CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: Mariusz1

Search: Search took 0.00 seconds.

  1. Replies
    3
    Views
    3,229

    SAM rules exception

    Hello,

    From time to time some legitimate hosts/networks falls into SAM :-(. Is it possible to enter SAM rules exception (the same idea as in IPS network exceptions)?

    Best regards
    Mariusz
  2. Replies
    6
    Views
    1,853

    Re: ClusterXL standby node strange behavior

    On both gateways we have:
    [Expert@gw1:0]# installed_jumbo_take
    R77.30 Jumbo Hotfix Accumulator take_216 is installed, see sk106162.
    [Expert@gw1:0]# /opt/CPinfo-10/bin/cpinfo -y all

    This is...
  3. Replies
    6
    Views
    1,853

    Re: ClusterXL standby node strange behavior

    Frist of all it appeared before T216 install. We have installed T216 in hope maybe it will resolve our issue. Yes, I confirm - we are using VMAC, but it works fine.

    By the way Gaia Portal (GUI)...
  4. Replies
    6
    Views
    1,853

    ClusterXL standby node strange behavior

    Hello.

    We have two ClusterXL Gaia R77.30 identical nodes with following hotfixes installed:
    • Jumbo Hotfix Accumulator General Availability for R77.30 Take 216
    • HOTFIX_R77_30
    Implicitly...
  5. Re: How to put e-mail attribute in DN field of external CA certificate?

    It seems fine, even for openssl req -noout -text -in test.csr command

    But some csr online checkers, like https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp give following...
  6. Re: CSR file - wrong key length and wrong SHA algorithm

    Problem solved:

    Root certificate of external CA used SHA1 and it looks like csr "derived" it somehow. By getting new root certificate (using SHA256) and creating new external CA object in 'Servers...
  7. How to put e-mail attribute in DN field of external CA certificate?

    When I try to put e-mail attribute in DN field to generate csr file to be signed by external CA I get an error "DN is invalid"

    CN=vpn.acme.com,O=Acme,L=City,ST=State,C=US is OK, but...
  8. Replies
    3
    Views
    1,335

    Re: Lack of cpopenssl command documentation

    When I generate all these keys, csr file, and so forth using cpopenssl command on Security Management Server, and when I get back signed certificate file from 3rd party CA where should I put it in...
  9. Replies
    3
    Views
    1,335

    Lack of cpopenssl command documentation

    Where can I find cpopenssl command documentation, examples, etc.? There is no word about it in "CP_R77_CLI_ReferenceGuide" and in "CP_R77_VPN_AdminGuide" either :-(.
    I know that cpopenssl --help is...
  10. Re: CSR file - wrong key length and wrong SHA algorithm

    No, it doesn't work like that :-(.

    Any other ideas/hints?
  11. Re: CSR file - wrong key length and wrong SHA algorithm

    Thank You very much!

    Great! Exactly, that's what I've been looking for! Now I have 2048 key size.
    But it's fingerprint is still SHA1 instead of SHA256 :-(.

    On gateway there is...
  12. Re: CSR file - wrong key length and wrong SHA algorithm

    Yes, I mean exactly CSR generated via the Dashboard (for Site-to-site VPN with third party and signed by their CA), as shown here:

    https://www.ssl247.com/support/create-csr/checkpointfirewall

    I...
  13. CSR file - wrong key length and wrong SHA algorithm

    Hello.

    On Smart Management Server version R77.30 Build 354 I have entered following command:

    [Expert@SMS]# cpca_client set_sign_hash sha256

    On $FWDIR/conf/InternalCA.C file I have now...
  14. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Meantime I have found in "sk93306 - ATRG: ClusterXL R6x and R7x" why they can't synchronize (pages 19 and 20):

    "Requirements for hardware:
    ClusterXL operation completely relies on internal timers...
  15. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    According to sk25977.

    For splat 5th octet of source MAC is fwha_mac_magic and 6th is ID of cluster member. In our case fwha_mac_magic is 0xFE (254 decimal) and cluster member ID for primary is 0....
  16. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Last problem solved, but it's not the end of the thread yet :-).

    Now that we have everything configured and tested there is one more question: is it possible to synchronize clusterXL between Gaia...
  17. Replies
    5
    Views
    3,336

    Re: Gaia R77.30 static routing problem

    You are again totally right, Valeri.
    I've tried to config as much as possible without connecting any cables to not to disturb currently running SPLAT cluster. After link up all routes became active....
  18. Replies
    5
    Views
    3,336

    Gaia R77.30 static routing problem

    Hi.

    On WebUI (Gaia Portal) I have some static routes, but in cli show route static command result is totally empty.
    Besides when I add static route in cli, for example:
    set static-route...
  19. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Thank You very much - it works like charm (at last)! Bingo!

    sk108200 says: "Follow these steps before installing Gaia OS on HP ProLiant Gen9 servers ..." but it seems it works even after...
  20. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    It's brand new/fresh install on open server HP ProLiant DL380 Gen9 from Check_Point_R77.30_T204_Install_and_Upgrade.Gaia.ISO and later fresh DeploymentAgent_000001130_1.tgz installed and then...
  21. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    This time I will respond to myself. I've found something like "Changing the port for Gaia Portal on Security Gateway":
    ...
  22. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Yes, I am quite sure that new registry value is written. Whole procedure has been done twice and still without result :-(

    "7. Verify that the changes were saved in registry file
    [Expert@FW]# grep...
  23. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Unfortunately sk62065 didn't work - (step 9) after reboot registry data is again Multik ("[4]0") :-(

    Contents of /etc/fw.boot/boot.conf is:

    CTL_IPFORWARDING 1
    DEFAULT_FILTER_PATH ...
  24. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Yes, we have central licenses for both nodes with expiration date never:

    CPSG-C-4-U CPSB-FW CPSB-VPN CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-M CPSB-ASPM
    and...
  25. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    There is another issue - in Gaia cpconfig menu we don't have Enable Check Point CoreXL

    Configuration Options:
    ----------------------
    (1) Licenses and contracts
    (2) SNMP Extension
    (3) ...
  26. Replies
    23
    Views
    4,590

    Re: R77.30 migration form SPLAT to GAIA

    Thank You for imidiate reply.

    We are using the latest Check_Point_R77.30_T204_Install_and_Upgrade.Gaia.iso, so it should contain take 204 hotfix (if we are correct?).

    Currently we have...
  27. Replies
    23
    Views
    4,590

    R77.30 migration form SPLAT to GAIA

    Hi.

    We are migrating our R77.30 SPLAT ClusterXL gateways on open servers to R77.30 64-bit GAIA on newer open servers.

    Question is: can we use Smart Management Server on SecurePlatform to...
  28. Re: Cpuinfo shows only 1 core on Xeon X5260 (dual core) processor

    As I mentioned earlier it is SecurePlatform R77.30 on HP ProLiant DL380 G5 server and all files are from this environment. (Live linux was only for testing purposes.)

    Do you mean "Multi-Processor...
  29. Re: Cpuinfo shows only 1 core on Xeon X5260 (dual core) processor

    From /var/log/dmesg:

    ...
    Detected 3333.477 MHz processor.
    Built 1 zonelists. Total pages: 1245183
    Kernel command line: ro noht root=LABEL=/ vmalloc=128M panic=15 console=ttyS0
    3 quiet...
  30. Cpuinfo shows only 1 core on Xeon X5260 (dual core) processor

    Hello.

    We have Intel Xeon X5260 (dual core) processor on HP ProLiant DL380 G5 server but cpuinfo on Splat R77.30 gateway shows ony 1 cpu core:

    [Splat@fw1] cat /proc/cpuinfo
    processor : 0...
  31. Re: Java script menu doesn't work when browsing web pages by Mobile Access portal

    Unfortunately with other browsers doesn't work either :-(.
  32. Java script menu doesn't work when browsing web pages by Mobile Access portal

    Hello

    When I browse web pages containing menus in java script through Mobile Access portal (using WWW section of it) these menus don't work. Is there any solution to this problem?

    Regards....
Results 1 to 32 of 32