CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Search:

Type: Posts; User: seanmac1904

Search: Search took 0.00 seconds.

  1. Replies
    1
    Views
    2,779

    Re: RADIUS authentication help

    Is your radius server returning any non-standard attributes ?

    I found I needed to ignore a non-standard attribute that was required by my Telco's dial-in service that used our radius server

    for...
  2. Replies
    4
    Views
    1,831

    Re: SecureClient Licensing

    Hi

    you probably know this, but the command

    dtps lic

    run on you policy servers will tell you how many licenses they see


    cheers
  3. Replies
    2
    Views
    1,659

    Re: Connectra R62 CM HFA01

    We have the same issue, I have a case raised with Checkpoint about it

    cheers

    Sean
  4. Replies
    0
    Views
    1,028

    Nested User Groups for Officemode

    Hello

    previously I assigned my Office Mode users to a group called Officemode
    Inside this I had a group called SecureClient for locally defined secureclient users and a group called...
  5. Replies
    0
    Views
    1,431

    Something to watch with R62CM

    We had an issue where our smartcenter would crash when trying to install a CM policy

    Checkpoint support traced it to the fact we had renamed our RemoteAccess community

    In a word, DONT !!
    ...
  6. Replies
    2
    Views
    3,884

    Re: "no proposal chosen" error

    Its sorted now

    They were set to "one tunnel per subnet pair"

    and we were set to "one tunnel per each pair of hosts"

    I got them to change their end and the tunnel comes up now

    cheers
  7. Replies
    2
    Views
    3,884

    "no proposal chosen" error

    Hello

    I have two site to site VPNs that have been playing up since upgrading to R65

    IKE: Quick Mode Received Notification from Peer: no proposal chosen

    any reason this would start after the...
  8. Replies
    3
    Views
    2,801

    Re: Can not connect to Connectra clients

    Hi There
    I am assuming you mean your internal support using VNC on you SNX clients

    to make this work you will need a Server to Client Network Application (that will be applied to all SNX clients)...
  9. Replies
    3
    Views
    4,256

    Re: Cluster HA VLAN

    Hi There

    this looks correct to me

    the port 8116 traffic is Cluster control protocol ( you should see this on all cluster interfaces)

    I assume you are using load sharing multicast mode

    you...
  10. Replies
    1
    Views
    1,766

    Connectra R62CM

    I have an EA download of this, but I dont see it on the site any more

    anyone know when it will be released ?

    cheers

    Sean
  11. Replies
    5
    Views
    2,860

    Re: Solaris Hardening

    can you use a serial link ?

    connect a serial cable to the ALOM and get the console from there

    cheers

    Sean
  12. Re: Ignoring Multiple non-standard Radius attributes

    No, that was the number I got from Secure Knowledge

    I used the quick search option with the keywords

    radius ignore

    cheers

    Sean
  13. Ignoring Multiple non-standard Radius attributes

    Hello,
    I have finally gotten SecureClient to authenticate via RSA Radius.
    I found I had to remove three Ascend Radius Attributes to do with Dialup DNS server assignment.

    I have found the method...
  14. Re: Need a version roadmap with end-of-support dates and a simplification of the prod

    if you define you connectra as a checkpoint host in R55 it will log
    establish the SIC and off you go

    cheers

    Sean
  15. Problems with fwm dbexport/import on connectra

    Hello
    in the process of trying to replicate my connectra config to a new box on a different network (so I can cluster it) I used

    fwm dbexport -f ./prod.export

    on my current connectra box

    I...
  16. Replies
    7
    Views
    2,711

    Re: MGMT HA and install policies on clusters

    Thanks

    should my HA license be a local license on my second machine or a central on my primary assigned to the HA box ?

    cheers

    Sean
  17. Replies
    7
    Views
    2,711

    Re: MGMT HA and install policies on clusters

    I have

    CPMP-SCPRO-U-NGX x1
    CPMP-CXL-HA-1-NGX x2 ( i have two clusters)

    on my primary Management Server

    and one
  18. Replies
    7
    Views
    2,711

    Re: MGMT HA and install policies on clusters

    I thought MGMT HA is part of SCPRO ?
    cheers

    Sean
  19. Replies
    7
    Views
    2,711

    MGMT HA and install policies on clusters

    Hello,
    I have two SmartCenter Pros (prod and dr)
    I cant currently install a cluster policy from the DR mgmt server ?
    do I need two cluster licenses (one for each smartcenter) ?

    cheers

    Sean
  20. Replies
    12
    Views
    7,588

    Re: Installation NGX V61 on Sun Solaris 10

    Thanks for this info
    these issues have made me keep my firewalls on Solaris 9 for now
    ( I need to upgrade my JASS scripts for Solaris 10 too)

    this will be a big help

    Sean
  21. Replies
    4
    Views
    1,772

    Re: Connectra Configuration Replication

    Just found Connectra R62 (10/10/2006) on the download site

    apparently it has a "advanced upgrade export/import" feature
    Ill have a read of the docs and see if this fits my needs

    cheers

    Sean
  22. Replies
    4
    Views
    1,772

    Re: Connectra Configuration Replication

    cheers for that

    I cant wait until it all becomes a tab on my smartconsole
    the webui irks me to tears :)

    Sean
  23. Replies
    4
    Views
    1,772

    Connectra Configuration Replication

    Hello
    I have two connectra (prod and DR)
    and I need a method to keep the second one up to date with any changes to users and applications

    I have tried, doing a snapshot of the prod box and...
  24. Re: "OM: - requested address is not in the IP pool; [...]"

    I have seen this when people scan my office mode address range externally
    eg port 22 sweep of entire address space

    cheers

    Sean
  25. Re: Upgrading Checkpoint ClusterXL NGAI R55 -> NGX R60 on Solaris 9

    zero downtime worked fine for me.
    I went from from R55 - > R60 on Solaris 9
    I am using multicast load sharing not HA
    dont know if that makes a difference
    I found I needed HFA03 on my smartcenter...
  26. Replies
    9
    Views
    3,343

    Re: R55 to R60 Advice

    Hello,

    I just saw this in my lasted Checkpoint Security Expert Newsletter

    How to configure SmartCenter NGX R60 Server to manage a VPN-1 Edge... sk31690

    this may or may not be of use
    ...
  27. Replies
    1
    Views
    2,363

    Re: CPprofile and Solaris

    .csh is for c shell or tcsh

    you need to source .CPprofile.sh for bash or bourne or korn shell

    cheers

    Sean
  28. Replies
    3
    Views
    1,585

    Re: Install Errors on Solaris 10 and NGX

    Hi

    two things I have to do on my sun boxes (Solaris 9)

    1) make sure that eri is uncommented in the /etc/fw/boot/ifdev
    and looks like

    eri accept

    I have added the line
  29. Re: Errors after upgrading to NGX R60 on Solaris 9

    Did they replace the memory also ?

    If not, get some new DIMMS for the CPU/1 Memory bank

    cheers

    Sean
  30. Replies
    3
    Views
    1,585

    Re: Install Errors on Solaris 10 and NGX

    Hi

    did you use the Solaris 10 packages from the website ?

    cheers

    Sean
  31. Re: Errors after upgrading to NGX R60 on Solaris 9

    Hi According to my quick search on google

    this error means a data cache parity error on the CPU (in your case CPU/1)

    from this document

    http://192.18.109.11/816-5402-11/816-5402-11.pdf
    ...
  32. Re: Problems with Cluster XL after adding new interface

    have you checked that igmp snooping is disabled on the switch that qfe3 is plugged into ?

    cheers

    Sean
  33. Re: VPN between Cisco and Checkpoint NG AI R55

    Hi

    we had issues between a Cisco 3030 and our cluster running NG R55

    the problem was that the cluster members would each create their own SPI with the 3030 using the same address. when the...
  34. Replies
    3
    Views
    2,903

    Re: Cisco Softphone

    are you doing "ip pool nat" ?

    if so, the outbound rule could be to your ip pool nat address range

    cheers

    Sean
  35. Re: Cluster XL - Old or too-new arriving updates

    (obvious one)

    have you checked the date/time on both of the cluster members ?
    ntp running ?

    cheers

    Sean
  36. Replies
    3
    Views
    1,697

    Re: I need to open a log file please help

    have you tried fw repairlog ?
  37. Replies
    2
    Views
    2,595

    Re: Export NG AI R55 Configurations?

    what does df -k tell you ?
    could it be the opt/CPfw1-R55/tmp/upgrade_temp_dir filesystem is full ?
    also you might want to try which gtar and make sure you are using the checkpoint one

    hope this...
  38. Re: Failed R60 upgrade, Rolled Back, Cluster not syncing

    I had this sic error (on solaris) my issue was that in /etc/rc3.d S99cpboot happened before my S99staticroutes file

    therefore my module had not route to mgmt server and loaded the default policy....
  39. Re: Trouble with ClusterXL loadsharing multicast mode

    Hi Our cluster has been much more stable since adding the following to the bottom of the /etc/system file

    we run Solaris 9

    set fw:fwsm_prevent_dangerous_send=2

    also make sure that IGMP...
  40. Replies
    1
    Views
    1,858

    Re: SecureClient & SCV

    Hi

    can you post a copy of your local.scv ?
    it might help to figure where the issue is

    cheers

    Sean
Results 1 to 40 of 40