CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: blason

Page 1 of 4 1 2 3 4

Search: Search took 0.01 seconds.

  1. Replies
    2
    Views
    1,070

    Can we login to Postgresql of R80.10?

    Hi Team,

    Is it possible to login or access the postgresql database on R80.10 Smart Event?
    What it the default username and password?

    TIA
    Blason R
  2. Re: VPN Remote User with timeouts and low performance

    Hello,

    Would you mind sharing the exact entries changed? I think I am facing the same issue.
  3. Replies
    10
    Views
    4,819

    Re: Split Tunneling based on Application Control?

    I am testing this on my ubuntu 16.04 and not getting any success. Can you please help with your script?
  4. Re: 5900 and SMT Or Assign particular core to Particular interface

    Yes, thanks for the help and really appreciate that.
  5. Replies
    2
    Views
    722

    Re: S2S VPN is getting disconnected frequently

    Hahah...dont you think I have not done that? That is the first thing I done and it does not show anything. However I found below error while doing fw ctl zdebug

    dropped by do_outbound, reason:...
  6. Replies
    2
    Views
    722

    S2S VPN is getting disconnected frequently

    Hi there,

    I have two firewalls being managed by same mgmt server and suddenly I started facing issue with VPN. The tunnel between these two firewalls goes down very frequently. If I reset it from...
  7. Re: 5900 and SMT Or Assign particular core to Particular interface

    Well I did complete debugging and just FYI enabled_blades are NGTP except AntiSpam. Even talked to TAC confirmed that packets are traversing in F2F is due to ISP redundancy load balancing as packets...
  8. Re: 5900 and SMT Or Assign particular core to Particular interface

    OK - Does that mean since my CPU utilization is not hitting 75% DD is not being fully utilized?

    But again I am unsure why my most of the traffic is passing in F2F?

    Well after debugging little...
  9. Re: 5900 and SMT Or Assign particular core to Particular interface

    1) SecureXL is off (fwaccel stat) and therefore automatic interface affinity is off too
    Nah - SecureXL is ON and running but most of the packets I am seeing in F2F. I also have DROP templates...
  10. Re: 5900 and SMT Or Assign particular core to Particular interface

    Pertaining to my earlier thread since I have 8 Physical Core out of that 2 are assigned to SND. I am seeing below on firewall.

    Is this normal? I guess it should have shown NICs on CPU 1 as well?
    ...
  11. Re: 5900 and SMT Or Assign particular core to Particular interface

    I am seeing 16 cpu in cpview; does that mean it has SMT enabled?
  12. Re: 5900 and SMT Or Assign particular core to Particular interface

    Great and thanks for quick and very useful feedback.
  13. 5900 and SMT Or Assign particular core to Particular interface

    Hi there,

    I just switched to 5900 appliances with 32 GB RAM And it has 16 Cores. Though I guess only one core is assigned to Network which is fw_worker_0. Since my network DMZ is carrying huge...
  14. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Awesome man...you da man..let me try that :)
  15. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Already done with 302 but still an issue. Now escalated to TAC
  16. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Yep it was definitely an issue with sim and this is waht I have been doing it workd for almost 1 -1.5 hour after I do that and then breaks automatically. Not sure what to do?
  17. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    This is again weird that worked for sometime when I did sim vpn off and fwaccel off then sim vpn on and fwaccel on .reset the tunnel through vpn tu.

    But never tried with sim vpn off function. This...
  18. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Yes that is the issue however when I do sim vpn off then fwaccel off on LOCB then reset the vpn tunnel from LOCA through vpn tu..it starts

    What could be the cause?
  19. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    nah ..its the same issue..

    I did turned off one by one..


    [Expert@xxx-CPFW-xxx:0]# sim vpn off
    VPN functionality will be disabled the next time acceleration is started/restarted...
  20. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Hmm..thats a good lead let me try doing that.

    BTW what is exact parameter to check with fw monitor to verify if the traffic is again put back in tunnel?
  21. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    I am giving a try by installing latest HFA probably that would solve?
  22. Replies
    15
    Views
    1,574

    Re: Somehow Traffic is not passing through tunnel

    Nah nah...I can see the return traffic on LOC-B Internal interface however its not being observed on LOC-A. this is something really weird and NAT is off in community as well as I added NO NAT...
  23. Replies
    15
    Views
    1,574

    Somehow Traffic is not passing through tunnel

    Hi there,

    I am kindaa facing weird issue and getting clueless. I have two firewalls managed by central management and trying to establish VPN tunnel between them. Mgmt server is natted to enforce...
  24. Re: Endpoint is prompting for password again and again for Remote access site

    Is this because of MEP?

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk78180&partition=Advanced&product=Endpoint
  25. Endpoint is prompting for password again and again for Remote access site

    Hi Team,

    I have two firewalls being managed by same Mgmt server and they are having Remote Access community configured. Since I have only one remote access community users are being prompted twice...
  26. Replies
    3
    Views
    778

    Re: How many CPU cores 5900 has?

    OK - Got it...

    1x CPUs, 8x physical cores, 16x virtual cores (total)
  27. Replies
    3
    Views
    778

    How many CPU cores 5900 has?

    Hi Team,

    Does anyone know how many CPU Cores 5900 has and which is the processor is being used?
  28. Re: Remote Access VPN traffic route it through Site-Site VPN

    Hello,

    I did achieve that but not through the method that was specified. I did littel tweak.

    I Hide natted Office mode pool behind one of the Internal inteface of firewall so that rule looks...
  29. Re: Remote Access VPN traffic route it through Site-Site VPN

    Somehow that is not working. Well rule sequence will matter in this case? I mean Remote Access vpn rules are below?
  30. Remote Access VPN traffic route it through Site-Site VPN

    Hi Team,


    How do I implement below scenario where I have two firewalls one is CP and other Fortinet. I have built VPN between CP/Fortinet
    CP Enc Dom - 192.168.100/24, 192.168.101.0/24
    Office...
  31. Re: Can I get URL wise report from Smart Reporter?

    This is you are suggesting me from Smart Reporter console?
  32. Can I get URL wise report from Smart Reporter?

    Hi Team,

    I tried searching a lot but somehow the URLs are not appearing in Smart Reporter. Can we get a report where user-wise and the URLs accessed by him?

    TIA
  33. Replies
    1
    Views
    717

    Re: Need advice on Full Cluster

    OK - Got it should be configured as Secondary. I'll mark this as resolved.
  34. Replies
    1
    Views
    717

    Need advice on Full Cluster

    Hi Team,

    I am designing Full cluster and have few doubts about it. When we are initiating devices for the first time and being a part of full cluster on primary appliance and mgmt will be Primary...
  35. Replies
    6
    Views
    3,665

    Re: SAM rule expiration sorting

    I am another who is using it most. Infact all that noise over internet is being dropped because of that.
  36. Re: Threat Emulation in MTA mode - What action does CP take?

    Yes per sk the email body passes to the recipient without attachment. And wanted to ensure that CP does not drop any email messages? I guess it doesnt.

    Thanks for the reply; though.
  37. Re: Threat Emulation in MTA mode - What action does CP take?

    The question here is,

    In background mode - Email will be passed and attachment will be sent for Emulation while
    In Hold mode - Email will be cached and attachment will be send for emulation....
  38. Threat Emulation in MTA mode - What action does CP take?

    Hi Team,

    I have MX set at other cloud provider, have internal mail server and setting up 3100 only in MTA mode between MX and Mail server. TE will happen on CP TE Cloud Now my question is if...
  39. Re: Can I get a report like this from smart reporter

    I see thats a valuable input !!
  40. Replies
    2
    Views
    529

    Re: How to insert old logs into Smart Event?

    May be ..let me try that..
  41. Replies
    2
    Views
    529

    How to insert old logs into Smart Event?

    Hi there,

    I had to reinstall the Mgmt server and then moved or SCPed my logs into $FWDIR/log. Then ran fw repairlog to re-read those and Tracker started showing those.
    But Smart Event was not...
  42. Re: Can I get a report like this from smart reporter

    Hi Team,

    This is still unanswered :( However just wondering if we can get the download and upload contents in report? I mean wanted to know if we can customize the report per user wise the site he...
  43. Re: Something weird issue with mssql connection

    Well I came to the conclusion and it is cent percent Windows server issue. I completely analysed using wireshark and it appears to be a local DNS issue. Though I am still looking at it.

    Thanks for...
  44. Something weird issue with mssql connection

    Hello,

    I am facing kind of weird issue with MSSQL Server, I have this server which connect to SQL server on Internet on port 1433. Now here is the issue

    Somehow this server is not able to...
  45. Replies
    3
    Views
    660

    Re: Natting behind different ISPs

    That is for sure that ISP Redundancy and PBR does not work together and was sure about PBR but wondering if that would be correct scenario. In taht case ranges will be natted may be manually natted...
  46. Replies
    3
    Views
    660

    Natting behind different ISPs

    Hi Guys,

    I have internal range 10.10.10./24 and have 3 ISPs since CP does not support more than 2 ISP in ISP redundancy need to know if 10.10.10.1-10.10.10.128 can be natted behind one ISP while...
  47. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    Well if you see if we enable Malicious entries in IPS protection which has a performance impact; that feature can hardly be enabled. Instead I did come up with a idea where we put honeypot on...
  48. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    BTW is there any limit for fw samp entries/rules? can it handle 60-70k entries at a moment?
  49. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    Ahh that could be the thing since I didnt add those.

    Thanks for the revert let me definitely try that and come back to you if I stuck again.
  50. Replies
    4
    Views
    1,105

    Re: fw samp blocking Reconn attacks - How to?

    Correct that is the main intention of using fw samp rule. I have not tested Dynamic_object on R80 though let me have a look at it.

    BTW is there any limit for fw samp rules?
  51. Replies
    4
    Views
    1,105

    fw samp blocking Reconn attacks - How to?

    Hi there,

    I have this idea about using fw samp on the fly and not sure if anyone has already used this before or may have script ready? Well I am thinking of Honeypot in my network which will...
  52. Re: Network monitoring on Checkpoint ext interface

    I think cp should come with ntop which is an excellent in such scenarios or even cpview would be useful to measure the performance.
  53. Replies
    3
    Views
    1,080

    Re: Compliance policy for Mobile Access

    Appreciate it ..Thanks!
  54. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    Hi urilewi,

    Have you had any luck with my query?
  55. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    Hi There,

    Here is the command I used to block hosts using fw samp. I am using script to block those addresses.

    fw samp add -a d -l r -t $timeout -c $comment quota service any source range:$line...
  56. Replies
    13
    Views
    1,198

    Re: fw samp in Bridge mode not working

    You seems to be CP staff, are you? Well I tried that setup but dang its not blocking. And do we need provide IP address to Bridge mode? I mean wondering if I pull interfaces in CP dashboard where...
  57. Replies
    13
    Views
    1,198

    fw samp in Bridge mode not working

    Hi Guys,

    If someone please confirm fw samp rules can be enforced in Bridge mode? I mean for testing purpose I setup bridge mode and blocking certain IPs.
  58. Replies
    3
    Views
    1,080

    Re: Compliance policy for Mobile Access

    Hello Guys,

    So its not possible to do the compliance check based on Windows Domain in Mobile Access blade policy?
  59. Replies
    3
    Views
    1,080

    Compliance policy for Mobile Access

    Hi Guys,

    I am designing a compliance policy for Mobile access so that endpoint will get verified before logging in; however I would like know how do I verify or check whether endpoints are part...
  60. Replies
    6
    Views
    748

    Re: Something weird with VPN

    OK - Finally I was able to resolve the issue on my own by renewing cert from IPsec VPN tab and adding Public IP address under masters file instead of hostname.
    Thanks a ton guys for your valuable...
  61. Replies
    6
    Views
    748

    Re: Something weird with VPN

    Unfortunately I am completely stuck with this issue. Not sure what is wrong even TAC is working on the issue for past 3 days.

    Can someone please help if I send ike debug in private?
  62. Replies
    6
    Views
    757

    Re: Youtube blocking certain channels?

    But I guess, I heard CISCO does offer similar solution by which Videos can be blocked. I mean I have not experienced by myself but again heard 5520x has that feature.
  63. Replies
    6
    Views
    748

    Re: Something weird with VPN

    If that doesn't help, here are a couple of questions that may help further investigation:
    - Is the name of the cluster different than the name of the original standalone GW? -Yes it is different,...
  64. Replies
    6
    Views
    748

    Re: Something weird with VPN

    I did delete the earlier node and installed the policy/database couple of times. Is there anything else that needs to be taken care of?
  65. Replies
    6
    Views
    748

    Something weird with VPN

    Hi Guys,

    Would like to share my scenario and wanted to see if any help can be received to troubleshoot my issue. here is the story


    I had standalone firewall and remote firewall being managed...
  66. Replies
    6
    Views
    757

    Youtube blocking certain channels?

    Hi Guys,

    Is there way since CP does not categorise different youtube channels to block those? I guess AFAIK once the you tube access is given user can either can access complete youtube or no...
  67. Replies
    4
    Views
    938

    Re: Separate EPM Server - How to?

    I see thanks man!!
  68. Replies
    4
    Views
    938

    Re: Separate EPM Server - How to?

    OK - And does that need to be defined in existing checkpoint smartcenter server as CheckPoint Host? Or will that be completely separate host?
  69. Replies
    4
    Views
    938

    Separate EPM Server - How to?

    Hi there,

    I am bit confused on setting EPM server other than my management server? I mean I already have Smart Management server and firewall, now I need to build separate EPM server? In that case...
  70. Replies
    6
    Views
    1,301

    Re: unable to see sandblast blades in R80.10

    Hi Phoneboy,

    In that case the other server I will be installing will it be secondary mgmt server converted to EPM having SIC with primary or separate mgmt server at all?
  71. Replies
    6
    Views
    1,301

    Re: unable to see sandblast blades in R80.10

    Thanks man! I really appreciate your timely help.
  72. Replies
    1
    Views
    688

    Multiple users on laptop hacing FDE

    Hi Guys,

    Can someone help me on EPM config? I have this use case and not sure what should be the configuration in EPM.

    I am enabling EPM with FDE and there are around 20-25 laptops which are...
  73. Replies
    6
    Views
    1,301

    Re: unable to see sandblast blades in R80.10

    Oh is it really? Can you share the sk? if any I mean I need to plan it accordingly then?
  74. Replies
    6
    Views
    1,301

    unable to see sandblast blades in R80.10

    Hi Guys,

    I am unable to see the sandblast packages/blades on R80.10 Mgmt server. I even applied appropriate licenses but again its not reflecting I uploaded R80.70 agent full package as well.
  75. Replies
    2
    Views
    940

    Re: Need decrypt utility for FDE

    Yes this in touch with EPM server so I need to just disable the blade, Install the policy right? And it should start decryption?
  76. Replies
    2
    Views
    940

    Need decrypt utility for FDE

    Hi Guys,

    I accidentally encrypted my entire windows machine while testing 77.30.03 EPM. Can someone please guide me how to decrypt the data or all my drives?
  77. Replies
    2
    Views
    1,994

    Google Authenticator and Remote Access VPN

    Hi Guys,

    Any idea if CheckPoint supports Google Authenticator 2FA with Mobile Access VPN or Endpoint Security VPN/Secure Remote VPN
  78. Re: Weird issue faced while moving/migrating management server

    Yeah even I tried with migrate since db_export is depreacated but that failed as well on source server itself. Though I dont have the log file but the failure has generated the log file.

    Let me...
  79. Re: Weird issue faced while moving/migrating management server

    That is definitely not the case as I have enough space under /var partition. Though let me see running that command and see what is the output?
  80. Weird issue faced while moving/migrating management server

    Hi Guys,

    I have management server R77.30 installed on Open Server and we then decided to another server [open] since it has bigger disk space. Now both are on R77.30.


    We initially took a...
  81. Re: Can someone explain the sub-section and Inline layer concept with CP R80.10

    Thanks a ton E for being such descrivptive and PhoneBot for being precise :)

    Though I am still not confident on migrating from R7.x to R80.x and feel bit nervous as most of the things are changed...
  82. Re: Why CheckPoint is sending 0.0.0.0/ 0.0.0.0 Proxy ID to Cisco

    Yeah I corrected that but now I not at all seeing P2 in ikeview just P1 with All OK.
  83. Re: Why CheckPoint is sending 0.0.0.0/ 0.0.0.0 Proxy ID to Cisco

    Yeah may that was it!! I am disabling and pushing the policy lets see. Setting up VPN with Cisco is really pain at least I feel. I really felt so many challenges with Cisco-CP VPN
  84. Why CheckPoint is sending 0.0.0.0/ 0.0.0.0 Proxy ID to Cisco

    Hi Guys,

    I am setting up VPN with Cisco router and debug shows CheckPoint Firewall is sending 0.0.0.0/0.0.0.0 as Domain encryption domain and not sure why!!
  85. Can I get a report like this from smart reporter

    Hi Guys,

    I tried a lot but giving up and would really appreciate community help for getting below reports? I need to achieve


    Statistics for the amount of data consumed and the time spent on...
  86. Re: Can someone explain the sub-section and Inline layer concept with CP R80.10

    So in that case if my source is lets say 192.168.10.0/24 and destination is Internet and Layer is appControl then it will be passed to Application and URL Filtering?
    And for subsequent layer my...
  87. Can someone explain the sub-section and Inline layer concept with CP R80.10

    Hi Guys,

    I am grown up with Legacy CP and finding pretty difficult to understand the subsection and layer concept with R80.10. Hence can someone please explain the fundametals behind sub-section...
  88. Replies
    1
    Views
    960

    Capsule Workspace in cloud

    Hi Guys,

    Just keen to know just like capsule docs can we implement Capsule Workspace in cloud as well with Office 365?I guess it is not available since it need fully Mobile Access Gateway.Or is...
  89. Interesting queries regarding Captive Portal

    Hi Guys,

    One of our customer has raised a query regarding captive portal where we already have configured Captive portal for Windows as well as Linux desktops. However he would like to know if...
  90. Re: Somwhow my setup is not working and seeking for your help

    Yep nice suggestion and this is what I am thinking as well to nat the traffic and hide the actual Encryption domain. Let me see if that works.

    So my rules would look like

    On BR FW

    OS =...
  91. Somwhow my setup is not working and seeking for your help

    Hi Guys,

    I have enclosed my set up in a diagram below; Let me quickly describe -


    We have Site-To-Site Tunnel between BRFW and HOFW1
    We have another site-site tunnel between HOFW2-APPFW
    ...
  92. Replies
    10
    Views
    3,030

    Re: CPDBL - CP Dynamic block lists for R80.10

    The one which is available on site. Let me try disabling openbl may be that is causing issue? I ran on R77.30 and unable to get the list.
  93. Replies
    10
    Views
    3,030

    Re: CPDBL - CP Dynamic block lists for R80.10

    That is interesting. How did you create those dynamic objects and blocking up traffic exactly for Talos for example? And some of my R77.30 is just showing
    Get operation succeeded
    no corresponding...
  94. Re: This is just to easy to bypass Threat Emulation

    hmmm ..I decided to give a try and yep it seem CP Cloud still bypasses .js scripts!

    I took shade ransomware script and zipped it then uploaded on CheckPoint TE; I guess it was caught by static...
  95. Replies
    3
    Views
    2,086

    Re: Inline layer what is that?

    hmmm..still confusing but yeah that makes sense a bit. So each section title can now have implicit drop rule?

    Like the one I enclosed? Lan to WAN can have its own Drop rule?
  96. Replies
    26
    Views
    3,807

    Re: Policy push speed is unchanged

    Well yeah I definitely see policy push speed improvement with R80.10. I just upgraded from R77.30 to R80.10 [in a lab environment] with rules base around 150 and saw drastic change in policy push...
  97. Replies
    3
    Views
    2,086

    Inline layer what is that?

    Hi Guys,

    I am really confused on inline layer functionality. What exactly is that? I mean I have been working on Pre R80 and decided to lay hands on R80.10 since the gateway version is available...
  98. Replies
    17
    Views
    3,059

    Re: R80.10 release on the way?

    Pretty happy to see the features and release notes :)
    Now I believe CP can fight very well with other contenders. Especially much awaited feature Route based VPN [ I am jumping to and eager to...
  99. Re: Unable to activate threat emulation on 4600 appliances

    dang!! I mean I tried implementing on my vmware workstation on open server with proper eval licenses and proper internet connectivity plus have HFA 216 installed though while activating it gives me...
  100. Re: Unable to activate threat emulation on 4600 appliances

    I feel this could be the reason though I wanted to try after installing HFA 216.
Results 1 to 100 of 368
Page 1 of 4 1 2 3 4