CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Search:

Type: Posts; User: DrkNite

Search: Search took 0.01 seconds.

  1. Re: Periodic High latency problems on a single VS

    OK so the even happened again yesterday and I was able to get some top -H info.
    I'm planning to apply HotFix take 99 tonight, hope it will fix the problem but I'm not holding my breath at this...
  2. Re: Periodic High latency problems on a single VS

    Thanks for the suggestions
    so i checked the max connections and it's way under the set limit.

    fw vsx stat -vs 32

    Connections number: 946
    Connections peak: 5635
    Connections limit: 44900
  3. Periodic High latency problems on a single VS

    I have a VSX cluster running on open-software on 12 core 256GB RAM HP DL380p Gen 8 boxes.
    The cluster has Just 3 virtual Firewalls on it.

    2 of these VS's have no problems what so ever, one of...
  4. Replies
    3
    Views
    1,937

    Re: VS connections limit

    Perfect abusharif, Thanks.

    somehow I've ended up with fishnet support rather that Checkpoint direct support this time around and I've had a ticket in with them for this question for 2 days now,...
  5. Replies
    3
    Views
    1,937

    VS connections limit

    How do i increase the max connections on a vs?

    this is one of our internal VS's with only our main application server behind it, we just made the move so nothing else is behind the firewall yet....
  6. Replies
    2
    Views
    1,895

    Re: VSX R77 physical interface bandwidth

    Hi mcnallym
    Thanks for the reply, maybe I'm looking in the wrong place but i cant "interface" speed setting, on my older none VSX boxes it was under Topology for the interface in the gui under QoS,...
  7. Replies
    2
    Views
    1,895

    VSX R77 physical interface bandwidth

    New to VSX and i need to limit the Bandwidth of one of the interfaces (one on each node of the cluster) of my VSX cluster.
    Is this possible or am i going to have to limit it at the switch?
    I've...
  8. Re: CP R65 HFA70 to Safe@office 1000NW Site to site VPN - Help!

    Got it working
    the s@o side is easy with the wizards so that wasn't the problem
    the R65 was more of a challenge
    the s@o has to be added as an interoperable device object or it doesn't show up as...
  9. Re: CP R65 HFA70 to Safe@office 1000NW Site to site VPN - Help!

    I'm not using ether yet
    it just needs to be reliable once it done
    simplified seem to be more for like to like setups
    probably could do that if i was runing R70 so will probably go traditional
  10. CP R65 HFA70 to Safe@office 1000NW Site to site VPN - Help!

    It's been a long while since i setup a VPN on checkpoint and to be honest very rusty at it.
    Anyway I have a project where I need to connect site to site a Safe@office 1000NW to one of our R65 HFA70...
  11. Replies
    4
    Views
    3,327

    Re: Vendor Router in DMZ and Anti-Spoofing

    Sorry it's been one of those months
    to many projects not enought hours

    but the answer was just what abusharif says

    if you have more than one network behind
    behind the interface you need to...
  12. Replies
    0
    Views
    2,650

    NAT and bgp failover

    Iím trying to sort out a DR scenario that was dropped on my this morning, I donít think it can be done at the firewall level but Iím willing to be proved wrong

    So here is the scenario

    Lets...
  13. Replies
    4
    Views
    3,327

    Re: Vendor Router in DMZ and Anti-Spoofing

    Please ignore, I figured out how to do what i wanted to do
    sometime a 5 min break and a cup of coffee do wonders!!!!
  14. Replies
    4
    Views
    3,327

    Vendor Router in DMZ and Anti-Spoofing

    I'm having a problem with the Anti-spoofing and need to find a way around the problem
    ultimatly the problem i have can be solved by turning off anti-spoofing in the DMZ but i'd rather not do that if...
  15. Replies
    0
    Views
    2,038

    moving from one ISP to another

    I'm in the planing stages for switching ISP and public IP's because of it.
    I currently have a 2 box splat cluster with a single ISP connected to the external interface
    We are getting ready to move...
  16. Re: Having an Issue with PCI scanner company need advice

    fwwidgit
    about the ACL's they are not there as a major line of defense just as an extra line of defense while they may not help will things like proxies etc they do help some and cut down on the...
  17. re: Having an Issue with PCI scanner company need advice

    ok just want to make sure

    the vendor i'm having an issue with is Comodo
    they list pretty much first when you google PCI scanning with there hackerguardian web site
  18. Having an Issue with PCI scanner company need advice

    I'm having a major argument with one of the PCI scanning companies right now and need some advice

    My current setup is I have a cisco router as gatway with some basic ACL's stopping traffic from...
  19. Replies
    39
    Views
    23,195

    Re: database revision control problem

    Update

    I had the problem again last week where the mv_doc.C file was zero k again
    interestingly enough I was just about to run out of drive space on var when it happened
    I went to make a a...
  20. Replies
    7
    Views
    4,475

    Re: Address Spoofing Alert

    sorry about the delay in getting back, been busy and this was low on the priority list
    I had a problem with smart center earlier this week and ended up having to rebuild it
    when i did that stopped...
  21. Replies
    39
    Views
    23,195

    Re: database revision control problem

    nope they dont know what corrupted it, i asked them flat out
    but the time stamp on the file points to the exact time on monday morning when I when to do a revison before I did deployed an update to...
  22. Replies
    7
    Views
    4,475

    Re: Address Spoofing Alert

    I'm running R65 on

    1 two box cluster Gateway
    1 single box Gateway
    1 smartcenter
    All are running SPLAT
  23. Replies
    39
    Views
    23,195

    Re: database revision control problem

    Well I got my problem fixed after calling support

    did some debugging with support using these commands in expert mode

    fw debug fwm on TDERROR_ALL_ALL=5
    fwm load -d Yourpolicyname...
  24. Replies
    7
    Views
    4,475

    Re: Address Spoofing Alert

    thats the problem I'm not seeing a source address
    everything showing in the log i put in the previous post, thats what makes this odd!
  25. Replies
    7
    Views
    4,475

    Address Spoofing Alert

    I'm seeing a lot of Address Spoofing Alert in the SmartDefence logs
    but not getting a lot of info off of the log file it's self

    Number: 499485
    Date: 13May2008
    Time: ...
  26. Replies
    39
    Views
    23,195

    Re: database revision control problem

    I've rebooted smartcenter a number of times after making the above changes, i've also tried doing cpstop and cpstart with no luck
    I'm going to be putting a ticket in with support later today i think...
  27. Replies
    39
    Views
    23,195

    Re: database revision control problem

    Thanks for the suggestion Thorpuse but it didn't work for me tried test and test for the name and comment and got the same error
  28. Replies
    39
    Views
    23,195

    Re: database revision control problem

    Any updates on this one
    I've just got this problem after 9 months of version control working just fine
    went to push a new config and by company policy create a database revison only to the the...
  29. Replies
    7
    Views
    3,301

    Re: Duplicating NAT from Shorewall Firewall

    Ok well got my problem sorted out just wanted to post a thank you to melipla and also post an update

    Word of advice when trying to fault find your NAT issues dont forget the other hardware that...
  30. Replies
    3
    Views
    2,568

    Re: SPLAT Smartcenter snapshot password ?

    Hi darkarchon

    this seem to be normal for the command line
    all my gateways and SmartCenter do the same thing when I try to use the SCP switch to backup or snapshot and send to an SCP server...
  31. Replies
    7
    Views
    3,301

    Re: Duplicating NAT from Shorewall Firewall

    OK
    well I tried both tricking it by adding an object with an Auto NAT of the external ip I wanted and that didn't work
    I also tried


    with the correct IP and MAC address and still nothing
    ...
  32. Replies
    7
    Views
    3,301

    Re: Duplicating NAT from Shorewall Firewall

    Thanks for the all Info
    My hands are currently tied with the routing, but it's something I can look at this the future
    I'll try tricking it and then if that doesnt work I'll add the arp to the...
  33. Replies
    7
    Views
    3,301

    Re: Duplicating NAT from Shorewall Firewall

    melipla thanks for the info.

    Here is a sanitized copy of one of the log files


    Number: 12844
    Date: 18Nov2007
    Time: ...
  34. Replies
    7
    Views
    3,301

    Duplicating NAT from Shorewall Firewall

    I am having a problem duplicating a setup i have in a Shorewall firewall under NGX r65 and Iím not sure if I've forgotten to do something or Iím not doing it right.

    Here is my situation

    Note ip...
Results 1 to 34 of 34