CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: Dave365

Search: Search took 0.00 seconds.

  1. Replies
    2
    Views
    1,592

    Re: Rate Limiting Rules in R77.20

    Hello.

    Thank you for the clarifications. What I want to do is to limit the connections per source IP (mainly the concurrent connections). If I understand correctly, this is not exactly what...
  2. Replies
    2
    Views
    1,592

    Rate Limiting Rules in R77.20

    I want to configure rate limiting rules as described here:
    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk112454

    and I'm trying to...
  3. Mobile Access Rules for Capsule Connect/VPN Mobile Apps

    Hello,

    I'm trying to figure out how the mobile access and firewall policies must be configured to allow access only to specific applications via the capsule connect/VPN mobile apps (instead of...
  4. Replies
    5
    Views
    2,969

    Re: SSL/TLS Inspection for FTPS Connections

    Good points.

    Thanks for the feedback everyone.
  5. Replies
    5
    Views
    2,969

    Re: SSL/TLS Inspection for FTPS Connections

    Thanks for the info.

    For this specific case it has to be FTPS. We don't have an option.

    However, in case of SFTP the IPS still cannot see the traffic decrypted right?

    Do you consider SFTP...
  6. Replies
    5
    Views
    2,969

    SSL/TLS Inspection for FTPS Connections

    Hello,

    Anyone achieved SSL/TLS Inspection on a securing gateway for FTPS connections (FTP over SSL/TLS, not SFTP)? is this possible?

    There are various protections in IPS blade regarding FTP,...
  7. Two-Factor Authentication with DynamicID for Mobile Devices

    Hello,

    Anyone knows if two-factor authentication with DynamicID is supposed to work for VPN connections from mobile devices as well?

    The "Allow DynamicID for mobile devices" is checked in...
  8. Replies
    2
    Views
    2,292

    Re: Clear-Text Dump for HTTPs-Inspected Traffic

    Thanks.

    This is what I am trying to do now, to record the traffic on client-side. However, the client is an application not a actual web browser and it seems the behavior changes when the...
  9. Replies
    2
    Views
    2,292

    Clear-Text Dump for HTTPs-Inspected Traffic

    Hello,

    I am doing some troubleshooting for some HTTPS connections to a web server I don't control and we perform HTTPs inspection for Application Control/URL filtering on our CheckPoint gateway. I...
  10. Replies
    3
    Views
    1,435

    Re: Script for Scheduled Migrate Export

    Thank you both, this is really helpful.

    Those examples are using SCP to copy the files to remote host. Is it possible to do an SFTP or FTPS transfer instead?

    For SFTP, I am trying something...
  11. Replies
    3
    Views
    1,435

    Script for Scheduled Migrate Export

    Hello,

    I am looking for a simple script to run using cron, for performing scheduled migrate/upgrade export and save the file to a remote SFTP or FTPS server. I prefer SFTP or FTP instead of SCP...
  12. Exporting Application Control Rules in HTML/XLS/CSV File

    Hello,

    Anyone managed to export the application control rules in a format that can be used to create reports?

    I tried the Web Visualization Tool, but it seems it can only export the firewall...
  13. Replies
    8
    Views
    2,539

    Re: Fingerprint shown to Users for SNX

    I tested this from a laptop connected to a guest Internet connection we have (I connected the laptop directly to the internet modem), so there is nothing between that laptop and the internet....
  14. Replies
    8
    Views
    2,539

    Re: Fingerprint shown to Users for SNX

    The fingerprint of the internal_ca certificate, also doesn't match with the fingerprint presented to the users.

    How can I find out the fingerprint of the HTTPS Inspection certificate?

    From the...
  15. Replies
    8
    Views
    2,539

    Re: Fingerprint shown to Users for SNX

    It's for all users. The same fingerprint is shown to all users, but it's not the same shown in gateway's properties.

    There is nothing between the users and the gateway. Only a router is connected...
  16. Replies
    4
    Views
    3,063

    Re: Malformed HTTP protocol name in response

    The strange thing is that it happens for connections initiated from different Operating Systems, different type of users and for random website. Also, no user was complaining about any website not...
  17. Replies
    0
    Views
    1,525

    IPS Protections for Mobile Access Traffic

    According to the manual:
    "When you enable Mobile Access on a Security Gateway certain IPS Web Intelligence protections are activated. The settings of these protections are taken from a local file...
  18. Replies
    2
    Views
    1,124

    Re: Mobile Access Secure Workspace Crashes

    We tried this from Windows 7 and Windows 8/8.1 (both laptops and desktop computers). Most of them are HP but we have some other brands as well.

    The windows was installed on all PCs with the...
  19. Replies
    8
    Views
    2,539

    Re: Fingerprint shown to Users for SNX

    Do you mean the certificate shown in Gateway settings, under Mobile Access -> Portal Settings -> Certificate?

    The fingerprint shown here is still different than the one presented to the users....
  20. Replies
    2
    Views
    1,124

    Mobile Access Secure Workspace Crashes

    We have a problem with Secure Workspace from laptop computers.

    Mobile access is working fine without the SW option. However, when choosing the "Use Secure Workspace" option, while the secure...
  21. Replies
    8
    Views
    2,539

    Fingerprint shown to Users for SNX

    What certificate must be checked to verify that the fingerprint matches with the fingerprint displayed to the user the first time connecting with SNX?

    i.e. I checked the fingerprints of all...
  22. Replies
    4
    Views
    3,063

    Re: Malformed HTTP protocol name in response

    Accidentally posted this under IPSec VPN Forum. It should be under IPS..
  23. Replies
    4
    Views
    3,063

    Malformed HTTP protocol name in response

    I observed that a lot of outbound connections from our user PCs to various internet web servers, match on the "Non Compliant HTTP" IPS protection with reason "illegal header format detected:...
  24. SSL Inspection for SMTP over SSL/STARTTLS traffic

    Hello,

    We have some R77.30 gateways with the IPS blade and our mail-relay servers behind the firewalls accept encrypted SMTP connections (port 25).

    Is there a way to inspect the traffic so that...
  25. Replies
    10
    Views
    2,678

    Re: Hide NAT on Second External Interface

    Now it's clear. Thanks for the information everyone!
  26. Replies
    10
    Views
    2,678

    Re: Hide NAT on Second External Interface

    When I turn off SecureXL, tcpdump/fw monitor shows the correct information (packets with translated source address).

    As soon as I enable SecureXL, tcpdump shows the original source address again....
  27. Replies
    10
    Views
    2,678

    Re: Hide NAT on Second External Interface

    I rebooted the gateway and checked again and now I see something really strange!

    In the tracker, now I see the packets with the source IP being translated normally (XlateSrc). However,

    with fw...
  28. Replies
    10
    Views
    2,678

    Re: Hide NAT on Second External Interface

    mcnallym, thanks for your reply.

    I added a new sub-interface to an interface that already had sub-interfaces and no IP on the Physical Interface. Also, I added the NAT rule first, above all other...
  29. Replies
    10
    Views
    2,678

    Hide NAT on Second External Interface

    We have an Internet-facing R77.20 cluster (Active/Standby) with one external interface and everything works fine. We hide-NAT internal subnets behind the gateway's external interface (VIP address).
    ...
  30. Replies
    3
    Views
    2,439

    Re: Inbound HTTPS Inspection

    The certificate imported on the firewall to be used for the HTTPs inspection, is the exact same certificate used on the Web Serer.

    So if I understand correctly, the gateway terminates the...
  31. Replies
    3
    Views
    2,080

    Re: URL Field in SmartView Tracker

    The resource field shows the URL fine. Thanks :)
  32. Replies
    3
    Views
    2,439

    Inbound HTTPS Inspection

    Hello,

    We use inbound HTTPS inspection for the connections from the internet to various web servers located behind a gateway. SSL v2/v3 is disabled in the configuration of web servers.

    When...
  33. Replies
    3
    Views
    2,080

    URL Field in SmartView Tracker

    Hello,

    We have Application Control/URL Filtering blade with HTTPS inspection enabled, but in Tracker when I add the URL field, a URL is now shown in the relevant log entry when a user is accessing...
  34. Replies
    4
    Views
    2,202

    Re: Blocked Message in Browser for HTTP Sites

    Interesting. Then how application control works? i.e. We are able to block facebook as an "application" even if the https inspection is disabled. Is it using the destination ip addresses or using...
  35. Replies
    4
    Views
    2,202

    Blocked Message in Browser for HTTP Sites

    Hello,

    We have some R77.20 gateways with Application/URL Filtering blade and HTTPS inspection enabled.

    We also bypass HTTPS inspection for specific users. For those users, when an HTTP site is...
  36. Replies
    2
    Views
    1,095

    Peer IP address for Active/Standby Cluster

    Hello,

    We have an Active/Standby cluster (R77) and want to setup a site-to-site VPN with a remote gateway.

    The peer IP address where the VPN tunnel will terminate in our side, will be the IP...
  37. Re: Automatically block source IP address when matching a protection

    It's clear now. Thanks for your input!!
  38. Re: Automatically block source IP address when matching a protection

    Thanks for your reply. How can I identify the offending source IP address from within the script? Are there any variables that can be used to return information about the connection? if yes, what is...
  39. Automatically block source IP address when matching a protection

    Hello,

    I'm wandering if there is a way to automatically block the source IP address for some time when an attack is prevented (traffic matching a specific protection), without using the SmartEvent...
Results 1 to 39 of 39