "account unit" and "group's scope" ?
  28. Replies
    0
    Views
    1,144

    R76 SmartDashboard Overview GUI

    isit possible to edit the configuration for the 4 type of Layouts?

    e.g The network activity graph is displaying Packets/Sec, the graph is displaying the live traffic for 5mins, possible to...
  29. Replies
    13
    Views
    12,930

    Re: Aggressive aging

    besides checking where the connections are coming from, why not increase the maximum concurrent connections 150k-200k?
  30. Replies
    0
    Views
    716

    HTTP Security Server issue

    hello,

    I have some issues regarding the HttP security server

    our users use proxy (behind firewall) to surf internet, we have a rule to allow the proxyserver to internet.
    and we also have a FW...
  31. Replies
    2
    Views
    1,626

    Re: User Center v1.2 now available for iOS!

    no love for Android?
  32. Replies
    0
    Views
    901

    client authentication case sensitive

    I am using AD group via an LDAP object to authenticate users to the firewall rules. The AD domain user credential is not case sensitive, but the FW client auth cannot recognise the user credential in...
Results 1 to 32 of 32