Search:

As mentioned here already, you can redirect output to a text file. That iis pretty much it. If you need a proper capture file that would be compatible with WireShark and tcpdump, use fw ctl debug set...

There is an article about that under “CPUG Papers”

yes, the last one

My personal answer is no

http://checkpoint-master-architect.blogspot.ch/2018/02/the-main-cyber-security-questions-of.html

Oh come on, I was young and needed some money

http://checkpoint-master-architect.blogspot.co.uk/2018/01/goodbye-check-point-hello-guardicore.html

I am switching my professional focus to cloud security and mostly leaving Check Point behind....

Hi all, I have some changes in my professional life, and as the result, I will have to close CPET. Thanks a lot for being with me.

More details can be found here:...

Any Gaia. To deploy VSX, you install a physical GW first and then run provisioning.

WebUI setup wizard must be run once a new Gaia installation is made.

yet there is a very important reason to block webUI after enabling VSX. I do agree initial WebUI setup seems to be unnecessary

so no Fws. Check if your policies on VS0 allow communications between MLM and VSs. Otherwise, config issue

anything in between VSX cluster and MDS?

Good one. MDSM restore is must as part of regular sanity checks

Editor? Not a viewer?

Looking forward to see the tool out. I hope that’s not two weeks for alpha fix :)

Why are you using this command in the first place? What are you trying to achieve?

Dameon, seriously? You gave me the same answer 5 month back. Unless this "private beta" becomes a tested GA release, this info does not help.

When I mentioned 5 years ago in a blog post, there is...

Look here: 23486 admin RT -20 1380m 845m 39m R 99 0.7 3368:00 fwk32_0

Your VS 32 is running 100% CPU. Why is a good question, but this is a clear CPU utilisation issue. May be caused by million...

Just look above, the guy had a licensing issue. With minimal effort, vmware implementation of MDSM should not be a problem. I do agree with disk performance note. One does want to have very fast...

it seems you do not have FW license. please post the output of "cplic print" command

we need like button in this forum. thumbs up

Second that

no go unless there is some beer on the table

Have to remind you that Capsule Docs is still not working on Mac. Windows experience is also mediocre. 100% students give not really encouraging feedback concerning their own experience with the...

I have the surplus courseware for sale:

CCSA versions R77 and R80
CCSM R77
CCMSE R77

These are probably the last remaining printed courseware sets you can purchase. Check Point now...

You need an open server license for MGMT

Jees, that sounds scary...

To be on the safe side, I would recommend using another address from bond0 subnet. 0.0.0.0 is not a host address, it is a network. the rest is up to you.

LOL, hilarious, but I am afraid, wrong in this context

No, that won't do.

You need to set an actual IP address for the cluster anyway, otherwise CP cannot handle it. Just use an additional address form MGMT network. You do need physical IP addresses...

I have multiple customers running MDSM on VMware VMs without any trouble, for decades.

Known issue. Look into sk110687

1. Save Gaia CLISH configuration from both old GWs to files
2. Copy out, adjust to different interface names with the new appliances, if required
3. take celan-installed 15000 boxes and drop clish...

I am expressing my displeasure with the situation to Check Point for years.

Oh gosh... Running an outdated unsupported version and justifying it. Are you in health industry by any chance?

Of course you are objecting, guys, as you are way too comfortable with the tool. That is the danger, being comfortable.

Now, here is the bummer, you should never be at ease with kernel debug in...

Right. Why teaching someone gun safety rules, ballistics and do target practice. Just load his gun and teach him how to get safety off. What can go wrong?

It seems you misunderstand what the debug buffer size is. It does not control the volume of the output from the kernel. It only gives you a memory space where that output is whitten too. Once the...

Gaia does not require stopping services on GWs to make snapshots. Although, it is called "image management" now :-)

Hello all, after seeing way to many mentions of zdebug on this forum, I have decided to make an effort in explaining why it should not be used at all.

Please feel free to read and comment by the...

oh boy, i really hate zdebug leaking out. it gets out of control.

fw ctl zdebug is problematic. it was never intended to leave Check Point RND bubble. use fw ctl debug mechanism, it provides you...

Snapshot mechanism provides the best rollback option, but it takes time, obviously.

it seems your VSX cluster is under load at this time. CUL refers to "cluster under load".

I have had a similar symptoms when an Internet facing VS was scanned. Scans were dropped on a clean-up...

You are correct, there is a policy push at this time. Please make sure you do not have scheduled IPS update at this time. Automated IPS updates may cause policy push, depending on the settings.
...

Welcome Jan

CPM only exists on R80 and above. All management servers, SMS or MDSM, will have this command working. Mind your MDSM environment when running, as CPM will run on every context of MDS

There is a script that ensures that CPM is up and running, and SMS is fully operational.

Run $FWDIR/scripts/cpm_status.sh command. CPM is not fully operational till it returns "Check Point...

Welcome!

check if you meet HW requirements on your VM before moving any further.

Just my 10 cents for the matter. In my view, only experts should be allowed to debug in the first place. And if it is an expert going to debug, why does he need to have a GUI? He should be able to do...

There is a Quality of Service Admin Guide in R77 documentation package that has all the answers for you.

https://sc1.checkpoint.com/documents/R77/CP_R77_QoS_WebAdminGuide/html_frameset.htm

Oh boy, this is a VERY old document...

This is a classic situation for MGMT behind NAT. If your remote device is managed form the same MGMT server, there are two ways to resolve the issue:

1. Make NAT static settings on the management...

Ah, no new debug modules for R80.10, as I see :-)

yet, additive effect for the cores is kinda... unexpected, ah?

Call the company, by all means. You have acquired this box legally, and if it was stolen or decommissioned, you are entitled to know. If any issue, raise the hell to the seller through Ebay

Now, this is already a much better way

restart httpd? check new cert file permissions?

The IPS tuning guide is very good and elaborate.

Yet, the approach can be simplified a bit, to start easy.

1. Get default profile and modify it to put all protections to "detect only", where...

LOM is supposed to be placed in a secured management access internal segment. Exposing it to internet directly without additional filtering, event with an access list, is an extremely bad idea. To...

Easily worked around by re-installing policy at the beginning and the end of the working hours, with "rematch opened connections" option active on FW object.

There was a thread on CPUG about similar task for log management. just lookit up and modify the script to manage backup files.

clusterXL load sharing was never good and brings way too many limitations and issues to the table.

never ever use CXL LS. If you are concerned about platform utilization, convert your physical FW...

Please do me a favor and never ever use ClusterXL load-sharing, unless you are running VSX VSLS, where "load-sharing" is in fact HA on per VS level.

In case you missed, Check Point has extended CCSM status till July 2018 for all certified professionals with certification expiring in between January 2017 and March 2018, including those whose...

Check Point SecureKnowledge now has an an aggregation page for all available ATRGs. Details by the link:
...

cphaprob:

cp - Check Point
ha - High Availability
prob - probe

Amount of GWs managed from a single management server is only limited by license. However, for effective management LSM is advised, as mentioned above

As Dameon already said, there is no point to run VSX unsell your FW cluster is outside of eSX environment.

Two options:

1. You remove the user and push policy. Every new session for this user will be rejected. Tunnel and remaining sessions will continue till key re-negotiation.
2. If you want to kill...

I am just trying to clarify, nothing more than that.

On the other subject, your book is exceptionally good :-)

The reason it is not documented is that there is nothing to document. For any of the security features than need streaming to analyse the flow, FW has to do F2F, so the packets get to FW instance as...

You are correct, PXL stands for Middle Path, which is in fact practically FW path. Session handshake may be accelerated through SND/SecureXL, but once data stream starts, each next packet goes to FW...

all good at the latest GA smartConsole, check the pic below

1307

One more note. if the index depth is high, this will affect Performance of smartLog GUI.

smartlog only shows the indexed logs. Log indexing depth depends on how you configure it on the server object and also how much free disk space you got there. Look on the object under Logs / Storage...

drouter is syncing dynamic routes between the cluster members over port 2010. By default it should be allowed via implied rules. If you do not sue those, it then can be blocked and cause late BGP...

You are trying to use a template when creating VSX cluster object. Don't. Without a template you will not have this confusing question about external communication interface.

You will be able to...

Some details and screenshots are here:

checkpoint-master-architect.blogspot.ch/2017/08/capsule-docs-on-mac-forget-about-it.html

Tufin and Algosec can only show rules that are logged. Just saying...

SmartLog stops indexing when certain percentage of HDD is no longer available.

After some cleaning, we now have good one month of indexed logs.

lol

The recording is now available:

http://checkpoint-master-architect.blogspot.ch/2017/07/cpet-session-3-video-is-published.html

But of course, there is always a trade-in between quality of the video and the upload size.

Wanna see in good resolution, join the live session. It is free

or even better, I can do that for you

file RFE, bro :-)

wrong thread, mate

no, afaik

since R75

TEX just prints your files into pdf or stips them out of all active content.

List of the files that TE can scan is in the documentation. Assuming the file type is supported, the potential...

Details and links are here

http://checkpoint-master-architect.blogspot.ch/2017/07/r8010-debug-documents-are-now-public.html

The people have spoken. The session is on. Details here:

http://checkpoint-master-architect.blogspot.ch/2017/07/cpet-session-3-it-is-on.html

Please join me to talk about kernel debug

One set is still available, if you are interested

Hi all, one book is still available for sale.

Correct. My point was, the full answer would be "those encryption and hash protocols, unless your local laws require something different"

Second that. One just need to see these settings are legal in your country. Not the case for Russia, China and probably some other places.

You can exclude certain protocols in VPN Community Advanced section. However, that would apply to all communications between both encryption domains.

Two SSL decryptions for a single connection makes 4 times trickier certificate management and trust chains. It is as complex as one can handle for a single SSL inspection point.

I would say, one...

the process of conversion is thoroughly described in Check Point VPN admin guide: https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/13941.htm

I am sorry, but this does not make any sense. You can only create exclusions IF automatic anti-spoofing is disabled.