Search:

The article describes IP pool NAT but it is not the same thing as hide NAT. As far as I know the IP pool NAT does not translate source ports. (It cannot be used to hide multiple IP addresses behind...

Thank you for your reply.

I should state that the gateways are not VSX. I am used to the term DMI (dedicated management interface) only on VSX gateways. ...but as I mentioned the gateways have...

A bridge mode cluster normally does not have any virtual IP address (cluster IP address). There are only IP addresses of the individual firewall nodes for management and synchronization purposes.
...

The changes are listed in the R80 article:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108623#Hotfixes
in a separate article:...

Update: Check Point deferred the migration of the certificates again. Currently to June 2016. The SK article was updated.

The migration to SHA-256 based certificates has been postponed to February...

PhoneBoy, do you mean that Hyper-V will be officially supported in the future?

This is a very good point. Unfortunately this already happened in the past in Check Point. I remember that one of Endpoint Security R73 HFAs was silently updated and when I asked support about this...

I do not want to be nitpicking but I think that you are using the term "CLI based" instead of the correct term "text based".
IMHO interactive tools (like wizards) cannot be "CLI based" because CLI...

This would be a really serious limitation but fortunately it is possible to perform the first time configuration from the text console (I am not sure about CLI only first time config):

See...

Was not the 61000 appliance released with a special preliminary build of Gaia?

BTW: Why is "GAiA" being written with minuscule "i"? Does it have any meaning?

Check the release notes and the resolved issues to see if the fix was implemented in R75.30.
If not you have to ask the Check Point support for a new patch for the new version.

Patches are...

UTM-1 Embedded NGX Release Notes 8.2.45

Resolved issues:

Resolved: Ping and traceroute did not work with firmware 8.2.44

What's New in Endpoint Security E80.30

Server Side Features:

Virtual Groups: A directory that you can use to create and manage groups, users, and computers with the Endpoint Security...

Here is updated map from Check Point: Check Point R70, R71 and R75 Release Map
It mentions that R75.20 will support upgrades from R71.30 but not from R71.40.

What's New in Endpoint Security R73 HFA 3

New Endpoint Security client support for Windows 7 SP 1.
New WebCheck support for Internet Explorer 9 and FireFox 4.


Full Disk Encryption

New...

The article sk61024 describes Endpoint Security R73 Feature Support in Endpoint Security R80. Very useful for R73 users and people who knows R73.

Do you know if upgrade from R71.30 to R75.10 (EA) is supported in some way?

The R75.10 EA RN say that upgrade from R71.30 is possible by upgrading first to R75 but R75 RN do not mention...

ksamstad, you have to wait for R75.10 which is expected to be released during April.

Nice :) Thank you for the diagrams.


I think this is not true. AFAIK upgrade from R71.30 to R75 is not supported and direct experience of one of our customers confirms major problems. Also R71.30...

What's New

New OS Support: Windows 2008 R2 on Workstation hardware, Windows 7 SP1.
Support for Windows 7 operating system upgrades after Full Disk Encryption is installed.
Improved...

Yes, this is noted in the known limitations. It would be really bad if FDE has no way to grab new users from the AD :-) OK, I did not mean this as a manual adding of a user.

Unfortunately I did...

What does Check Point mean by this statement in Known Limitations?

Unfortunately I did not find the release notes. The installation files are here: downloads: Endpoint Security R73 HFA2

So far I know just that FDE EW for Windows was not updated in comparison to...

R80 contains FDE.

So Check Point postponed the release so much? In September Check Point presented that first release of Gaia will be in 2010. Later I heard that it will be at the beginning of 2011...

Please be aware of the fact that some functionality of Endpoint Security R73 is missing in R80.
What I am currently aware of:
- File Encryption completely missing
- FDE does not support smart...

R75 supports upgrade from R70.40 too. For details see the release notes.

I get: "The System is currently undergoing system maintenance." :(

Currently the DTPS part is also in R71.30 EA. See R71.30 is Public EA.

Does anybody know if R71.20 SmartDashboard contains the new Secure Workspace Manager for Abra R70.1?

This is expected. I am afraid that it is not possible to redirect ping to VPN without touching TCP IP stack which is not possible in Abra because it does not require admin rights.

Does it technically mean that Multi-Domain management is finally integrated into the mainline Security Management? So will I be able to enable the Multi-Domain functionality on regular Security...

You can check for possible fwm errors here: $FWDIR/log/fwm.elg

Dantro,

thank you very much for the great FAQ!

Could you please update the VPN clients question?


Since version 8.1 the Check Point Embedded firmware supports also Check Point Endpoint...

R70 and R71 SPLAT is based on RHEL 5.

Since R65 with the new CBI packages Crossbeam decided not to support Check Point management server neither on XOS (on which it has never been supported) nor on COS.

Of course the CBI package...

Unfortunately the latest version of odumper (2.4) does not export manual NAT rules. The functionality is planned for new version 2.6 but I am not sure whether the new version is being worked on.

On UTM-1 you can reset the password the same way as on regular SecurePlatform. See for example Re: [FW-1] Secure Platform Password Recovery. You have to use an external drive connected over an USB...

I have seen one installation where the problem was originally solved by installing a hotfix but now the problem reappeared after installing HFA_02. Have you seen something similar?

I know that the answer is comming too late but it could help others at least.

Your features string CPXP-VPX-250-NG is definitely an NG license (NGX version has NGX string at the end) but it is an...

My CCSI certificate is not tied to any ATC. So I suppose that I can move to another ATC and teach there.

This problem is described in the article sk31193 in Check Point's KB. This error could be caused by changed SmartDefense licencing. HTTP application checks are now available only as a part of Web...