CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: nilsw007

Search: Search took 0.00 seconds.

  1. Re: CCSA 156-215.77 certification preparation - Need Help

    Thnaks laf_c for inputs
  2. Re: CCSA 156-215.77 certification preparation - Need Help

    Thanks ShadowPeak.com for the valuable information. I will go through above documents. It will be helpful for me. Thanks Again.
  3. Replies
    8
    Views
    20,094

    Re: R77 study guide?

    Yes, question for Lab simulation.

    Thanks for your information.
  4. Replies
    8
    Views
    20,094

    Re: R77 study guide?

    Thanks ShadowPeak.com for the valuable information. I will go through above documents. It will be helpful for me. Thanks Again.

    One question here, is there any lab question link cisco in CCSA.
    ...
  5. CCSA 156-215.77 certification preparation - Need Help

    Hi Friends

    I am planning to take CCSA 156-215.77 exam, Need your help for study material.

    Currently i am reading ClusterXL admin guide, Firewall Admin Guide, Security management admin guide.
    ...
  6. Replies
    10
    Views
    11,426

    Re: Block .exe files using IPS

    Above configuration works for me as well but when browsing for some sites i am getting error as access denied because i have allowed some extension ( ZIP, exe ) for specific users and specific site...
  7. Replies
    1
    Views
    1,338

    Re: ZIP, EXE block

    Hi Friends,

    I see that source and Destination tab in Antivirus Blade now, need to enable from column bar these tabs ,
    but when i enable them and define the source and Destination. Rules were...
  8. Thread: VPN Tunnel

    by nilsw007
    Replies
    4
    Views
    970

    Re: VPN Tunnel

    Thanks mcnallym for the information.

    Remote end have another vendor Firewall and they configured secondary interface IP Address.

    I have defined secondary interface in topology.
  9. Thread: VPN Tunnel

    by nilsw007
    Replies
    4
    Views
    970

    Re: VPN Tunnel

    Yes i have secondary ISP and required for redunacy-Purpose.

    And remote end also have two ISP.

    Thanks
  10. Thread: VPN Tunnel

    by nilsw007
    Replies
    4
    Views
    970

    VPN Tunnel

    Hi,

    I have configured VPN tunnel and is working.

    Please suggest how to add Secondary IP address in tunnel so that if primary IP fails, VPN will work on secondary P Address.

    Thanks
  11. Replies
    1
    Views
    1,338

    ZIP, EXE block

    Hi ,

    I have blocked ZIP, EXE files but want to allow to download for some users to specific destination only.

    Is it possible to allow for specific destination. Please suggest the solution...
  12. Re: R75 utm-1 132 VPN (PPTP) clients, only 1 allowed

    Thanks mcnallym. Its working Thanks for your help.
  13. Re: R75 utm-1 132 VPN (PPTP) clients, only 1 allowed

    Hi,

    I have similar Problem. Only one user is connected through dial up VPN while other not able to connect.

    Please suggest me the solution / any configuration changes required.

    Thanks.
  14. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Thanks mcnallym

    Yes Cisco any connect also works on https/SSL.

    Ok i will go with TAC again and will share you results after the issue is resolved.

    Thanks again for the help.
  15. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Yes citrix connection going through https. It is not only problem for citrix.

    Even cisco Any connect has same issue. Also i have bypassed the Cisco Any connect server URL, ssl protocol after that...
  16. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi mcnallym,

    Yes Ticketwas open till we are investigating, We will reopen the ticket with them Thanks.

    I have one more query.

    if inspection is for https trafiic, then why the other ports...
  17. Re: Check Point R75.40 Interoperable VPN Peer (CISCO ASA 5510) not responding

    Thanks to all.

    After adding VPN peer IP into proper encryption domain ICMP is working.

    I am able to ping VPN peer IP as well as Remote LAN IP too.

    Thanks for great support.
  18. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    It was closed 20 days back. issue not resolved with TAC.

    I hope you guys will help me to resolve the issue.
  19. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi Friends,

    Any suggestion to resolve the issue. Thanks.
  20. Re: Check Point R75.40 Interoperable VPN Peer (CISCO ASA 5510) not responding

    peer IP Excluded from encryption domain . Able to ping VPN tunnel Peer IP but remote VPN LAN IP are not able to ping, rest services are working.

    Please suggest.
  21. Replies
    2
    Views
    2,688

    Re: ICMP not working in VPN tunnel

    Thanks Danielpb.

    Also mcnallym suggested same KB article for the encryption ICMP issue to exclude the VPN peer IP from encryption doamin.

    But for that we need to edit $FWDIR/lib/crypt.def file...
  22. Replies
    2
    Views
    2,688

    ICMP not working in VPN tunnel

    Hi Friends,

    I have issue with the ICMP. We have two firewall in cluster mode version gaia R75.45. Also we have Management device for management of both firewall.

    I am able to ping all internet...
  23. Re: Check Point R75.40 Interoperable VPN Peer (CISCO ASA 5510) not responding

    Hi mcnallym ,

    If I exclude the remote peer IP from Gateway's remote encryption domain in crypt file as per sk44014,It will affect for all the traffic for encryption or only ecryption will exclude...
  24. Re: Check Point R75.40 Interoperable VPN Peer (CISCO ASA 5510) not responding

    Thanks mcnallym for details information.

    As i am facing the VPN tunnel ping issue almost all remote firewall ( Cisco, PaloAlto, Sonic wall, Checkpoint ), There is no issue with particular...
  25. Re: Check Point R75.45 Interoperable VPN Peer ) not responding

    I have same issue. VPN tunnels up and working good. But not able to ping VPN tunnel peer IP.

    Please help me to trouble shoot the issue.
  26. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Contacted with TAC They done the troubleshooting but also they dint resolve our issue.
  27. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi mcnallym,

    Thanks for feedback for me. Will take care while posting the same here.



    Regarding https , right now i have disabled https and https site doesn't have any issue.
    I posted the...
  28. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Can someone provide a solution on this.
  29. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Can someone help me to resolve the issue.

    Thanks,

    Nilesh
  30. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi,

    It i inspects https traffic and dropping as well.

    Below logs are getting

    HTTPS Inspection

    Action HTTPS Inspect
    HTTPS Inspection Rule Name Predefined Rule
  31. Replies
    7
    Views
    6,278

    Re: Port Scan showing port 264 open

    Hi,

    Can someone clarify me on this...
  32. Replies
    10
    Views
    11,426

    Re: Block .exe files using IPS

    Yes in antivirus blade you can block ext. file .exe, .mp3 , .....
  33. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Will share you logs regarding the same.

    Thanks,

    Nilesh
  34. Replies
    5
    Views
    1,736

    Re: Smartdashboard Access

    Hi mcnallym,

    In GUI, allowed users only for 5 IP's and tested , working good , not able to access smartdashboard from rest all. Thanks :)

    Nilesh
  35. Replies
    12
    Views
    3,547

    Re: Check Whether User Logged In

    Thanks mcnallym, version is R75.45 .

    Thanks,

    Nilesh
  36. Replies
    12
    Views
    3,547

    Re: Check Whether User Logged In

    Hi mcnallym,

    I can see three option Network and endpoint, Active , Management.

    I do not see Audit option in Smartview Tracker.
  37. Replies
    5
    Views
    1,736

    Re: Smartdashboard Access

    Where should i check cpconfig in smartdashboard or CLI mode ?? Thanks


    Nilesh
  38. Replies
    12
    Views
    3,547

    Re: Check Whether User Logged In

    Thanks able to check who is logged in by cpstat mg command.

    How to check who was logged in and made changes. It will be very helpful for me.

    Thanks,

    Nilesh
  39. Replies
    7
    Views
    6,278

    Re: Port Scan showing port 264 open

    Hi,

    I see that 264 port is open from ouside the world VPN tunnel is enabled with source and destination basis.

    Client VPN is not configured. I read it this is topology download protocol but...
  40. Replies
    7
    Views
    6,278

    Re: Port Scan showing port 264 open

    Hi,

    I have seen the same port 264 open from internet however i checked the configuration and this port is not open on Firewall.

    What is the issue or things should i check ??

    Thanks,
    Nilesh
  41. Thread: Certification

    by nilsw007
    Replies
    2
    Views
    1,663

    Re: Certification

    Thanks mcnallym. I will surely follow the steps provided by you.
  42. Thread: Certification

    by nilsw007
    Replies
    2
    Views
    1,663

    Certification

    Hi Friends,

    I want to persue Checkpoint certification. So where can i start to take first exam or study to gain the good knowledge about checkpoint.

    Thanks ,

    Nilesh
  43. Thread: Access rule

    by nilsw007
    Replies
    2
    Views
    1,022

    Re: Access rule

    Hi northlandboy,

    Thanks northlandboy i used the same rule at bottom which logs the traffic.

    Thanks,

    Nilesh
  44. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi Friends,

    Can i get resolution on https certificate issue.

    Thanks,

    Nilesh
  45. Replies
    10
    Views
    11,426

    Re: Block .exe files using IPS

    I think you can block .exe , .msi , .mp3 like files from antivirus blade where you can select custom option and

    action be there detect and drop so drop will work for you. Create a rule and...
  46. Replies
    2
    Views
    1,101

    Re: MAC addresss for NAT

    Thanks mcnallym for the detail information. I got the point if Automatic NAT is done so there is no requirement to add manual entry while in manual NAT arp entry is required else router can not find...
  47. Replies
    2
    Views
    1,101

    MAC addresss for NAT

    Hi Friends,

    While configuring nating why the Firewall interface MAC address is required to configure in arp file.

    Without this NAT is not working Can you clarify me on this why the ARP entry...
  48. Replies
    5
    Views
    1,736

    Re: Smartdashboard Access

    Thanks for the input . will try and let you know.
  49. Replies
    5
    Views
    1,736

    Smartdashboard Access

    Hi,

    I set smartdashboard IP 192.168.1.5. and want to allow access to Smartdashboard from perticular IP address range Only.

    For firewall access i have set the policy, for smartdashborad where...
  50. Thread: Access rule

    by nilsw007
    Replies
    2
    Views
    1,022

    Access rule

    Hi All,

    I have set allow http and https traffic from LAN to WAN , other traffic from LAN to WAN is dropped.

    Let me know any stealth rule which WAN to LAN traffic is droped or should i need to...
  51. Replies
    17
    Views
    15,213

    Re: Firewall Policy Achitecture and Best Practices

    Very useful information !!!!!

    Thanks,

    Nilesh
  52. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Yes Certificate details are correct because some https sites are working properly but isssue with some sites.

    Certificate created almost 4-5 times and valid till 2020.

    Thanks,

    Nilesh
  53. Replies
    24
    Views
    4,902

    Re: Https Inspection issue

    Hi Spawn,

    Yes i have applied https inspection for all blade and this issue is not related to application blade.

    When i disable the https inspection , all working good means problem in https...
  54. Replies
    24
    Views
    4,902

    Https Inspection issue

    Hi ,

    I have enabled https inspection on the cluster , created certificate and same cerificate has been installed.

    I have some observation , Https related some sites are able to access but some...
  55. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Thanks for the input. Although ping was not working but internet was working , able to ping from firewall to Internet IP's.

    One more thing i have observed when only one cluster member was...
  56. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Thanks alienbaby,

    I will try these commands as well. I have executed the cluster_admin down command to shutdown the member and member was down but when i put the Cluster_admin up command and...
  57. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Hi,

    I had run the cpstop command on one cluster member ,it is is showing down and able to install the policy to another member.

    Use the cpstart to active the Cluster member.

    This is a good...
  58. Thread: Cluster issue

    by nilsw007
    Replies
    3
    Views
    1,101

    Re: Cluster issue

    Thanks, After uncheck the box i am able to install policy succussfully.

    Thanks ,

    Nilesh
  59. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Hi Friends,

    After uncheck the box , Policy is installed successfully on one member. Partial success Message appears after installation.

    Thanks for the guidance.

    I have one more query...
  60. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Thanks for the response. I willl do that and let you know.

    Nilesh
  61. Re: How a Recovered Cluster Member Obtains the Security Policy

    Hi,

    I have two firewall in active-active mode. I have one query regarding this.

    Suppose One Firewall FW-B is having issue. i want to shutdown this firwall for maintenance and Other Firewall...
  62. Thread: Cluster issue

    by nilsw007
    Replies
    11
    Views
    3,279

    Re: Cluster issue

    Hi,

    I have query regarding Cluster .

    We have two Firewall FW-A and FW-B in Active mode. Suppose One cluster Member FW-A is power down and i want to install policy to another member FW-B. So i...
Results 1 to 62 of 62