Search:

Hello, Is there any way to format these emails? This is all gibberish to the customer. No xml? no text files to send only the fields we want to see? Any documentation on what all these fields are?
...

I would like to get R77.80 and R80.10 and install into a VM for testing and practice, any recommendations on where to get these?

My support contract is assigned to me by the customer and I have no...

Anyone know how to get the serial number of a 1430 from the cli of the unit?

BTW, Any "Smart" tools to push the FW to these devices?

Hello Checkpoint Guru's,

I need your help :) I am trying to confirm the firmware that is on all 1430 devices we have deployed. I can see we have a large list that has an older version via the...

I "believe" SmartPro may be the way to go. When configuring devices in SmartDashboard, the FWM process will start to consume all cpu and go 100% once you get over approx 225 or more devices (in our...

Now I get this after I rerun the command with correct credentials and correct security profile

HM-SMS>
LSMcli HM-SMS jroy MyPass Convert Gateway VPN1 HM-DEVLab-0206-CP...

Thanks for the updates. OK, so I found this blurb in the admin guide.



Problem is I only see these options for the device. How do I know which of these is for a 1430 or is it even supported...

OK, Lovely. I think we have run up against this now. We have 300 1430's I want to push policy to all and we fail every time.

SMS is stand alone running R77.30 take 216

1) Is it possible to...

Anyone know what the default timeout is for the Webui on the management interface and the console port? Can these be adjusted?

Going, 1st time ever. For those who have attended, what tips can you offer?

All,

I need to add approx 15 new 1430 devices every night to the SMS with all the miscellaneous objects (subnets, IP's, hostname, etc...) What tool is available to accomplish this?

TIA

Does anyone know if there is a way to hash the sic password in the autoconf.clish file?

We have a smartevent server that used to work. It is in the same subnet as the smartlog and sms. They can all ping each other. I am unable top delete any objects or change their IP's in the policy of...

Is there a way to set the Native Vlan for an interface like we can do with Cisco?

Was an answer ever found?

Are both links with static IP's?
The Link Selection was done on which object? The Center GW or the 1400?

Hello,

I would like to know if anyone has had success in getting a 1140/1430 to use 2 isp's and to fail over the IPSec tunnel? We also need it to be able to fail back. I can't imagine that this...

The 1430 does not blink a Red light like the 1140 does when a line within the autoconf.clish file hits an error. I can say one thing for sure, Checkpoint is consistently inconsistent.

When I do a "System Backup" via Webui, what gets backed up? Are the Logs also backed up or ONLY the OS settings?

1161

Is this still the case with 77.20 on the 1140's?

We are out of ports and need to add an additional subnet. Does Cluster XL support Vlan interfaces?

I can add an IP to an interface from the cli but how do I do it for a vlan interface?

set...

Is there a tool I can use to upgrade the firmware on multiple 1140 devices (50, 100?) at the same time?

Can someone look at my syntax and tell me what I need to fix? I am trying to copy a file from a CP 3150 to a windows scp server..


[Expert@SmartLOG:0]# scp...

Thank you everyone for the responses.

The Customer is still pushing for sic over ipsec.

Really need your expertise and some input. We have some questions which relate to the Sic over IPsec.
...

Anyone have a working knowledge of the LSM CLI? How about a complete working example? It says NO VLANS can be added via the LSMCLI?
...

Has anyone been able to get Smartprovisioning to upgrade the firmware? Whats the trick?

It continues to time out on us.

1086

Hi all,

Working with SmartProvisioning. I would like to know where in the tool I can templatize the Interfaces? All locations will have the same lan/vlan interface configuration with same IP...

All,

Does and 1140 Embedded Gaia support snmp on standard UDP port 161?

Can anyone share what MIB's are available?

Thanks!

Exactly what I mean, absolute inconsistency and where the F is the documentation that shows all the CLI changes????

This command worked in the older version 77.20

set service-system-default FTP...

Why is this gaia command line of a system that has linux OS the absolute LAMEST IN THE INDUSTRY? They took linux and screwed it all up.

There is no command completion, per se and it it completely...

I did a show configuration on a 1140 and get the following command under interfaces.


set interface "LAN2" lan-access "accept"

But when I try and apply to another factory-default box I get an...

Hi All,

Looking for input on ways to shorten the provisioning process for CP 1140 devices. To be fair, I have not spent the time to learn smart provisioning gui yet and if it would shorten our...

Not in the FAQ's?

Gateway-ID-7F27B660> set internet-connection "Internet1" type
cellular - Cellular Modem
eoa - EoA
l2tp - L2TP
pppoa - PPPoA
pppoe - PPPoE
pptp - PPTP...

Do the 1140's support route maps? I found this statement below on page 90 in the guide. Please tell me it is not so.

"Note - The save config and route map commands are not supported."

Anyone else see issues with the 1140 forcing all traffic thru IPsec tunnel and also breaking sic continually?

How can I configure split tunneling on the 1140? I need certain traffic to go thru tunnel but undefined traffic to nat out to the internet from the Lan. Right now it looks like all is being forced...

Can I create a Vlan1 interface and move the 192.168.1.1 IP to this interface and manage to the device? Because so far it has been unsuccessful.

Is there a newer version of the Check Pointless 1100 Appliance Centrally Managed Administration Guide???

Why is this not updated for R77.20 on 1140?

In the autoconf.clish file example, this...

My autoconf.clish file keeps saying error on the following line

Bad parameter starting at 'set user admin type admin password aaaa'

Any ideas?

When I try and run the command on the box, it...

Why? Because I actually would want to connect more then 1 device on the same Vlan without the added expense of a switch. A Cisco, a Juniper, Fortinet, the majority of enterprise devices can do this....

Are you able to assign more than one interface to a Vlan? If so, whats the trick?

I want 4 interfaces, Lan2 thru Lan5 in Vlan 2.

I am unable via the Gui on the 1140 version R77.20. Anybody...

I ran the show software-version and found its older code.

My mistake, my Lab box was rolled back to R75.20. Let me get it updated again.

I will share the nat problem (verified issues by CP in...

OK, so I have confirmed embedded Gaia does not support the full command set and the "show configuration" command does not work (works in clish only). It is really looking like smart provisioning...

Excellent, Thanks!

Absolutely LAME. I cannot assign an interface to a Vlan without assigning the Interface (LAN1) an IP address? Are you kidding me? This must be a joke or there is another method because it looks like...

Setting up a SmartLSM Security Gateway and having issue defining the DHCP ranges and exclusions. How do we define both the range and the exclusions? Also, we have more then one exclusion range for...

Can you still send an output file? I would like to see the syntax that would be used and it would help me understand the possibilities :)

Thanks Guys,

Found the following (see below). Question, I haven't rebooted yet but do you believe this will survive across a reboot?

Executed the following commands to set one of the cluster...

All,

Need your help identifying a way to stop flapping, we see it continually disconnecting webui access and ping traffic is inconsistent. We have a design (see attached image) that has two 4800's...

Riddle me this, Why can't we establish SIC to the same device on two different interfaces? It seems this was a major oversight by CP or there was a technical reason why it is not possible? I can...

Still have two drives that havent even finished. What a Joke!

Adapter 0 -- Virtual Drive Information:
Virtual Drive: 0 (Target Id: 0) ...

The documentation is the absolute worst I have ever seen for a logical order. No one in support can answer my questions on just adding drives vs. a complete tear down and rebuild of the Raid 6 on a...

What does the command raid_diagnostic show you?

Look at this though many parts are cryptic.
...

I found this http://dl3.checkpoint.com/paid/e0/e07f523c5765e52db2523bb17461c0af/CP_Smart-1_225_3050_3150_RAID_AdminGuide.pdf?HashKey=1444330945_ef81330cf1ce70c185107a5088db6c01^xtn=.pdf

I have...

This works :)

HM-CP-4800-1> show asset memory
Memory Slot 1 Size: 4096 MB
Memory Slot 2 Size: 4096 MB

Here is what I get:

[Expert@HM-CP-4800-1:0]# /proc/meminfo
bash: /proc/meminfo: Permission denied

I run dmesg and I get this. How can I confirm total Physical memory?


[Expert@HM-CP-4800-1:0]# dmesg
Linux version 2.6.18-92cpx86_64 (builder@Lnx30BccCmp5) (gcc version 4.1.1 20061011 (Red Hat...

Sic Thru IPsec tunnel?

As I understand SIC (which is very little to be fair :)) it is secure, but we have a customer who wants SIC established to an inside interface of the GW devices (1140) being...

Error attempting to delete last few objects.

There are no policies so where applied?

995

Excellent, I saw I was missing the NAT NAT but the other line was the key :)

OK, So I have my scripting process, working on automation. How can I drop ALL host nodes and all ranges from the DB so...

I have almost all scripts complete but keep getting "Invalid Schema Class" for the bottom three lines.

What did I miss?


create address_range HM-282_Range_192.168.244.2_192.168.244.18
modify...

Just to confirm. This assumes the following.

If just the 1st address in the Nat range is defined:
valid_ipaddr: 172.30.122.2

All the addresses are mapped from this address on to the end of...

I can create a range via dbedit but how do I Nat the Range? I don't see a selection. How would I do this via dbedit?

993

I was preparing my post and posted BEFORE I saw your response. I never said your response did not work.

I added the GW manually but didn't see it in the rule. Had to do a save 1st in the gui and run print again. LOL Figuring out the syntax to add the gateway into the nat. Here is what I attempted so...

Thanks for pointing out the condensed method. It is an option that looks promising. Still, If we were to do this manually thru the gui, their would be an inordinate amount of time to add the 12...

I used DBedit and printed the variables assigned to this network object (host node)

print network_objects HM-282_192.168.1.10

DAG: false
NAT: HM-282_192.168.1.10 (
...

Good to know there are additional options that we can present to the customer but the network on each side of the Nat do not have equal masks. This is the frustration that seems to be forcing us to...

????

To view this solution, higher access level is required.
To learn more about our support programs and plans click here.

We have been trying to convince the customer to move to subnets but it would require changes to subnet sizes (which is actually good to accommodate future growth) and they would have to remask and...

Can this tool be used to add a large number of Host Nodes in NAT Policy? I need 128K (yes 128,000) Nat Hosts.

Anyone have an example script they have used to do something similar?

988

Does odumper/ofiller have issues with 77.20?

Thanks for all your help! It is greatly appreciated. :)

I don't have a license to smart provisioning I am sorry to say. Is this an image of a tool you created yourself? Can you share? Can you send a sample of a generated config file?

Thanks!

Visual for the Nat design.

At its most basic level. I want to share a single /24 subnet (The Unique NAT subnet) across 6 separate vlans with static nat (thru the Ipsec Tunnel) and hide Nat (out to internet). Our design is hub...

Is there a complete list of all the commands and their syntax available for the 1140 command line?

I would like to see all the available "set", "fetch" and all available commands

TIA!

Found...

I tried "save configuration <script name>" but no go.

I ran "bashUser off" and then "clish" then got into expert mode and tried again but does not recognize the command. Any other ideas?

Is there a way to configure the 1140 via the GUI and export a text file via the command line and use it on another device? (Slight changes like Hostname, Nat, Subnets for settings for different...

Good to hear that SIC is considered secure :)

For locations that have a Dynamic IP assignment like DSL PPPoE or Cable DHCP, how does SIC get established? I assume the establishment of SIC is from...

I was able to follow the process with a USB and do a new code upgrade. Can I not do this with a config file?

Hi All,

I need to understand SIC security and establishment process. Would you feel SIC is secure enough to manage 1140's (or any CP FW's) deployed in the field on the Public IP interface or do...

I don't see an .iso image available for the 1100 series (1140 specifically). Does this mean Isomorphic is not an option for the 1100 series? (see sk97766)

Are there any other tools available?

Hi All,

We will be deploying a large quantity of 1140 and I would like to know the best method for getting these configured. Would we do this after the box arrives or preconfigure before being...

Hi All,

I want to know what would be considered a best practice for a deployment. Would you recommend a separate Policy Package for each set of devices or include all Rulebase policies in a single...