CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: Cory Webb

Page 1 of 2 1 2

Search: Search took 0.00 seconds.

  1. Thread: SNMP

    by Cory Webb
    Replies
    2
    Views
    1,034

    Re: SNMP

    What version are you running?
  2. Re: push policy to gateway even when checkpoint policy verification fails

    I've had this question myself before and unfortunately I couldnt find a way to bypass the verification process either. Closest thing I could find was cp_merge but its not supported for MDS...
  3. Replies
    12
    Views
    3,175

    Re: Replacing Bluecoat with Check Point

    The App Control & URL Filtering blades evaluates traffic differently then the firewall blade (top down as you said) so in the example you have given you are essentially using both the whitelist and...
  4. Replies
    1
    Views
    1,721

    Re: SNMP v3 on checkpoint R70

    According to sk43078, splat supports net-snmp up to version 5.3.1 on all versions of splat. Haven't tested myself to see if its true but just FYI
  5. Re: Why we need a Firewall, when we can allow or deny traffic through Router.

    I see what you did there
  6. Replies
    16
    Views
    2,820

    Re: add new/replacement cluster member

    The gateways will not recognize that they are in a cluster until you create the cluster object in dashboard and push policy to them. To put the gateways in a cluster check the ClusterXL check box in...
  7. Replies
    10
    Views
    3,357

    Re: VPN and VRRP Cluster

    When you failover, does the other traffic failover properly?
  8. Replies
    3
    Views
    11,375

    Re: Host Header Redirection

    Most web servers should be able to distinguish sites based on URL headers. This is something that should be done by the web server function and not the firewall. The firewall sees the traffic coming...
  9. Replies
    1
    Views
    1,417

    Re: Sort IPS protection rules?

    Click on the column header for the profile you want to sort and it will sort it by the action types, Prevent, Detect, or Inactive
  10. Replies
    7
    Views
    4,976

    Re: Failover in cluster

    As ShadowPeak and cciesec2006 stated, /var/log/messages are typically are the best places to look for intermittent failovers. So it is best to grab the outputs of /var/log/messages as quickly as...
  11. Replies
    3
    Views
    2,194

    Re: firewall upgrade checklist

    the system configuration can be saved by running > save configuration <file name> from clish. the file will be saved in /home/admin. transfer it off the box and then perform the fresh install. once...
  12. Replies
    3
    Views
    1,449

    Re: TLS support for incoming mails

    not sure how u set it up but sk108553 has the procedure so you may want to give that a try
  13. Replies
    2
    Views
    1,208

    Re: ESOD Database Update - Backend failure

    when did you first start seeing this? have you been able to update the ESOD before? or is this just now happening on r77.30?
  14. Re: Change Administrator username in Security Manager R77.30

    Glad it worked, i would add for subsequent users that may need to do this that after deleting the admin just make sure you dont close the ssh/console session or else you will be bricked out of the box
  15. Re: How to configure Endpoint Security (VPN client) with AD credentials - R77.30

    You need to be running identity awareness and using AD query for the identity source and add the AD domain(s). Then you will need to create rules for users stating what applications/resources they...
  16. Replies
    6
    Views
    3,039

    Re: Post-Outbound (VPN Encrypt)

    I would run with ShadowPeaks suggestion first...funny enough Ive never seen vpn break because of issues with clusterXL either but like SP said it looks like disabling and re-enabling clustering will...
  17. Re: Fetch policy from gateway to management station

    Its astounding (see scary) to me to see the number of people who work with INFORMATION SECURITY that don't have or follow any sort of backup or revision process and end up in situations like...
  18. Re: Mobile access/vpn client and Single Sign-On (SSO)

    I've done this before with Endpoint Connect, not sure what version but it should still be around in the latest ones
  19. Replies
    3
    Views
    1,966

    Re: vlan allocation

    pretty general with your question, can you be a bit more specific?
  20. Re: Introducing: Jon's Checkpoint Connectivity Check script!

    this is awesome!!! thaaanks
  21. Re: Log user out of IA session when user logs out of computer

    you are correct. thats how AD query works so you may want not to sacrifice that at the expense of being able to see logout events
  22. Replies
    6
    Views
    3,039

    Re: Post-Outbound (VPN Encrypt)

    the easiest way to figure out whats happening is to perform a vpn debug to see which packet the failure is occurring on, i would run an fw monitor along with a vpn debug and that way you get a clear...
  23. Re: Log user out of IA session when user logs out of computer

    sk89023
  24. Replies
    7
    Views
    10,627

    Re: DNS query for a C&C site

    DNS Trap protection alerts you to an event, then you use that information in conjunction with the tracker logs to identify the source of the DNS request.

    From the admin guide:
    "Using the...
  25. Re: Unconventional behavior of "last login from " message

    The "Last Login is from <IP>" is related to the device and not the user account.

    So when Admin user from 1.1.1.1 logs in using SSH to Gateway A, then later End user using SSH to login to Gateway...
  26. Replies
    7
    Views
    1,963

    Re: Build an IPsec tunnel with IP overlapping

    no
  27. Re: can't add ethnet in gateway using GaiA portal

    when u run ifconfig do you see 2 NICs listed?
  28. Replies
    5
    Views
    1,677

    Re: Recommended and Default Profile

    If i were a betting man Id say so too and if that is why dawsicheckpoint then i wouldnt bother with trying to revert cus the default and recommended profiles set use the prevent/detect for all...
  29. Replies
    5
    Views
    1,677

    Re: Recommended and Default Profile

    the easiest way would be to create a new profile and then just copy the config from demo mode but why would you want to revert back to the recommended protections? for IPS u really should have it...
  30. Re: using VMworkstation can't display smartdashboard fully

    ive had this issue before, sk77821 has worked
  31. Replies
    5
    Views
    2,592

    Re: CCSM - Denmark

    congrats mate!!!!
  32. Replies
    1
    Views
    1,731

    Re: remote access for gateway

    easiest way would be for someone on the local side to install whatever the device is and then allow access (create a rule) that allows the out-of-country personnel to complete the configuration
  33. Re: Inform IPS what OS and equipment is used within internal network

    if you go to the IPS tab under Protections --> by Protocol --> Application Intelligence it will give you all the protections specific to a given application (ie. Adobe products, Microsoft networks,...
  34. Re: Java script menu doesn't work when browsing web pages by Mobile Access portal

    try with multiple PCs and window versions to see if your getting the same thing. i would also try to update jave and/or the browser to see if the issue persist
  35. Replies
    3
    Views
    2,610

    Re: Checkpoint 13500 Device Performance

    Identity Awareness Blade - not really a blade in the sense that some of the other blades are. usually used in tandem with other blades like application control & url filtering for setting up access...
  36. Replies
    17
    Views
    4,964

    Re: SIC Establishment and Security

    SIC uses the hostnames of objects to create the certificates for trust. I could see this working if policies were able to be assigned per interface like an ASA maybe
  37. Replies
    35
    Views
    17,301

    Re: NTP not syncing - Gaia

    if the problem is just with the version then why not just configure your NTP a version that check point likes...
  38. Re: Facing issues while Reassigning policy in R77.20 MDM

    if you didnt find those specific proetections in guiDBedit the you can try clearing the gui cache or running a debug and that should tell you what is causing the failure
  39. Replies
    11
    Views
    7,215

    Re: RESET SIC GAIA 77.20

    if you dont see a reset SIC option in the cpconfig menu, chances are you're not on a gateway and on a mgt server. you can run #cpprod_util FwIsFireWallModule to check if management server is...
  40. Replies
    2
    Views
    2,828

    Re: Backup Stuck at In Progress

    hopefully they're not still waiting on that backup
  41. Re: upgrade cluster from Secure Platform R76 to GAIA R77.20

    nice part is that once you get on gaia you can then install hotfixes and perform upgrades automatically through the webUI using CPUSE
  42. Re: Java script menu doesn't work when browsing web pages by Mobile Access portal

    try with different browsers to see if your seeing the same thing
  43. Replies
    1
    Views
    1,579

    Re: Cisco Setup Howto?

    follow sk55020, it has all the info about how to setup a a parser for non-check point syslogs
  44. Replies
    2
    Views
    1,497

    Re: R77.30 SSL VPN Logging/Tracking

    why u need to know this? have you tried asking them :) ?
  45. Re: 1st SYNC and 2nd SYNC in GAIA R75.47 ClusterXL Active/Standby mode

    i would not recommend having to sync connections as this can cause more headaches then it helps
  46. Replies
    3
    Views
    2,099

    Re: URL Field in SmartView Tracker

    can you put up a screenshot of the log...
  47. Replies
    2
    Views
    1,683

    Re: Gaia web portal - Backup vs Snapshot?

    This is a pretty good link:

    the chart is a great guide to use

    A snapshot creates a file that contains a binary image of the entire root (lv_current) disk partition. This includes all of the...
  48. Re: Server Migration: All the Import/Export commands possible

    theres also mds_backup which will do the same thing as mds_setup. the best one to use depends on what you're trying to do
  49. Replies
    2
    Views
    1,454

    Re: More granularity in Pre-Boot?

    can u put up a screenshot of this
  50. Replies
    5
    Views
    2,569

    Re: Top sources alerting?

    at first i thought this might be able to be done with SNMP but I checked and i couldnt find a check point MIB for bandwidth by protocol. the closest thing i could get to this was using the bandwidth...
  51. Replies
    10
    Views
    4,225

    Re: ClusterXL on r77.10 dropping igmp messages

    the drop is coming from the FIBMGR which is what syncs the routing info among cluster members and as can be seen from the screen shot uses port tcp 2010 so the polciy needs to be able to accept all...
  52. Re: routing between 2 separate star communities on a gateway r77.20

    The only way to do this is by using Traditional MOde VPN where its not necessary to specify the communities for VPNs, but you would need to convert everything to Traditional mode as it is not...
  53. Re: very minor issue with clish -c "show diag"

    nice catch
  54. Replies
    2
    Views
    1,737

    Re: Backup -l, what to expect

    To accomplish something like this may be some what difficult. There are two issues that may possibly arise from this:

    1. You have to keep the raw logs on the mgmt server. What this means is that...
  55. Replies
    3
    Views
    2,166

    Re: Can't see ESP traffic in Tracker

    they may be silent drops. run fw ctl zdebug drop and fw monitor and see if you can see them there
  56. Replies
    2
    Views
    1,132

    Re: Building VSX in VMWare Lab

    Try looking in the installation pdfs. And also there are pdfs for vsx for the different versions
  57. Re: Checkpoint migration - Distributed R75.47 to Standalone R77.20

    Why do this?
  58. Replies
    35
    Views
    17,301

    Re: NTP not syncing - Gaia

    I did this in my lab and it worked. Try removing the settings via CLI, then go to the webui and add the ntp servers. After doing so check the cli to make sure the settings are there and for the ntp...
  59. Replies
    15
    Views
    20,666

    Re: Check Point vs Fortinet pro's and con's.

    I've had experience with Fortinet and I'd say you can't really go wrong with either one. In your research Im sure you've checked out gartner's magic quadrant for firewalls and saw that fortinet is a...
  60. Replies
    17
    Views
    7,844

    Re: R77.30 Upgrade advice

    Has anyone had issues after installation of the jumbo hotfix for R77.30? I have not had the pleasure of installing yet
  61. Replies
    35
    Views
    17,301

    Re: NTP not syncing - Gaia

    well if its not working on anything then id say eliminate the common denominator (ntp server) and test with another one
  62. Replies
    12
    Views
    2,957

    Re: 1180 - No logging after R77.20 upgrade

    You said you installed the add-on for r77.20, and everything but logging is working but you may want to check with support if this is still relevant/true but I was informed that for centrally managed...
  63. Replies
    11
    Views
    4,579

    Re: ISOmorphic in R77.20

    There was a post about this a few weeks ago that may help:

    https://www.cpug.org/forums/showthread.php/20688-Large-Deployment-provisioning-process?highlight=smartprovisioning
  64. Replies
    5
    Views
    1,359

    Re: Bi-Directional IPS scanning Throuhput

    Huzzah !!!
  65. Replies
    35
    Views
    17,301

    Re: NTP not syncing - Gaia

    What's going on with the gateways that this mgt server is sitting behind? Are they having the same issue? If not then compare the NTP specific information on the gw's that work with what we are...
  66. Replies
    3
    Views
    2,453

    Re: DLP Exchange Agent Impact?

    I would have to say my experience with DLP has been similar to that of jdmoore0883. Speaking from my own experience, it's not as resource intensive as IPS or Threat Prevention but im sure the...
  67. Replies
    11
    Views
    4,579

    Re: ISOmorphic in R77.20

    In regular Gaia the system configuration can be saved by running "save configuration <script name>" from Clish. Then you can use WinSCP or any other file transfer program to pull the <script name>...
  68. Replies
    35
    Views
    17,301

    Re: NTP not syncing - Gaia

    Could be that the NTP responses is being rejected because the rootdelay and rootdispersion of the peer is too high. In general this means that the NTP client is rejecting the NTP time response from...
  69. Re: SmartView Tracker "Custom Filters" are missing after R77.20 -> R77.30 upgrade on

    this may be the culprit, sk107510
  70. Replies
    5
    Views
    1,359

    Re: Bi-Directional IPS scanning Throuhput

    One of our customers had this question a while ago and we were told that the production throughput was based on the default IPS settings which is inbound inspection only but this was back in 2012 so...
  71. Re: Has ISP redundancy started supporting more than 2 ISP links?

    There is a special macro called NON_VPN_TRAFFIC_RULES that will prevent traffic from being sent through the VPN. You can edit the user.def file or the crypt.def file using Check Point INSPECT...
  72. Re: Management server natted managing GWs at other location

    Yeah i think both static NAT and "Accept Control Connections" need to be setup in order to manage remote gw's
  73. Re: Management server natted managing GWs at other location

    When it fails is there an error is it just timing out?
  74. Re: Configuring gateway as a UFP server with Websense 6.x

    agreed. u would also be able to use https inspection enabled with application and url filtering
  75. Replies
    3
    Views
    1,444

    Re: Backup Fails on secondary MDS.

    when it fails does it give a message or any indication of why it failed? if not try looking in /var/log/messages. have u tried running from webUI and CLI and are having the same issue? it might also...
  76. Re: Configuring gateway as a UFP server with Websense 6.x

    If the traffic is https traffic that might be why. According to this article from websense http://www.websense.com/content/support/library/deployctr/v76/dic_ws_int_chkpt.aspx#602791
    only ftp and...
  77. Replies
    1
    Views
    920

    Re: NEtwork Group Object Limitations

    You could probably find this out going into guiDBedit and searching for the object and parameter that delegates the value for objects per group, hopefully someone can help with finding the exact...
  78. Replies
    12
    Views
    3,365

    Re: Upgrade cluster to R77.20

    double check your upgrade path. I found r75.30 splat >> r77 splat >> r77.20 gaia using the wizard. after upgrading a member it would be a good time to install the jumbo hotfix for r77.20 (since you...
  79. Replies
    3
    Views
    2,694

    Re: download IPS signatures from CLI ?

    you might be able to do using offline updates
  80. Replies
    11
    Views
    5,658

    Re: Checkpoint VRRP - new install

    thumbs up for the analogy
  81. Replies
    21
    Views
    14,758

    Re: Large Deployment provisioning process?

    sounds like a job for smartprovisioning. check out sk107164
  82. Re: IPSEC S2S VPN tunnel established but cannot pass traffic

    run a vpn debug and fw monitor to see whats really happening to the traffic
  83. Re: migrate export from secondary security management server

    moral of the story: always take backups
  84. Re: ports required from Management server to Gateway

    Does the management server manage both gateways?
  85. Replies
    11
    Views
    4,632

    Re: Value:Main Mode Could not retrieve CRL

    As vonunov suggested, it would probably be best to debug it for more info
  86. Replies
    6
    Views
    1,760

    Re: 1100 : upgrade of cluster

    /var/log/messages is typically the best place to look for intermittent failovers, but it does not always provide information about failovers. Its also possible to filter tracker for 'Control'...
  87. Re: Export IPS signatures from CLI - current total number

    I can think of a couple ways to do this, but there may be more

    A. Go to http://www.checkpoint.com/defense/advisories/public/index.html#Tab3 to see the complete list of protections per software...
  88. Re: Checkpoint gaia R75.46 hard disk health check

    Might also want to try using the hardware diagnostic tool
  89. Replies
    4
    Views
    1,415

    Re: IA - domain group issue

    After making the susequent change was policy installed?
  90. Replies
    11
    Views
    4,632

    Re: Value:Main Mode Could not retrieve CRL

    Found sk33296 in less then 30 seconds searching the support center
  91. Replies
    1
    Views
    1,210

    Re: SmartEvent Server

    1. Setup SmartEvent server the same as you would a management server

    2. If this is a global smartevent server then it still needs to be comfigured as a mgt server. Once its configured it will need...
  92. Replies
    10
    Views
    2,388

    Re: Prevent access from home PC's

    A few questions to comsider if implementing this: Were users still able to connect from thier home networks? Or did it prevent any access at all? Did the logs say why this traffic was being...
  93. Replies
    10
    Views
    2,388

    Re: Prevent access from home PC's

    Would not recommend secure workspace from personal experience but this sounds like it should be able to be accomplished via identity awareness by using a user group for machines identified by a...
  94. Replies
    6
    Views
    1,760

    Re: 1100 : upgrade of cluster

    Sure thing. Correct about the r77.20
  95. Re: NGSE Offline Jobs for old logs (R77.20) do not generate events

    there is a way different way to import logs to ngse; you have to change the log indexing settings. look at the ngse release notes page 9 or 10 i think.
  96. Replies
    6
    Views
    3,763

    Re: Antibot not updating on secondary firewall

    run tcpdump and fw ctl zdebug drop on both gateways for successful update and on the gateway it fails on. once we're able to see whats happening to the traffic we'll have a better understanding of...
  97. Replies
    8
    Views
    3,575

    Re: Zero downtime upgrade?

    I would ask the reason for switching the cluster to broadcast mode? The only reason you'd want to do this is if you have a switch that cant forward multicast traffic. You could see an issue where...
  98. Replies
    6
    Views
    1,760

    Re: 1100 : upgrade of cluster

    After upgrading the secondary you will need to login to dashboard and edit the cluster object manually to the new version and then install policy to the cluster. On the push installation window be...
  99. Replies
    0
    Views
    945

    Backups and or migrate exports for CMAs

    Is anyone familiar with a method or know if its possible to create a backup for a single CMA without using HA or backing up to a management server? I know you can run a backup for the entire MDS but...
  100. Replies
    6
    Views
    3,763

    Re: Antibot not updating on secondary firewall

    I concur with brian, you can run packets captures to see if the traffic is returing to the VIP and then being forwarded to the active memeber, if it is you can edit the user.def file on the mgt...
Results 1 to 100 of 136
Page 1 of 2 1 2