CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: lammbo

Page 1 of 5 1 2 3 4

Search: Search took 0.01 seconds.

  1. Sticky: Re: My Foundation Principles as Discussion Board Administrator

    This community was made great by it's contributors. Without these contributions, this site never would have been successful. Barry himself has contributed very little to the posted content on this...
  2. Re: Endpoint Security E75.10 client constantly disconnects

    Have you considered trying the R75 client, 1 version older but still virtually brand new
  3. Replies
    57
    Views
    20,014

    Re: Strange Issue with ClusterXL

    Some of the switches are layer 3 switches and some just layer 2, some gig, some 10/100. My gateways are not using multicast mode, I switched them to broadcast.

    None of this negates the fact that...
  4. Re: Hacker 'handshake' hole found in common firewalls - but not CP!

    Unrelated to the security portion, this was actually my favorite part of the article:

    (original text is here: Hacker 'handshake' hole found in common firewalls)


    This is something we have all...
  5. Re: Check Point gives away free Identity Awareness licenses

    I'm meeting on-site with my local CP sales team today, I will inquire to obtain confirmation.
  6. Thread: exporting data

    by lammbo
    Replies
    3
    Views
    1,548

    Re: exporting data

    Then look in this forum... all you need is there

    Web Visualization Tool
  7. Thread: exporting data

    by lammbo
    Replies
    3
    Views
    1,548

    Re: exporting data

    the answer here depends largely on what the purpose of the export is (backups, audits, etc.). if you expect a real answer for this question, you must describe WHY you want to export this data.
  8. Replies
    6
    Views
    2,110

    Re: vpn with secure remote and lan access problem

    There an SK on this?
  9. Replies
    3
    Views
    1,478

    Re: Quick failovers causing 15-20 second outages

    http://www.cpug.org/forums/clustering-security-gateway-ha-clusterxl/12012-strange-issue-clusterxl.html

    Welcome to my world... In a few short months I will be coming up on the 2 year mark and CP...
  10. Replies
    6
    Views
    1,454

    Re: Urgent help Needed!!!

    I disagree...

    1) If you don't have SIC, your firewall is already a doorstop so you're down already, just reset it on both sides and re-establish it. (If you're HA you can do this on one box at a...
  11. Replies
    8
    Views
    3,191

    Re: IP Appliance Throughput Testing

    As I've stated in multiple posts previously, I agree. The numbers are bunk.


    IMHO, Open server hardware and traditional licensing are your best bet. The appliance line, while 'less expensive'...
  12. Replies
    14
    Views
    9,489

    Re: Check Point (R71) to Cisco (8.3) IPSEC VPN

    Which does, of course, mean that one must actually push policy to distribute the changes.
  13. Replies
    8
    Views
    2,308

    Re: R65 NGX HFA 60 Smartcenter - New hardware

    I only keep a few, but then again, my company doesn't really have a policy that says I need to keep x number of revisions. IMO, the only time to make revisions is before some kind of maintenance...
  14. Replies
    8
    Views
    3,191

    Re: IP Appliance Throughput Testing

    How many interfaces does it have? So 10-15% times how many interfaces?

    It's my opinion that published numbers are across multiple interfaces, read this and see what your own conclusion is... And...
  15. Replies
    7
    Views
    11,299

    Re: Checkpoint to Fortigate IPSec VPN

    Just trust me when I say don't use it... it may be playing nice now but it doesn't always do so. Besides, who cares if it does a full negotiation and not an abbreviated one, it only takes a few...
  16. Replies
    7
    Views
    11,299

    Re: Checkpoint to Fortigate IPSec VPN

    No PFS with interops.
  17. Replies
    6
    Views
    4,279

    Re: SSL Network Extender

    So the gateways are capable of listening on 443 for both SNX and Visitor Mode traffic on the same port and what... sort traffic by headers?

    I was always under the impression that they couldn't...
  18. Replies
    6
    Views
    4,279

    Re: SSL Network Extender

    But if they use 443 for SNX then won't that mess with visitor mode?
  19. Replies
    16
    Views
    7,812

    Re: Passed the CCSA R71 Exam

    Really?!? Are you serious with this question?
  20. Re: Issuing accounts for several hundred users (certificate auth) any way to do it bu

    Yeah, what Maarten said... use the fwm dbimport feature to create the accounts and then go back to the accounts to fix the certs. Better than doing ALL of it manually.
  21. Replies
    18
    Views
    5,307

    Re: Smart Dashboard R75 Crash

    Only if you want to go to jail... all software is non-redistributable except by authorized agents (ie - VARs/Partners)



    This is what you're required to do.
  22. Re: How to see how many secure client licenses am i using

    [Expert@somefirewall]# dtps lic
    SecureClient Policy Server license summary
    ------------------------------------------
    | OS | Total Licenses | Used Licenses | Free Licenses |
    | Windows ...
  23. Replies
    3
    Views
    1,764

    Re: Backing servers in a DMZ

    Yes! Ask everyone to do so for you, you''l need it!


    I've been a firewall admin for quite a while now and I know my way around CP. I know how to do all the debugging to see even silently...
  24. Replies
    3
    Views
    1,764

    Re: Backing servers in a DMZ

    That software is absolutely the worst backup software ever. We could not get it to work without allowing 'any' protocol. We followed all the documentation, tried to get answers from them about why...
  25. Replies
    5
    Views
    3,270

    Re: Checkpoint Splat Backup / Restore

    Claims of a 'competing' website have been cited for the deletions. Although how a website with that sells nothing is considered competition is beyond me.
  26. Replies
    57
    Views
    20,014

    Re: Strange Issue with ClusterXL

    Finally heard back from support on this last part:
  27. Replies
    4
    Views
    2,399

    Re: Radius IP address assigment

    I don't know if it works or not (have never attempted), but if you have multiple sites, you may wish to reconsider obtaining an IP in this manner because of the subnet/routing issues you will...
  28. Replies
    5
    Views
    2,311

    Re: SecureClient from a hotel problem?

    Visitor mode uses 443. If your firewall's Web UI is listening on 443 there is a conflict.

    http://www.cpug.org/forums/secure-access/10665-how-change-admin-console-port-443-endpoint-server.html
  29. Replies
    8
    Views
    2,251

    Re: error while saving policy

    Is there any room on your hard disks?
  30. Replies
    6
    Views
    2,144

    Re: SecurClient Continuous Password Request

    Based on my experience with this type of issue, I suspect that there are domain controllers or some other resources that your remote user is trying to access (even if they don't know it's happening)....
  31. Replies
    6
    Views
    1,954

    Re: IPSO VRRP - Do Not Cascade Switches

    In a million years, I would never follow what's in that guide. And way back in the day, when I had Nokia boxes on VRRP, I had 2 switches with a trunk port between without a single issue. I can't...
  32. Replies
    5
    Views
    3,316

    Re: Licensing issue.

    And I want you to share! giggity!
  33. Replies
    2
    Views
    1,519

    Re: Looking for Network/Firewall engineer

    I would consider it, but I just really don't want to move from Charleston... ever. Not saying I won't, just that I don't want to.
  34. Replies
    4
    Views
    1,955

    Re: Q: HotFix Installation..

    My advice here is ALWAYS reboot after installing anything, even if it says you don't need to.
  35. Replies
    6
    Views
    2,144

    Re: SecurClient Continuous Password Request

    Sounds like you've got a gateway that can't authenticate someone. Do you have multiple sites?
  36. Re: Traditional to Simplified with lost functionality

    I feel your pain. With the loss of traditional mode came a great loss on granularity over controlling site to site traffic.
  37. Re: Traditional to Simplified with lost functionality

    http://www.cpug.org/forums/dynamic-routing/13286-how-mpls-setup-automatic-failover-public-circuit.html

    2 Options... one explained, one linked in the post above.
  38. Replies
    16
    Views
    3,274

    Re: UTM-1 Edge W needs rebooting every day

    It's just a standard DC power supply with a very high amperage rating (about 3x most 'normal' power supplies). I found dozens of them online made by 3rd party vendors and they all work fine. Just...
  39. Re: Licensing question - Now R70.1 to R75 management server

    I concur... run the license upgrade tool to see what it spits out. If you're not seeing all of your licenses when running the tool, contact your SE.

    All of mine showed in my list even though...
  40. Re: Smart Monitor displays wrong memory info - IP nokia flash based

    SVM is broken, don't rely on it for accurate resource information on your gateways. Search this forum for SmartView Monitor (or SVM) and you'll see hundreds of posts stating such. If you want to...
  41. Re: Smart Monitor displays wrong memory info - IP nokia flash based

    It's normal that every software product since the beginning of computers needs more resources with every generation. Look at windows alone, Win 3.1 was < 90 mb installed, W7 is somewhere around 7 GB...
  42. Replies
    18
    Views
    3,817

    Re: Setup SmartCenter Server on Windows7

    Why not just go to user center and download the license again?
  43. Replies
    29
    Views
    8,312

    Re: Power-1 appliance 9075 vs Splat gateways...

    That was an R70 install BTW. I was in Charleston and the gateway was in Atlanta, during peak business hours. The disc was mounted in my workstation's drive locally. I just re-checked my install...
  44. Thread: Bootable Media

    by lammbo
    Replies
    3
    Views
    2,633

    Re: Bootable Media

    I've had to re-burn CP ISOs more frequently that any others. I don't know why either, it was not my media as it had always worked fine for everything else for years. Once I got a good burn though,...
  45. Replies
    4
    Views
    1,625

    Poll: Re: Checkpoint VPN resource

    If it didn't require me moving, I would consider it.
  46. Replies
    29
    Views
    8,312

    Re: Power-1 appliance 9075 vs Splat gateways...

    I highly recommend reading this thread for a better understanding of CoreXL before working out your licensing:...
  47. Replies
    29
    Views
    8,312

    Re: Power-1 appliance 9075 vs Splat gateways...

    But how long will it take to convince some random support lackey that it actually needs to be replaced before this happens? How many requests for CPinfo and other stuff will occur first with hours...
  48. Replies
    29
    Views
    8,312

    Re: Power-1 appliance 9075 vs Splat gateways...

    (Bolded for emphasis but no other editing)


    Unacceptable amount of time to run without an HA backup IMO. That there are no other options available says it all. I have 4 hour parts from HP and...
  49. Re: Our results for R65 HFA40 upgrade to R70.10 by using SmartUpdate

    This is why I only use SU to attach licenses, I won't even a apply an HFA via SU. For that matter, even obtaining a cpinfo from this tool seems to be flaky.

    I learned 8 years ago that:
    1) On...
  50. Replies
    13
    Views
    2,442

    Re: Pre-defined filtering for users possible?

    The Read/Write on tracker (that I mentioned earlier) only allows them to save queries/filters they write. This R/W permission does NOT allow them to create firewall logs. That database (yes, the...
  51. Replies
    6
    Views
    3,136

    Re: ClusterXL and bandwidth degradation

    This.

    Most of the senior admins will back this (search other posts). A/A is almost never necessary, go HA.
  52. Replies
    3
    Views
    4,959

    Re: Invalid Cookie Issue

    And this will continue to happen as long as CP fails to follow the 80/20 rule and insists on maintaining this silly default behavior of creating supernets (for contiguous subnets) when negotiating...
  53. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    My .02 on this... may be relevant assuming your old version was the 2.4 kernel.

    When transitioning from 2.4 to 2.6, your PCI-X Intel NICs WILL NOT pass traffic. Time for new boxes. CP support...
  54. Replies
    24
    Views
    6,599

    Re: Has CPUG banned Check Point from the forums?

    +1 rep!
  55. Replies
    13
    Views
    2,442

    Re: Pre-defined filtering for users possible?

    Yep, my question also actually. Even PCI does not have this requirement and they're dicks about everything but I've never experienced this requirement.
  56. Replies
    9
    Views
    3,406

    Re: FIB and ClusterXL

    That would suck if you had a power failure and both UPS units ran out of battery. When the power comes back on, both gateways would power at the same time. Interesting, never thought about it like...
  57. Replies
    13
    Views
    2,442

    Re: Pre-defined filtering for users possible?

    Also, modify whatever admin template they belong to by:
    Manage --> Permission Profiles --> (Pick existing or make a new one) --> Edit --> (Customized) Edit --> Monitoring and Logging --> Track Logs...
  58. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    Ok, I had to do it...

    I dug out my old install CD's from the software library and got my old R54 kit out. In the documentation, dated June 2003 there is a file named PerformancePack.pdf. In this...
  59. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    Thanks! I completely forgot I could check all my original install CD's for the documentation of that time. IMO, this is damning evidence for CP's stance on 'now we're enforcing this where we...
  60. Re: PC not accesible on LAN after Endpoint Security is set up

    Or... you could make rules in your DTSP rulebase that allow inbound traffic from your trusted networks and then it's not an issue at all. This is really the proper method to deal with this.
  61. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    Wait... this is quoted from the manual? (I can't find this document to verify it myself)

    If so, then that makes the argument about "now CP is enforcing..." completely bunk (which we already...
  62. Re: duplicate IP address 150.50.12.5! sent from mac address: 00:03:d2:e0:06:03:From:1

    It says duplicate IP so I would assume it has nothing to do with magic mac. I'd shut down this box and start doing a network trace for whatever box has the same IP so I could shut it down/resolve...
  63. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    The issue I think most have with the way this is being addressed is quite simple actually. For years and years we've been buying the top form of unlimited licenses for our gateways. R60 was...
  64. Thread: IKE Version 1

    by lammbo
    Replies
    14
    Views
    4,287

    Re: IKE Version 1

    Yep, actually that is true (now that I've looked it up). I would have sworn that started with R65 until now...
  65. Thread: IKE Version 1

    by lammbo
    Replies
    14
    Views
    4,287

    Re: IKE Version 1

    Ask the company who owns the box you're peering with to join us in not just this decade, but century as well...

    I don't know that there's anything you can do about this and even if you could, who...
  66. Replies
    6
    Views
    2,536

    Re: VPN Connectivity

    Make sure to turn on the NAT traversal mechanism in your client so it'll encapsulate the packets. This one check box may solve your issue entirely.

    Here... for reference:...
  67. Replies
    10
    Views
    2,246

    Re: What is the "Accept" icon?

    lol.... "free"way





    NOT!

    (ok, sorry, just couldn't help myself)
  68. How To: Move management server to another subnet

    This post is a guideline only, your mileage may vary. This procedure was written using an R70.30 SMS and gateways at 8 external sites using a distributed deployment model. Please consider any...
  69. Replies
    2
    Views
    1,714

    Re: Changing IP subnet (not standalone server)

    Almost done, sorry for delays... got sick last week.

    The how to thread is here:...
  70. Replies
    43
    Views
    9,210

    Re: Please stay away from Power-1 Appliance 11065

    I can't speak for Barry but I've been a member here a long time. The players are the same but IMO, CP has changed the rules. I had great respect for the products prior to R70 but the issues have...
  71. Replies
    7
    Views
    2,326

    Re: How much bigger with Accounting logs?

    Been a while since I messed with this but IIRC, it's not so much the size of the logs but the load on the firewall as the log size increases very little for the byte data. The bigger concern would...
  72. Re: Endpoint Security client stuck on personal policy

    rapidshare or some other public hosting service. if you were willing to post it here, those sites wouldn't make a difference. maybe you want to zip it with a solid password and then PM the password...
  73. Replies
    30
    Views
    11,502

    Re: Check Point R70 R71 R75 Visual Road Map

    Yeah... if my hotfixes for 70.30 get ported to 70.40 then I hope to have all my site upgrades from R65 completed. I wouldn't dare risk it without having those HF's before I begin though, especially...
  74. Replies
    30
    Views
    11,502

    Re: Check Point R70 R71 R75 Visual Road Map

    Wow! I liked yours better anyway. Since they took yours and subjugated it, maybe you should change yours up a little and add the upgrade path lines as well. You know, since the paths are actually...
  75. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    If you think that's bad, read my post on CoreXL to see how process are affiliated to a single core and what it does with performance... ...
  76. Replies
    4
    Views
    2,113

    Re: File transfer freezing

    Use WinSCP 4.1.9, nothing newer or it locks up.
  77. Replies
    29
    Views
    10,401

    Re: SecuRemote on Windows 7 64bit

    Yep, AFAIK, this is true. I had to sign one when I was on the EA for Eventia.
  78. Replies
    2
    Views
    1,714

    Re: Changing IP subnet (not standalone server)

    There are plenty of posts on here about this topic but I just did this 2 weeks ago. If you can wait just a few days (no later then the end of the week), I have almost completed corrections on my...
  79. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    Hey, at least you can get your sales team to actually come and discuss it with you... I've been trying to get my sales team on-site for well over a year now to discuss the conversion of the...
  80. Re: How to determine which hotfix were included in HFAs?

    Thanks, I'll make sure I ask for them next time.


    BTW, my VAR has confirmed the management HF is in 70.40. Still waiting on an answer for the 2 gateway fixes.
  81. Re: How to determine which hotfix were included in HFAs?

    (yes, I am resurrecting this thread)

    While this may be true for those of you who have internal access and can look these CR's up, that does not do us "Regular Joe Admins" any good. Case in point,...
  82. Replies
    10
    Views
    2,246

    Re: What is the "Accept" icon?

    It's a toll bridge. :P
  83. Replies
    3
    Views
    2,221

    Re: Non contiguous IP range

    Search this forum, I've explained this many times in many posts.
  84. Thread: Network Outage

    by lammbo
    Replies
    11
    Views
    3,055

    Re: Network Outage

    /signed
  85. Re: The rule allow the communication between Management Station and Firewall is disab

    I gave you the answer. There is no other possibility to recover from this except by fixing the rulebase and then unloading the firewall policy on the gateway so you can push the new one that allows...
  86. Re: The rule allow the communication between Management Station and Firewall is disab

    OK... you have one of 2 issues here and based on what you've written I'm not sure which.
    1) You disabled a rule in the rule base. To enable the rule again, right click on the rule number and choose...
  87. Thread: What?!?

    by lammbo
    Replies
    2
    Views
    1,491

    Re: What?!?

    Giggity!
  88. Thread: What?!?

    by lammbo
    Replies
    2
    Views
    1,491

    What?!?

    Can't report spam on this post:
    http://www.cpug.org/forums/66533-post159.html



    This is the error I get:
    lammbo, you do not have permission to access this page. This could be due to one of...
  89. Re: R75 and CPFW-FM-U-NGX CPMP-PPK-1 Lics, Core limitation

    Slightly disagree here about only 2 cores. I would say the majority of us have been running dual Xeons for a very long time - which shows up as 4 processors. Just my .02
  90. Replies
    3
    Views
    1,342

    Re: upgrade log server to R71

    same license
  91. Replies
    3
    Views
    1,342

    Re: upgrade log server to R71

    Don't do it. Not on a G2. I don't even think the 2.6 kernel will run on that hardware, or if it does, it can't be running very well. G5+ for R70+
  92. Replies
    1
    Views
    1,965

    Re: Office Mode with DHCP virutal IP?

    Read these:
    http://www.cpug.org/forums/secureclient-securemote/13920-issue-office-mode-dhcp.html
    ...
  93. Thread: Sharing cpinfo

    by lammbo
    Replies
    25
    Views
    7,802

    Re: Sharing cpinfo

    FWIW, I just did an SFTP of an upgrade_export of my SMS for this case.

    R&D is going to restore my SMS in a lab and create some R70.30 gateways to duplicate the issue.

    I have no issues with...
  94. Thread: Proxy Arps

    by lammbo
    Replies
    5
    Views
    2,489

    Re: Proxy Arps

    OOPS! Forgot about that when I said yes. What is stated here is correct, not what I said earlier.
  95. Thread: Proxy Arps

    by lammbo
    Replies
    5
    Views
    2,489

    Re: Proxy Arps

    It has to, because once you start arping the IP's in that subnet they ARE directly attached to that ISP's router.


    I won't ask why about the ISP but I will say don't give up and stick with them. ...
  96. Thread: Proxy Arps

    by lammbo
    Replies
    5
    Views
    2,489

    Re: Proxy Arps

    Make them add a route so the non-contiguous secondary public subnet is pointing to your gateway's (cluster) IP to avoid proxy arp. Don't take no for an answer, there's no reason they couldn't add a...
  97. Re: one way tunnel? Site-to-site IPSec, Cisco router to R71

    Generic SK that's completely worthless...


    Read these threads: (some are from other vendors, it's what is said in these threads that's important, not the vendor, as most interops behave the same...
  98. Re: How to detect a memory leak on Security Gateway with SecurePlatform OS

    I can see that sk logged in with expert access but not at all when I'm not logged in. I don't think we're allowed to publish SK's that require expert access here (legal issues?)
  99. Replies
    29
    Views
    10,401

    Re: SecuRemote on Windows 7 64bit

    Thanks for the update man. BTW, sorry for the constant rants on this, I don't blame you or my SE for this debacle of having to wait for so long, it's not your fault. I appreciate that you get...
  100. Replies
    29
    Views
    10,401

    Re: SecuRemote on Windows 7 64bit

    Or you could just wait for CP to pull their head out of their ass and get us a viable client. Win XP 64 was released in 2001 so they've only had 10 years to get it right.

    Inform your SE how...
Results 1 to 100 of 500
Page 1 of 5 1 2 3 4