Search:

Hi,

I am curious to know if it is possible to make the deployment of the Anti-Bot Blade silent. At this point I have used my test policy to deploy it to a machine that doesn't have it and although...

HI,

In the Client Settings section under Default Client User Interfaces tab the setting overwrites the images on our desktop preconfiguration. Is there a way to bypass using this and just leave...

Hi,

While in the Web UI of my gateway I selected the mgnt interface and selected "disable" and now of course I cannot get to the gateway via the Web UI or any other interfaces. I do maintain...

HI,

I have an R75.30 Management Server running on Splat.
I have a Nokia IP390 running R65.70
The current Remote Access community member is a Nokia IP390 running IPSO and the CheckPoint version...

Hi,

We are unable to push a policy to our Checkpoint IP Cluster, all of a sudden. We have 10 firewalls managed by our Management Server, and only the Cluster doesn't allow policy pushes. The error...

Hi,

Moving to HFA70 on an IP350, I know... I won't be on it much longer.

Question, will an IP350 with a gig of memory allow me to put the required IPSO 4.2 106a04 on it for the move to HFA70?...

Hi,

Simple question...

I am running R65 HFA70 and want to know if there is currently a Secure-Client (64bit) version available for MAC's new OS Lion? I am in the process of upgrading to R71.3,...

I've heard some people say that I should export my settings on the management server and build a freshly installed R71.3 management server. Then import that exported backup. That seems laborious to...

Hi,

Thanks for your response. I see I wasn't very clear in the my question, sorry for that.

I have a Chekpoint R65 HFA40 management server running on windows in VM, and IP390 gateways running...

I am currently running R65 HFA40 on Nokia IP390's and am looking to find the best version of R7x to move to, where the upgrade process and path have the smoothest, problem free result. I have seen...

Oddly ... This didn't work for me when I created the additional service. Is there anything other then leaving the protocol type blank?

I have looked at the processes running and the two SMTP ones seem to be the lionshare of the CPU usage. It would surprise me that an IP390 has trouble processing email when all its doing is...

Yes it is a UTM gateway

Hello,

Nokia IP390
IPSO 4.2 build096
Checkpoint R65 HFA30

I have a gateway that all of a sudden appears to have a hard time processing email. The SMTP and SMTPd seem to be collectively taking...

Hello,

I want to know how I can find out on a Checkpoint R65 install with HFA30 on Nokia IPSO running 4.2 build096 what someone chose that built the gateway when they got to the "press 1" for...

I completely agree with upgrading one, failing the cluster over, then upgrading the other. We have done this successfully when HFA's needed to be applied to our clusters.

First thing is to ftp the HFA file to the device your upgrading into the packages directory

Telnet to the firewall and login as admin

When starting at - /var/ehome/admin - follow these...

Hello,

R65 HFA30 running on IPSO 4.2

I don't think we can do this but I thought I would ask the experts. We are running remote access VPN on a gateway of ours and also have wireless running...

What kind of NAT entry would potentially cause this? :)

Another thing to mention is there is no routing here...

I am talking about traffic where the firewall is the gateway and the firewall interface is connected to a switch. The switch is 24port and...

I agree it makes no sense...

When a policy is pushed, traffic that never used the gateway before, because it's destined for another node on the same network, starts to see the gateway. The best...

Hello,

I have an R65 gateway running HFA30 on an IP390 with IPSO 4.2 build096. Whenever I push a policy to it one of my DMZ networks begins to have issues where it randomly blocks traffic (out of...

I had some port forwarding working and when I applied my 25 user license it stopped. Here is what I had setup

FW Rule
source destination port
any publicIPXX 4100

My Nat...

Hello,

I am creating a new security policy for a new gateway I am setting up and will have Remote Access and Site-to-Site VPN on it (Site-to-Site between two Checkpoint gateways). I want to know...

I have been told I have a bad R65 install on an IP390 and I suspect its config. I notice this command doesn't appear to reset everything as I still see host entries? Are there any other things I...

Senior Members... :)

Have a look at the article and see what you think. It really seems to fit our problem...
...

Hello,

It would appear that the "static work assignment" is no longer working after the upgrade to R65 HFA_30 from R60 HFA04. When the second member of the cluster is removed the significant...

Hello,

We recently upgraded our IPSO Cluster of two Nokia IP390's from R60 with HFA04 to R65 with HFA 30. The upgrade appeared to apply to both members simultaneously, which wasn't what appeared...

Thanks ... Better safe then sorry :)

Hello,

I would like it if someone could verify to me that R65's HFA_30 is a cumulative HF for the R65 version. This would mean that it includes HFA02 and the Hotfix for HFA02 inside the HFA_30...

I was looking to see if there was a Checkpoint or IPSO way to block at the command line an individual IP. It would likely be easier to block at the command line in the event we were getting attacked...

Hello,

I am looking for the syntax at the command line to block an individual IP on an R60 Checkpoint Cluster. Anyone help me out with this?

We have Nokia's clustered running Checkpoint R60

Hi,

I appreciate your answer. I have been in contact with Checkpoint Support on this issue and they acknowledge it is in fact a problem. They have said they hope to add a fix into a future HFA but...

Hi,

Thought I would ask some questions and offer some more information on this issue. Is anyone else having it? This issue is also one that can be recreated quite easily, so I would expect this...

Hello,

I have recently upgraded our nodes to R65 HFA02 with the hotfix, from R60 HFA04. We are now seeing a very large number of out of state packets, which naturally are affecting performance and...

Our proxy server has started generating an inordinate number of our of state packets being seen by our firewall. Has anyone seen this before? This seems to be a relatively new development for us. The...

Hello,

I am getting a ton of syn attack messages from our proxy servers in Tracker while they handle web browsing requests. This just started happening a couple of weeks ago but has now made...

Hello,

I am upgrading a Nokia IP390 firewall from Checkpoint R60 with HFA04 to Checkpoint R65 with HFA02 and the hotfix for HFA02. I have successfully run this already on 4 gateways without issue,...

Hello,

Same error... Still not working :(

Any other ideas?

Hello,

I really appreciate your response.

I have a question on what you have suggested. Does a "get topology" not take care of updating things from the Nokia portion and also take care of...

Here is a section of the VND.ELG file... I removed the IP's and the community name...


Sorry it's so long...


[vpnd 16775 3056128]@FW[3 May 7:22:38] fwd_log_handler called (data == 0x0, dlen...

Found it... It's not plural...

This is going to sound funny but I cannot find the directory "logs"?? in the root there is no directory called logs?

Thanks for the reply...

I will try that and post what I see.

Hello,

I am unsuccessfully trying to establish a Site-to-Site VPN between a Checkpoint R65 gateway and a Nortel CES 2600.

I have created an interoperable device for the Nortel and added a rule...

Is there an easy way to convert the existing policy? Or do I have to create a new simplified VPN policy and make it look the same as the existing one.

I am kinda hoping there is a "save as...

I have one last question...

Seeing as there are all of these steps to do this in traditional mode should I be converting my policy to a simplified VPN policy? Are there any advantages or...

Hi,

Thanks for the reply.

I do not see the VPN tab when I open the rulebase for that gateway. If simplified was there I see how it would be easy cause when I create a rule and want it to...

Thanks for that...

Also one more thing. I am not using "simplified VPN" so how do I create encryption rules telling the traffic destined for that network to encrypt?

Hello,

I am establishing a site-to-site VPN between an external company and my own. My gateway is R60 with HFA04 on a Nokia device. I have created the mesh site-to-site VPN community and setup the...

Hello,

I have a Nokia IPSO cluster running 4.2 Build042_HF002 and I see one of my members constantly leaving and rejoining the cluster. It is always the same member and the activity continues even...

Hello,

I have Web Intelligence setup and working but for some reason if the URL is HTTPS the protection doesn't work???

Is there something I'm missing here?

Many thanks :)

Hi,

Thanks for the reply...

I have one active/active Nokia IP cluster and two other single gateways... Looks like I'm in for four 3 web licenses...

Do I use the IP of the management server...

Hello,

So I am guessing that I need to swap my 10 web license for three 3 web licenses... I will then also assume that my three gateways will each have a license which gets added under the...

Hello,

Thanks for the reply...

If I have a IP cluster in production will I need a second license when I try to add webs that are protected by that gateway?

I was always given the impression...

Hello,

Here is the error when I try to push a policy... I get this error even if I try to push a policy with only one web added to the list???

"Additional licenses for Web Intelligence are...

Hello,

We want to use Web Intelligence and have used a 30 evaluation license to do so to this point. When we started the evaluation, we have used about 3 30 day evals so far, we were on R60 on our...

Hello,

We have an IPSO cluster running version 4.2-Build042 HF002 using Checkpoint R60 with HFA04 and are having a very odd issue. We have three ip's, one for each cluster member as would be...

Anyone... Bueller... :)

--------------------------------------------------------------------------------

I have a setup in a lab that has two IP390's using Nokia IP clustering and want to apply HFA_04 to it. I am running...

I have a simialr setup in a lab to what is described here. 4.1 with R60 vanilla install and looking to apply HFA_04 to a Nokia clustered pair of IP390's. The install is not flash based (I have a pair...

Hello,

I have an IP350 running IPSO v4.1 with checkpoint NGXR60 and I am getting a 99% CPU. When I check the process log and it tells me this process is taking up most of the CPU ...

nobody...

Hello,

We started getting smart defense messages that tell us we are getting two things blocked...

Traffic on port 1039 between our DNS servers using service domain-udp (53)

and
...