CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: phlegm

Search: Search took 0.00 seconds.

  1. Re: Changing users authentication method en masse

    Thank thank you kind sir. This is the start I was looking for.
  2. Re: Changing users authentication method en masse

    They already have 10's of thousands of users connecting and are not going to change it just so I can get onboard with possible inmpact to other users.
    I am the one expected to conform to their...
  3. Re: Changing users authentication method en masse

    We do use a radius group for the auth with 2 servers in there for redundancy.
    I need to change the auth to secureid though so this doesn't help in any way.
    Plus as I mentioned previously they...
  4. Re: Changing users authentication method en masse

    Apparently they don't have this enabled according to the admins. That being said even if it was I would still have to go through each user and change their auth from our current Radius to the new...
  5. Changing users authentication method en masse

    We are going to be migrating from and Entrust Radius server to RSA Secureid for all users.
    We currently have over a thousand users and I'm really not liking the prospect of changing all of their...
  6. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    So.... Update.

    We left things for the holidays and today went back to give it another try.
    Got our support on the phone and they got Checkpoint on the phone.

    Setup some sniffing and...
  7. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Just found this on the RSA site. Describes the error we are seeing on their server.

    https://community.rsa.com/docs/DOC-61681
  8. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Fail again this weekend.

    Here is what I did. We are trying to get it working using the VIP address this time as recommended by CPUG since the other would not work.

    Received a fresh config file...
  9. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Still nothing working here.

    This is what I'm planning for the weekend. Based on the following DOC which is the newest I can find from Checkpoint.


    My question is what needs to be done...
  10. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    I restarted both firewalls this weekend and it's still not working. Checked in with my support and they said that it is the physical address of the firewalls that needs to go into the sdopts.rec file...
  11. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Ran the TCP dump and did indeed see the traffic coming from the physical instead of the VIP even though I had that sdopts file in there with the VIP.
    We then changed the RSA server to be watching...
  12. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Reddit post mentions our node secret. I haven't seen anything about this in the checkpoint docs....
  13. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Error message changed

    From
    Reason SecurID not supported

    to

    Access denied - wrong username or password
  14. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    If I have nothing in /var/ace and push a policy it finished with nothing in there. I did notice this when pushing though.

    I have my 2 rec files and status file in there.
    Then policy pushing I see...
  15. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Followed all of your steps. I have the files in var/ace/ on the gateway.

    sdstatus.12 shows up.

    Still getting failed logon from the RSA server. Is it really necessary to restart the firewalls...
  16. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    Just an empty dir. It has the datestamp of when I did the config though.

    [Expert@hfpXXX:0]# ls -l /var/
    total 60
    drwxr-xr-x 7 admin root 4096 Nov 25 2015 CPbackup
    drwxr-xr-x 9 admin root...
  17. Replies
    25
    Views
    7,977

    Re: Trying to get RSA SecureID Tokens working

    The RSA server admins supplied the config file. A .rec file if I remember correctly. It's the same one they have used to migrate the other companies to this server successfully.
    I basically just...
  18. Replies
    25
    Views
    7,977

    Trying to get RSA SecureID Tokens working

    We are currently using ENtrust but want to migrate to RSA tokens.
    Tested this today and failed.

    Performed the following steps.
    Went into the Smartdashboard and defined a new RSA server. Imported...
  19. Replies
    4
    Views
    2,560

    Re: How does AntoBot work with a proxy?

    It appears that Antibot will use the X-Forwarded-For header if put on by the proxy.

    If I configure Websense to use this then I will get reports by Antibot showing the actual source instead of just...
  20. Replies
    4
    Views
    2,560

    How does AntoBot work with a proxy?

    We are currently looking at buying the Antibot blade. I know this works by watching all traffic going through the firewall and looking for hosts that are trying to contact C&C servers etc.

    Now for...
  21. Replies
    0
    Views
    953

    Mcafee SNMP traps

    Has anybody ever managed to get Mcafee EPO server sending SNMP traps to Smartevent working.

    I can send the traps and they get imported but...... I need to fogure out how to make a custom parsing...
  22. Replies
    1
    Views
    1,464

    Cisco Setup Howto?

    Any tips or pointers to a howto for getting Cisco syslogs working with SmartEvent.

    Should it just work out of the box when I start sending syslogs.
    Does anything special need to be enabled on...
  23. Re: Video conference dropping connection due to ICMP errors

    Version is R75.40
  24. Video conference dropping connection due to ICMP errors

    We are having problems with video conferencing with one of our Polycom units.
    When connecting to Japan we get the following errors and then lose connection.

    The errors are coming form the other...
  25. Replies
    4
    Views
    2,057

    Re: Client loses local network once VPN connected

    Just checked and route all traffic to gateway is set to no.

    Weird thing is it only happens with the new client. With Secure client/Secure remote it works fine.
  26. Re: Really slow DNS causing browser hangs when VPN connected

    Solved the problem.

    We ended up disabling the earlier things we enabled to get it working. Now all DNS queries are sent internal and if they cannot be resolved they will go external.

    Changed...
  27. Replies
    4
    Views
    2,057

    Client loses local network once VPN connected

    We started migrating our suppliers to the new Endpoint Connect client this week and ran into a problem with one of them.
    Once he VPN connects he no longer has access to his internal network. This...
  28. Re: Really slow DNS causing browser hangs when VPN connected

    Not sure if I want to share a sniffer capture online like this but I do have one from both the DNS client and the DNS server.


    What I think is happening.
    Internal DNS query
    Query yahoo.com
    DNS...
  29. Re: Really slow DNS causing browser hangs when VPN connected

    We are using Endpoint Connect. Multiple versions. All have the same problem.
    We have out internal domain defined. With up to 5 suffixes.

    The weird thing is that our internal DNS resolutions are...
  30. Re: Really slow DNS causing browser hangs when VPN connected

    That's exactly what I'm seeing. The problem is that it makes the internet unusable for our users and Checkpoint is telling me that's expected and normal behaviour.
  31. Really slow DNS causing browser hangs when VPN connected

    Our users are having major problems when browsing the internet while VPN connected.
    When not connected everything is fast and works well but once they connect to VPN the DNS lookups are so slow that...
  32. Replies
    0
    Views
    4,362

    Problems importing exported database.

    ***Fixed. See bottom****

    I was running R75.40 Gaia with hotfix.
    It had been built up over time though from back in the R60? days. I figured it would be a good time to wipe it out and rebuild....
  33. Replies
    1
    Views
    3,913

    Mcafee EPO parsing log files into SmartEvent

    Here is where I'm at. Since SmartEvent can't work with EPO server I decided to tack a wack at doing it myself.
    I have my EPO server sending SNMP traps to Eventia when an event happens.

    I see them...
  34. Re: CP Endpoint Security (E75.20 Build 835016825) - Connection failure after reboot

    Also have this problem. Nothing found works so far.
  35. Replies
    1
    Views
    1,403

    Re: disable_split_dns_in_om

    Bump. Still having this problem.
  36. Replies
    11
    Views
    4,330

    Re: IPS Blade Crashes Since R71 Upgrade

    Finally got it working. I had to perform the procedure above but with a different package of good files supplied by Checkpoint.
    After this I had to do an IPS update but an offline one using a file...
  37. Replies
    11
    Views
    4,330

    Re: IPS Blade Crashes Since R71 Upgrade

    Tried the Checkpoint fix after upgrading our external firewalls to R71.30

    Performed the following
    Stop Check Point Servers with 'cpstop' command
    Backup and then remove the following files from...
  38. Replies
    3
    Views
    2,752

    Re: Identity logging vs. Identity awareness

    Found the problem. Out AD admins were not recording login info on their servers. I was polling stuff there was just nothing useful in my polls.
  39. Replies
    0
    Views
    1,065

    What to enable for Cisco alerting

    Looking at configuring our Cisco devices to send their logs to SmartEvent so we can get alerting on them as well. Are there any guidelines on what to enable on the Cisco side to have all of the...
  40. Replies
    3
    Views
    2,752

    Re: Identity logging vs. Identity awareness

    Yes you are correct. My resellers finally got their side figured out and agree that it should work. Now we have to find the technical reason why is isn't.

    I can see it polling.
    adlog stastics...
  41. Replies
    3
    Views
    2,752

    Identity logging vs. Identity awareness (Solved)

    We are running R71.30 and wanted to try out the identity logging in smartevent.
    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk44178
    ...
  42. Replies
    11
    Views
    4,330

    Re: IPS Blade Crashes Since R71 Upgrade

    Same problem here as well. No fix found yet. We have a lot of customizations and I don't want to recreate them all. This happened after our upgrade from R65 to R71.30
  43. Replies
    1
    Views
    1,536

    SmartEvent mail unreadable with Lotus Notes

    Just upgraded to R71.3 and now when I get SmartEvent notifications they are basically unreadable.
    Is there a way to make these text again? I can't read them using Lotus Notes. They are better with...
  44. Thread: R71 or R75

    by phlegm
    Replies
    4
    Views
    2,330

    Re: R71 or R75

    I think I'll upgrade everything to R71 latest HFA and then once a couple of fixpacks come out for R75 I'll just do the Management server.

    Thanks
  45. Thread: R71 or R75

    by phlegm
    Replies
    4
    Views
    2,330

    R71 or R75

    We are currently still on R65. Yeah I know upgrade upgrade upgrade....... We are going to but I am being cautioned by my support people not to go to R75 yet as there are lots of problems. What do the...
  46. Replies
    1
    Views
    1,403

    disable_split_dns_in_om

    We have a problem with our meeting application here.

    If we connect outside it works fine but breaks when VPN connected. This
    is because it has a different IP inside vs. outside. I thought I had...
  47. Replies
    2
    Views
    2,645

    R65 Eventia Reporter ActiveX problems

    Just installed R65 Eventia analyzer and reporter. Rebuilt from scratch. Everything seems to be working fine but I cannot open the reporter GUI.
    I get the error
    "Cannot run since the Eventia...
  48. Replies
    1
    Views
    2,300

    Re: Database revison control failed with Solaris

    For what it's worth we also have the same problem here except we are running the management server under SPLAT. Running cprestart fixes the problem for a few days.
  49. Running Snort on IPSO sending alerts to Eventia?

    Has anybody heard any more on running Snort on IPSO. We recently upgraded our Nokias to new IP560's and have a few IP530's kicking around. I would love to put snort on these and have them running as...
  50. Re: "OM: - requested address is not in the IP pool; [...]"

    I'm also seeing this in my logs. Haven't had any users complain though.
  51. Replies
    4
    Views
    1,666

    Re: Extracting a list of Administators on NGX R61

    While the FireWall-1 is running, issue the command: fw dbexport -f <filename>
    If no filename is specified, the default output file is:
    $FWDIR/conf/user_def_file.

    You can then import this into a...
  52. Replies
    5
    Views
    1,640

    Re: Migrating to new Nokias. NIC Problems.

    I tried the backup with all the interfaces disabled. Virtual and physical. Restored onto the new hardware and it still ends up with everything in the wrong places or not even available. Looks like...
  53. Replies
    5
    Views
    1,640

    Re: Migrating to new Nokias. NIC Problems.

    You are correct. It was a cut and paste from somewhere else. I want to keep my existing configs instead of rebuilding them because we currently have 30 DMZ's running on this and setting up vrrp is a...
  54. Replies
    5
    Views
    1,640

    Re: Migrating to new Nokias. NIC Problems.

    Found a solution to the backup issue.
    Couple of them actually.
    Solution 1.
    Schedule a backup in Voyager before disabling the interfaces and then wait.
    Solution 2.
    From CLISH enter the...
  55. Replies
    5
    Views
    1,640

    Migrating to new Nokias. NIC Problems.

    Migrating from some old Nokia IP530's to blazing fast new IP560's.

    Backed up Checkpoint and IPSO using Voyager.
    Restore to new hardware and none of the NIC configs match. I end up with physical...
  56. Replies
    10
    Views
    5,473

    Re: Sending email alerts to multiple recipients

    I tried that. It sends to the first recipient but nothing to the second. I also tried putting the 2 emails in quotes. Both " and ' . Neither worked.
  57. Re: Installing Policy-Does it drop existing connections?

    Why not try a test. Dial up and get a VPN in from the outside and start up an FTP or something from the inside. Push out a policy and see if they stay connected. I know at our site they maintain...
  58. Re: Database Revision Contol unchecked on startup?

    In the "Database Revision Control" section under the file menu there is a checkbox called "Create a new database version upon Install Policy operation"

    I'm running NGX. Not sure if it's there in...
  59. Replies
    10
    Views
    5,473

    Sending email alerts to multiple recipients

    I'm trying to figure out a way to send email to multiple recipients from Smartdashboard.

    In the Global Porperties---> Log and Alert---> Alert Commands---> Run Mail Alert Script.

    I've tried the...
  60. Replies
    0
    Views
    2,614

    Eventia receiving SNMP traps

    We recently installed Eventia Analyser here at work and I'm now trying to get our snort sensors and McaFee ePO server to send alerts to it.

    Snort seems to work all though all eventia alerts show...
  61. Replies
    3
    Views
    1,727

    Re: Drops not being logged

    All of the other info shows up. I actually found the problem. It was a security camera that broadcasts over UDP. I was only seeing one drop occasionally in the logs but the monitor was showing 60 per...
  62. Replies
    3
    Views
    1,727

    Drops not being logged

    I started seeing drops this weekend being much higher than normal. Usually 2-3 in smartview monitor and now running at around 60. This shows up in both my snmp polling graphong in MRTG as well as in...
  63. Replies
    3
    Views
    3,373

    Re: Installing SmartDashboard R55 on Fedora 4

    I did manage to get it wunning using Crossover Office but the font's were weird and it wasn't very stable. I currently run it under VMware. It would be nice to have a linux port. I think most...
  64. Replies
    1
    Views
    1,485

    Will Secure Client R56 work with NGX?

    We are planning to upgrade from R55 to NGX. Our current Secure client users are using R56. Does anybody know if this will work with NGX R60?

    Another question. I was just playing with the Client...
Results 1 to 64 of 64