CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Search:

Type: Posts; User: Nachtfalke

Search: Search took 0.00 seconds.

  1. Replies
    3
    Views
    1,848

    Re: VMAC question

    Unfortunately VMAC ist badly implemented on checkpoint systems. Traffic from the gateway will always be sent with the physical MAC and never with the VMAC. VMAC is only used for traffic sent to the...
  2. Replies
    7
    Views
    2,334

    Re: TCP “out-of-state” drop- Please Help

    Hi,

    we are having this problems, too on some machines.

    If you are using SecureXL + "Drop optimizations" enbaled then you can see "TCP out of state" issues after a policy install. It is not...
  3. Replies
    10
    Views
    5,090

    Re: ClusterXL unexpected/hidden failover

    Hi,

    don't know which version you are using but GAiA R77.30 with at least JHFA Take 162 up JHFA Take 225 has major memory leaks in FWD.
    When your are using "top" and you can see that e.g. fw_full...
  4. CheckPoint MDS R77.30 - Compliance Blade - How to run custom scripts ?

    Hi,

    sorry I did not find any better part on the forum for posting this than R77.30. Hope it will fit in here:

    We are running a MDS with 10 Domains. Last year we bough two n ew 3150 SMART-1...
  5. Re: R77.10 GAiA GW with IPsec RemoteAccess - private IP - Best practice MTU?

    Hi,

    thank you for response. Will talk to the Endpoint Colleagues to make sure theys have enabled "visitor Mode" which is already enabled on Gateway.

    Can you give me some SKs or links to SSL/TLS...
  6. Re: R77.10 GAiA GW with IPsec RemoteAccess - private IP - Best practice MTU?

    Hi ShadowPeak,

    thank you for taking time to read and answer my questions. I will try to answer yours:

    1.) The MTU on the client was lowered because when we had the MTU of the Virtual Interface...
  7. R77.10 GAiA GW with IPsec RemoteAccess - private IP - Best practice MTU?

    Hi,

    wer are using R77.10 Gateways with GAiA and IPsec Blade. We are using this Gateway for RemoteAccess VPN in Tunnel Mode.
    This Gateway has two Interfaces (VLAN) and both have MTU 1500 set....
  8. Replies
    38
    Views
    15,532

    Re: R80.10 Public Early Availability

    Changelog?
    How to upgrade existing R80.10? Guide? SK?
    Or is this update within a Jumbo HFA?

    I sent several issues to EA TEam and before I provide further problems which are still there from...
  9. Replies
    13
    Views
    4,357

    Re: HFA identifier from cpinfo -y

    Thank you for feedback :-)
  10. Replies
    23
    Views
    6,292

    Re: R77.30 Take 205 - is it stable?

    Just want to let you know that checkpoint confirmed in a remote session that Take 207 still has memory leaks in fwd / fw.full process.
    The reason we updated form 162 to 207 was that they told us...
  11. Re: checkpoint VMAC address difference between R75.47 and R77.30

    Hi,

    this is what I did in my lab and on 7 Clusters:

    1. cpstop member1 and removed fwkern.conf parameters for MAC magic on Member1
    2. set cluster ID on member1
    3. rebootet member1
    4. Failover...
  12. Replies
    23
    Views
    6,292

    Re: R77.30 Take 205 - is it stable?

    Hi,

    our goal was to install Jumbo HFA Take 205 on 50 Gateways but then we noticed many fwd coredumps in our complete environment (Take 162 installed) and we were advised to go to take 207 which...
  13. Replies
    13
    Views
    4,357

    Re: HFA identifier from cpinfo -y

    Did someone notice that with the latest cpinfo version you could see the JHFA Take Number with the "cpinfo -y all" command BUT ONLY when JHFA was installed via legacy CLI installation.
    After...
  14. Re: checkpoint VMAC address difference between R75.47 and R77.30

    Just a littly note:

    Using "Mac Magic" is not the recommended way anymore. Recommended is to set the Cluster-ID instead.
    Cluster ID can be 1 to 254.

    You can "convert" the 0x2c hex mac magic to...
  15. Re: checkpoint sk92889: hit_count_rules_table.sqlite is very large

    You are right. Many CheckPoint SKs are wrong or have mistakes. I have good experience with the feedback checkbox on the bottom of the SK. Main problem is - I think - they have so many SKs talking...
  16. Replies
    8
    Views
    3,135

    Re: Per-flow throughput limitations?

    Hi,

    thank you for sharing this information. We are in need to install a bigger firewall than the 23800 Appliances in our datacenter and we are looking at the 61k - using 260SGMs. At the moment...
  17. ClusterXL High Availability (active/standby) - VMAC questions

    Hi,

    last week we noticed that enabling "VMAC" does not mean VMAC is really enabled for all traffic/situations. So here is what we saw:


    Traffic sent from clients/server to the firewall or a...
  18. Replies
    15
    Views
    4,899

    Re: Multicast Forwarding

    I know exactly how you feel. Even if they fix it after that long time preiod you could be sure that this bug is still there in the newer versions and you can open a new ticket for the same issue...
  19. Re: Which hotfix should I install on my provider-1 system

    Hi,

    we are using SMART-1 3150 Appliance and we have a bond, too. We noticed that CheckPoint still has working drivers when using MTU size bigger than 1500 and 802.3AD configured on 10G interfaces....
  20. Re: Session Matching failing after R77.30 upgrade

    Hi,

    do you have "Drop Optimization" enabled? If yes the try disable it and try again.
    We had an issue with R77.10 and JHFA T131 and we got TCP out of state - first packet isn't syn after every...
  21. Re: TCP State Logging - sk101221 - Need help to understand differences

    @SERGEi

    Thank you for posting here the exactly same as you did in the support ticket I opened in the past. Answering the question with the same answer as it is written in the SK is "very usefull"....
  22. TCP State Logging - sk101221 - Need help to understand differences

    Hi,

    I have some questions regarding this sk101221. I am not sure if I understand the differences correctly. Further I cannot submit any feedback on the CheckPoint page - it is still telling me...
  23. Replies
    6
    Views
    2,969

    Re: MSS Clamping not working

    Hi,

    I am not soo familar with mss clamping. But if I remember correct on Cisco this means:

    If the MSS in a TCP SYN is lower than the configured MSS then the Cisco will do nothing.
    If the MSS...
  24. Replies
    3
    Views
    2,322

    Re: How to stop "threat emulation" popup

    Same here. We are not using Threat Emulation but only AntiBot and this window is really annoying. We too just click litle "x" to close it.
    For us this happend when we gave the MDS access to internet...
  25. Replies
    2
    Views
    2,363

    Re: R80 - Migrate from R77.30

    Got some information from my SE who told me that R80 should have at least 8GB RAM for system itself and if running MDM then every Domain/CMA should have at least 2GB of extra RAM.
  26. Replies
    7
    Views
    6,008

    Re: R77.30 jumbo hotfix

    I just can agree with Agoabusharif last post.

    CheckPoitn QA is really annoying but every time you have a problem the first question ist "Do you have the lastes JHFA installed? No? Please install...
  27. Replies
    0
    Views
    1,968

    Hardware specs - 15000 and 23000 series ?

    Hi,

    can someone tell me the hardware specs of some of the 23000 and 15000 series appliances?
    Would be most interested in the CPU information. Which type, cores, Mhz.

    The reason why I am asking...
  28. Replies
    5
    Views
    5,423

    Re: IPS update error SmartDashboard

    I can confirm this behaviour. I think I found it in the SmartDashboard Help. Just clicked on "Help" oder "?" - don't know exactly anymore.

    This is another stupid thing of the checkpoint stuff.
  29. Replies
    17
    Views
    5,744

    Re: SIC Establishment and Security

    Hi,

    in general I would say the SIC is secure or could be secure enough to use it alone without other mechanism like IPsec VPN tunnels.
    But phoneboy mentioned one sk101269 and here is another...
  30. Re: Message "cul_load_freeze" with high CPU Usage

    We are getting these messages on all our firewalls (21700, 12600, 12200) with GAiA R77.10 and it doesn't matter if ther is much load or just some Mbit/s of traffic. We are getting this only when...
  31. Replies
    4
    Views
    3,279

    Re: How does AntoBot work with a proxy?

    Hi,

    it really depends on where in the communication your proxy is.

    In our environment the clients communicate through the firewall to the proxy and the proxy through the firewall to the...
  32. Replies
    3
    Views
    3,345

    Re: DNS Return Traffic being blocked

    Hi,

    double check is you allow TCP und UDP for DNS port 53.
    Check in the log if it will be dropped because of some special "source port" for that traffic which is different from the one configured...
  33. Re: Installation failed. Reason: Load on Module failed - failed to load Security Poli

    Hi,

    I had a similar problem in the past but with R77.10. We enabled IPS on some clusters and every time when we installed the policy on more than 2 gateways at the same time we got the issues.
    So...
  34. Re: Inform IPS what OS and equipment is used within internal network

    Unfortunately this "stupid" search function is just searching within the signature name but not within the description. So if the signature name does not contain the key word it will not help you.
  35. Re: 12200 - 8 power supplies defect in the last 6 month

    Hi everybody,

    thank you for your feedback. Unfortunately we were surprised by the power supply failures. We do not have active SNMP monitoring for our firewalls - just syslog messages but power...
  36. 12200 - 8 power supplies defect in the last 6 month

    Hi,

    we have 10 CheckPoint 12200 Appliances with redundant power supplies. In the last 6 months we encountered 8 defect power supplies - only on these appliances. We have 40 other appliances of...
  37. Re: GAiA R77.10 + HFA Take 131 + SecureXL on - Losing connection while Policy Install

    Hi again,

    not really many news on this topic because I was involved in other things the last week. But some thing we found out:

    It is not only traffic on port 22/ssh and 1419 but it is for...
  38. Re: NGSE + MDS R77.10 = coredump cpsedm when SIC established or try to login

    Hi,

    just want to let you know that we could solve the issue. Although it's not clear for me at all why this error occured it is now running.

    First advice of CheckPoint was to give me a new NGSE...
  39. Re: Tufin - SecureTrack - SecureChange - SecureApp

    Thanks for your offer,

    before we started with our project to implement the colleagues did a paper evaluation of algsec, tufin, skybox and firemon. The result of the evaluation was - as far as I...
  40. Re: GAiA R77.10 + HFA Take 131 + SecureXL on - Losing connection while Policy Install

    Hi shadowpeak,

    thank your for your feedback. I appreciate it!

    - It looks more like hanging. The colleagues are connected vi SSH and they then tell me that it hangs and then after some time they...
  41. Re: Tutorials, Tips&Tricks, How-Tos, Scripts - where to get?

    Having and offering an API is nice but for me it smells often a bit like "We did not finish all our ideas or we did not have the man power to do so. So let the customer itself do it and buy...
  42. GAiA R77.10 + HFA Take 131 + SecureXL on - Losing connection while Policy Install ?

    Hi,

    we are running different Gateways as ClusterXL and Standalone with GAiA R77.10 and HFA Take 131.

    ~8 weeks ago we upgrades from HFA Take 41 to HFA Take 131 on two 12200 Appliances with GAiA...
  43. NGSE + MDS R77.10 = coredump cpsedm when SIC established or try to login

    Hi,

    in the past we had SmarteEvent R77.10 running on a SMART-1 50 appliance. We had many problems the last months that we regularily got coredumps of dbsync and cpsemd when the MDS did start...
  44. Re: Tutorials, Tips&Tricks, How-Tos, Scripts - where to get?

    Hi brian_netsec,

    there are some things which what we and our users are fighting when using Tufin ;-)

    1.) Global Objects
    Unfortunately we are using global objects over all our 10 CMAs. The CMAs...
  45. Tutorials, Tips&Tricks, How-Tos, Scripts - where to get?

    Hi,

    since some weeks my company is using Tufin SecureTrack and SecureChange. While implementing this tool in the last 6 month we got some experience with this tool but we also got some bad...
  46. Tufin - SecureTrack - SecureChange - SecureApp

    www.tufin.com
    portal.tufin.com

    Could be interested for users using CheckPoint Firewalls as long as Tufins most focus is on CheckPoint.
    Further I am still searching for a community forum where...
  47. Re: GAiA R77.10 + HFA Take 131 - ClusterXL - routed crashed when bootp enabled

    Hi,

    to explain it a little bit more in detail:

    We installed a complete new cluster with R77.10 and HF131. We installed it the same way as we did with more than 20 other clusters in our...
  48. Re: GAiA R77.10 + HFA Take 131 - ClusterXL - routed crashed when bootp enabled

    Hi,
    thank you for your feedback. We could solve our problem by rebooting the switches. For some reason the switch didn't forward packets from one direction to the other but it did it the other way...
  49. Replies
    5
    Views
    1,943

    Re: No log from GW

    Hi,

    could you explain that more in detail, please?
    I thought that after the gateway has connection again the logs will be automatically send from the Gateway to the server. If this isn't the case...
  50. Replies
    5
    Views
    1,259

    Re: Sync Status HA MultiDomain Manager

    Would suggest to connect to the one which has the most recent configuration.
    Open Global Dashboard, then go to File --> Policy (?!) --> High Availability and then start the synchronization.

    If...
  51. Replies
    6
    Views
    2,266

    Re: Gateway object - not quite deleted

    We are having a similar problem the other way around. The administrators who managed the CheckPoint environment before me changed the name of some CheckPoint Gateway objects within the objects_5_0.C...
  52. Re: Anti-Spoofing - Topology - External, internal, leads to DMZ - meaning?

    Thank you very much. This really helped me! :-)

    R77.30 is on our to-do list but not until the end of this year and the first CheckPoint Hotfixes for this release ;-)
  53. Replies
    8
    Views
    3,662

    Re: VSX and Netflow issue

    Hi,

    we had problems on our GAiA R77.10 installation that netflow was sent with the cluster-IP and not the real interface IP address.
    So our netflow collector didn't recognize that traffic. We had...
  54. GAiA R77.10 + HFA Take 131 - ClusterXL - routed crashed when bootp enabled

    Hi,

    we are using GAiA R77.10 and ClusterXL. We installed the latest Jumbo Hotfix Accumulator Take 131 for R77.10 which was offer us by CheckPoint support.
    We installed this hotfix on 5 different...
  55. Re: Anti-Spoofing - Topology - External, internal, leads to DMZ - meaning?

    Hello again,

    @ShadowPeak:
    Thank you very much for your feedback. I already read these posts and (many) others here in the forum about Anti-Spoofing but I did it again to make sure I read all...
  56. Replies
    5
    Views
    3,973

    Re: AAA Solution Recommendations?

    Hi,

    using RADIUS and one-time-passwords should work. Further the shared-secret between should encrypt the user credentials between checkpoint and the RADIUS server.
    So it could be discussable if...
  57. Anti-Spoofing - Topology - External, internal, leads to DMZ - meaning?

    Hello everybody,

    I searched in the forum and on the checkpoint support page but I did not finde any explaination what is exactly meant by the Anti-Spoofing configuration options "External",...
Results 1 to 57 of 57