CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E



Type: Posts; User: capital-p

Search: Search took 0.00 seconds.

  1. Replies

    Re: Gateway serving as IDS

    I have experience in running Check Point as a passive IDS system in production, it’s actually very good solution in certain cases. There are some clear benefits comparing on running the blades on...
  2. Re: Problems with Fw 13500 10gig expansion slot

    -check that SFP modules on both devices are the same type, singlemode (LR) or multimode (SR)
    -also check that the fiber supports single/multimode, whichever you are using
    -check optical DB levels,...
  3. Replies

    12000 updates

    Any rumors about updates or replacements for 12000 series? They are already three and half years old, and 13000-series seems like overkill in many environments.
  4. Replies

    Re: Check Point vs. Everyone

    Comments from our firewall evaluation done a while ago, mostly feelings and impressions so donít take too seriously. Investigate and test yourself, that's the best way.

    -UTM/home box...
  5. Re: IPS - Deactivate rules for unknown products?

    There is no need to keep protections active/detect if you donít have specified products in your environment.

    If you are updating protections automatically and using Prevent action as default, you...
  6. Replies

    Re: 4407 appliance throughput

    Strange, I thought cptop was implemented in all Gaia releases, but maybe itís for R76 and newer only. Well anyway you can see current throughput from SmartView monitor also. Click the gateway object...
  7. Replies

    Re: 4407 appliance throughput

    For viewing realtime throughput itís easy to use cptop command from CLI, it will show current throughput in bits per second. For historical throughput you can use SmartView Monitor. Open System...
  8. Re: TCP packet out of state: First packet isn't SYN tcp_flags: PUSH-ACK

    As you said, just create a new service with maximum timeout for the session, you can also disable aggressive aging for that service if the connection it's critical. There is shouldn't be any risk in...
  9. Re: Unable to connect to management with SmartDashboard after restore on a new machin

    Run cpconfig command and check GUI clients. Then add your source IP address there, or since it's for testing maybe just add *.
  10. Replies

    Re: How to read .log file extracted?

    You can export log files to normal readable text format by using Export tool from Smart View tracker GUI File -> Export. It will export the log file that is currently open.
  11. Replies

    Re: Count rule in policy

    You can do it also with Smart Reporter. It will show how many times each rule is used on specified timeframe. Check sample output in demo mode to see how it looks.
  12. Re: CCSA R75 Lab using virtualbox & VMware not working

    Works very well with VirtualBox version 4.8.1. Using SPLAT R71 with RedHat 32 bit OS Type.
  13. Re: CCSA R75 Lab using virtualbox & VMware not working

    Using larger hard disk fixed it for me.
  14. Re: CCSA R75 Lab using virtualbox & VMware not working

    Has anybody gotten this to work with Virtual Box?

    I've tried with almost every possible settings for the machine, but all are failing after sysconfig with the same error as original poster has.
  15. Replies

    Re: R71 Anti-Spoofing Drop

    In R71.1 the Rule field for Address spoofing drop is blank too.
  16. Replies

    Re: Unmanaged switches

    You need to run command:

    cphaconf set_ccp broadcast

    on both cluster members.

    To go back to multicast use cphaconf set_ccp multicast
  17. Replies

    Re: VPN & Stealth rule

    You don't need to worry about stealth rule when doing site-to-site VPNs. You can check IKE rules from SmartDashboard: View-->Implied rules and VPN rules from View --> VPN Rules.

    IKE traffic to...
  18. Re: Nokia VRRP Cluster Properties in Smartdashboard

    Yes, it should appear automatically when you use "Get..." button to fetch topology information from IPSO.
  19. Replies

    Re: VPN Confused. ClusterXL

    It just means that the VPN tunnels are synchronized to the standby member, active member will still process all traffic. Same thing if you compare normal active connections, you will see standby...
  20. Replies

    Re: power-1 appliance upgradation procedure

    There is no need to stop services, the upgrade script/program will stop them down automatically.

    Check the R75 Installation and Upgrade guide section "Upgrading Security Gateways", it explains in...
  21. Re: Using preempt mode and Monitor FW Question?

    I get some FIBMGR errors in the log when failover happens, so I'm planning to turn off advanced routing during next service break since it's not used anyway. Running version R71.1.
  22. Re: Using preempt mode and Monitor FW Question?

    HH, Sorry didn't know that you had VRRP, actually the setting is available only in Check Point clustering. I'm not sure if you can do this sort of failover persisence with VRRP at all, unless you...
  23. Re: Using preempt mode and Monitor FW Question?


    If you are running the firewall cluster in High Availability mode (active/standby), you can use the "Maintain current active Cluster Member" setting. In case of failover it will switch to...
  24. Replies

    Re: IPS Mode VS Protection Activation

    Yes, that's true. You get a warning that your profile is in Detect mode, are you sure you want to put the signature in prevent, but it'll let you do it. Try to check it in demo mode, it's quite...
  25. Replies

    Re: IPS Mode VS Protection Activation

    Set IPS mode to prevent to block signatures and to detect to pass all traffic through, but to get a log entry for each detection.

    "Activate protections according to IPS Policy" will use the IPS...
  26. Replies

    Re: Uptime Conflicts

    The difference is that CLI shows uptime of the operating system, and SmartView Monitor shows uptime of Check Point processes.

    You can set a SNMP trap to trigger when FW module goes down by polling...
  27. Replies

    Re: Free Memory in IPSO

    In IPSO CLI you can also use "show monitor summary X memoryutilization" to get statistics about memory usage. Replace X with hourly, daily, weekly or monthly to get more specific stats.
  28. Replies

    Re: Free Memory in IPSO

    Command "top" will show available memory among other things.
  29. Re: Communication between cluster members (bouncing interfaces, icmp blocked, etc.)

    I would try few things:

    -Set CCP to broadcast mode on both nodes "cphaconf set_ccp broadcast" (sk22495)
    -Allow outgoing ping to any destination from the cluster object
    -Check that the flapping...
  30. Replies

    Re: Please stay away from Power-1 Appliance 11065

    By the way, did the original problem with 10G interfaces failing on high load and reboot get solved?
  31. Replies

    Sticky: Re: How To Enable SNMP on SPLAT

    Which process does enabling SNMP through cpconfig start? I was able to get away without a service break by enabling SNMP with just "service snmpd start". Traps get sent and snmpget also replies...
  32. Re: CLUSTERXL DETAILS of smartview status is showing firewall module1 UNTRUSTED while

    Yes, there will be break in service when issuing cpstop;cpstart.
  33. Thread: Project Gaia

    by capital-p

    Re: Project Gaia

    Anybody got the EA version in their hands yet? Any comments would be very interesting.
  34. Replies

    Passed CCSA R71 upgrade

    Did the CCSA R71 upgrade test few weeks ago, passing with 76% score. I prepared to the test by going through a course at ATC, reading the course book and going through all available CP practice...
  35. Re: NAT Problem on outgoing interface in Nokia IPSO

    Check that you don't have automatic address translation rules enabled:

    Edit the Cluster object --> NAT

    You might have Hide or Static IP entry there. Untick it and traffic should leave with...
  36. Re: vrrp_valid_addr_list: Address subset detected

    As abusharif stated the duplicate addresses were not visible in Voyager.

    I have hunch that my duplicate addresses were caused by a problematic R55 -> R62 upgrade years ago.
  37. Re: vrrp_valid_addr_list: Address subset detected

    Had a maintenance window today and removing the extra addresses worked well with dbset commands. "set vrrp..." didn't work, some conflict with simplified vs traditional mode VRRP.

    Thanks all for...
  38. Re: vrrp_valid_addr_list: Address subset detected


    Dug a bit deeper in to this matter and found out that there were two VRRP backup addresses configured for the interface.
  39. Re: vrrp_valid_addr_list: Address subset detected

    I share your pain. I have the same messages filling the messages log of my VRRP backup node. Master node's messages log is looking good, and doesn't show any VRRP related messages.

  40. Replies

    Re: Logs not visible to SmartView Tracker

    Try to run "Policy-->Install Database..." from Smart Dashboard, that fixed log problems for me. I had 2 nodes with one management server and only management server logs were visible in Tracker.
Results 1 to 40 of 40