CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Search:

Type: Posts; User: NickBrandson

Search: Search took 0.01 seconds.

  1. Thread: What IP?

    by NickBrandson
    Replies
    1
    Views
    1,345

    What IP?

    hi guru,
    I wish to use SNX from home to connect to an web server in DMZ.
    After I configured SNX in the IPSec blade with remote acess community, enabled Office mode, just wondering what IP would be...
  2. Replies
    2
    Views
    2,195

    sizing of my firewall

    hello guru,
    i need a firewall who can fulfill 30k new connection per sec and around 200k concurrent, mostly web traffic, which model should i choose? Max 600M per day

    how can i calculate how...
  3. Replies
    1
    Views
    1,162

    Downgrade from R70.3 to R70.1?

    hello guru,
    Need to downgrade my version from R70.3 to a fresh install with R70.1.
    Can I upgrade_export work for the backwards?
    Any experience to share?
    Thanks
    Nick
  4. Replies
    2
    Views
    2,341

    A script to add new policy

    hello guru,
    I'm currently studying a way to add new firewall policy and objects from a script. Is it possible to do so?
    Maybe confwiz is an option for object creation. But not so sure about the...
  5. Replies
    5
    Views
    5,397

    Useful tool indeed. Is it Possible?

    hello guru,
    this tool seems very powerful in creating and modifying object, however, just want to explorer if we could adopt this tool to add new policy or modify firewall policy?
    does anyone try...
  6. Replies
    6
    Views
    1,912

    Re: Telnet failed after migration

    thx for the hints,
    there's no error logs from the tracker,
    smartdefense has been turned off
    the telnet is launched from my PC to an unix server which passing thru our a pair of nokia vrrp box,...
  7. Replies
    6
    Views
    1,912

    Re: Telnet failed after migration

    we had whatupgold to monitor (ping) the network devices and the telnet client was passing thru the vrrp boxes to the server on the other segments.
  8. Replies
    6
    Views
    1,912

    Telnet failed after migration

    hi guru,
    got the abnormal telnet session and ping failed after migration from FP3 to R65-hfa50 with the new IP390 disk-based, pairing with HA of VRRP. IPSO-4.2-BUILD096. the symptom would not happen...
  9. Replies
    4
    Views
    6,818

    Re: Duplicate ICMP Packets

    I have seen similar case before, our customer is using HP Procurve and R65 cluster.
  10. Replies
    1
    Views
    1,423

    Backup thru WebUI R65

    dear guru,
    we have backed up our mgt server R65 thru WebUI to local hard disk, however, we could not locate the backup file under /var/CPbackup/backups where is working for R60 and previous version....
  11. Thread: R55 ISO?

    by NickBrandson
    Replies
    3
    Views
    3,163

    Re: R55 ISO?

    I don't think the iso of R55 has been released on the CP support web, or you'll need to ask your local CP representive for help that what I'm doing...
  12. Replies
    56
    Views
    13,533

    Re: R65 HFA02 released

    hehe...
    what happened to HFA01? Bugs?
    gladly, my R65+HFA01 didn't put online yet...
  13. Replies
    5
    Views
    3,694

    Static Route Lost after Reboot?

    Got a Splat R60 box with HFA04_HFA604, found that no inbound traffic to the eth0, then we have re-configured our switch, the port would be down for a few sec, then we have the box rebooted, all the...
  14. Re: User Mgt is dimmed for LDAP AU Properties

    I found it...
    Because the SmartDirection option has *not* been checked in the Global Properties.
  15. User Mgt is dimmed for LDAP AU Properties

    Dear guru,
    when trying to set up the authentication with LDAP/AD, this option User Mgt is dimmed for LDAP AU Properties. Any ideas would be appreciated. I have login with the admin who have all the...
  16. Re: VPN-1 Gateway does not have enough remote access licenses

    The number of the remote access user is depends on how many "user" license purchased.

    what is your feature key?

    This applies to R65,... It also includes VPN-1 SecuRemote for a defined number...
  17. Replies
    4
    Views
    1,785

    Re: Backup N55 Windows Version

    the output of web visualization tool would be html, then you can edit with Word or something.
  18. Replies
    4
    Views
    2,014

    Re: Rulebases not there after restore.

    1. Make sure using ftp-binary to transfer the exported_file
    2. try to open the exported_file with winzip or something, you should able to see the files
    3. remove any files from the $FWDIR/tmp...
  19. Replies
    7
    Views
    3,681

    Re: configuration in a text file

    cpinfo
    -o filename, will provide an output for CP diagnostic use.
    It contains all the output of the OS and CP configuration files into one big text file, it's good for advance troubleshooting, not...
  20. Replies
    4
    Views
    5,603

    Re: web visualization tool on R65

    Go for the SmartPortal???
  21. Re: Connections tables reaching limits and connections are being dropped?

    That is correct, if you have chosen "Check Point Express" when installing the gateway, this option will be hidden, even if you have installed the "Enterprise" with Express license, you'll still have...
  22. Re: This New Forum For Check Point Resellers

    Got yourself a CPInfoView and have it installed,
    There's a tool called License Viewer,
    then you'll know what is behind all those magic key words
  23. Replies
    10
    Views
    6,460

    Re: UTM Comparisons

    Is it a new purchase or an upgrade?

    UTM bundle is required as it contains one gateway and one management server. As stated by mcnallym, Power will have QoS which is upon your requirement.
  24. Replies
    2
    Views
    3,662

    Re: Port forwarding VPN-1 Edge X

    why don't you just simply enable the ftp server setting under the Security -> Servers
  25. Replies
    1
    Views
    1,655

    Re: No more port 443 after firmware upgrade

    take a look at the Setup -> Management -> https
    Internal?
    Internal + VPN?
    Internal + IPRange?
    Any?

    Take a look in your rulebase to see if there is a rule to block https 443 applied to your...
  26. Re: Password Recovery for Expert Mode in Secure Platform

    I came across the same doc and situtaion as you before.
    Did some test, yes, the screen stay by selecting the maint mode when it has been remarked as instructed, but you can still move the selection...
  27. Replies
    5
    Views
    2,198

    Any UTM-1 User here?

    Any?
    How do you "feel" about the box?
  28. Re: SPLAT to SPLAT PRO: requires new license?

    What I would say Yes and No.

    Yes, you need SPlat-Pro for Radius Authentication for "Firewall Administrators". One more differentiation for Pro and non-Pro (except the dynamic routing thing)

    No,...
  29. Replies
    4
    Views
    1,310

    Re: Checkpoint FP3 on Nokia upgrade

    Hi Ben,
    How's the upgrade, I'm going to upgrade my IP330 too.
    But I'm more concerning the performance of running NGX on IP330.
    Does it go smoothly after the upgrade?
    Thanks
    Nick
  30. Replies
    1
    Views
    1,240

    Upgrade to R55 or R60/61 for my IP330?

    dear guru,
    we have a cluster of IP330 NGFP3, planning for upgrade.
    is it recommended to upgrade to R55 or R60/R61?
    do i need to upgrade the RAM on the box too?
    your advice is always welcome,
    Nick
  31. Replies
    3
    Views
    1,544

    Re: VPN Routing Issues.....

    Seems..
    related to the IP has been used for the general tab of Firewall object

    Please refer to the Chapter 23 Link Selection for Remote Access client of VPN manual that may help.
  32. Replies
    2
    Views
    1,436

    Multiple Entry Point (MEP)

    hi guru,
    is it possible to set up multiple entry point vpn for SR users where the gateways are separately managed by two management servers?
    any ideas would be appreciated.
    thx,
    nick
  33. Replies
    8
    Views
    2,870

    Re: Notofication when admin is connected

    Hi ray,
    Grateful if you explain how we could ship all the events from CP to syslog in details. Only know those events could be exported/handled by LEA or ELA.
    thx
  34. Replies
    3
    Views
    2,142

    VSX with AV & WebFilter

    We are planing to sell the business module to the customer, who is service provider. Using VSX as Firewall & VPN, and subscription-based additional value-add service, like AV & content filtering to...
  35. Allow remote connection from Office to SC client?

    hi guru,
    Possible to allow remote connection from Office to SC client after the tunnel is built?
    it's for the remote admin/troubleshooting thing.
    thx,
    nick
  36. Re: Vendor seems confused, license question.

    If I were you, I would definitely sign the agreement with this vendor in the first place, and put those words into the contract.

    Hehe, definitely, your vendor need to pay "a lot" for the add'l...
  37. Replies
    2
    Views
    2,257

    Re: Checkpoint Express license

    Policy server is required for SecureClient to push the desktop security policy.

    There contains two license strings, 1. SecureClient License 2. Policy Server license when you generate the license...
  38. Replies
    1
    Views
    1,390

    Re: Existing license purchase/transfer.

    Normally, she wouldn't because you can do it by yourself.
    1. Login as license administrator to the UserCenter of your sister company
    2. Select the license and move to your account.
    As simple as a...
  39. Workflow or something for policy installation

    here's a request from our customer,
    she wants to apply some kind of workflow on the policy installation, actually, when there an admin has modified the policy and this has to be approved by the...
  40. Replies
    2
    Views
    2,673

    Re: DR Questions

    Have to stress that you need the exact built & HF on the DR box. Because the DR box will "think" those HF has been applied after the restoration, which is not, and would not allow you to apply the...
  41. Replies
    1
    Views
    3,195

    Re: Sync problem

    Persoally, I don't think the cphastart or alike would work for "Syn-only" environment.

    Possibly it is misconfigured your "3rd party" Cluster/HA solution

    Consult SB or Rain SE for details.
    ...
  42. Replies
    2
    Views
    1,569

    Re: cluster dynamic or static load

    50% means the loading is equally sharing among two boxes.
    If you're using the Forwarding mode, that the master would be busy all the time as all the traffic would be "forwarded" that specific...
  43. Replies
    1
    Views
    1,613

    Re: troubleshooting cluster doc ?

    1. IPSO_clusterConf_guide
    2. IPSO_CLI
    3. Cluster_XL_AdminGuide
    4. CP CLI Reference Guide
    5. try to get the latest ATRG Advance Technical Reference Guide from your local CP SE

    I don't think...
  44. Replies
    2
    Views
    2,135

    Re: ClusterXL price

    I think the A/S license has been bundled with since the R55 Express, in other words, if you just required an A/S solution, Cluster_XL for load sharing license is NOT required as long as you have two...
  45. Replies
    1
    Views
    1,261

    AV on Nokia?

    Does anyone enable the AV feature on Nokia box?
    More inform on how-to turn on? we are using a CF-based IP390.
    Any experience?
  46. Replies
    4
    Views
    4,611

    Re: Nokia Console Cable

    It's just a normal console cable used for terminal/switch.
  47. Replies
    2
    Views
    2,617

    Re: Error with upgrade_import

    (1) quit all your dashboard, tracker, monitor
    (2) take a look at the $FWDIR/tmp folder
    (3) delete any files when you see something beneath the tmp
  48. Replies
    4
    Views
    1,308

    Re: Network Cards?

    Recommended to have 4 interfaces (WAN, Internal, DMZ & Sync) for performance, security & stability.
  49. Replies
    8
    Views
    1,470

    Re: Can i upgrade?

    Why not R65?
    It is because it usually has "limitation", that CP would claim, need to be fixed in the latest version. I bet it's pretty stable when you do not touch/related to any "Security Server"...
  50. Replies
    1
    Views
    2,154

    Installing hard disk for IP390?

    does anyone try to install a hard disk for a CF IP390 model?
    How to migrate all the policy as well as the IPSO image to the newly installed hard disk?
  51. Change of the duration for Policy Download from SmartCenter

    hi guru,
    the edge will connect to SmartCenter every 20mins to download/pull the latest Policy (if any). Possible to change that value and how?
    pls advise,
    Nick
  52. Replies
    2
    Views
    1,632

    Re: vpn problems with Edge and Nokia FW

    Here's my two cents.
    * Do a traceroute from the corp_net to laptop behind Edge and see where the packets get dropped.
    * Turn on the Security Log under the Personal Firewall and see whether the...
  53. Replies
    4
    Views
    1,841

    Re: The New D-Link VPN Edge

    I am thinking to use the ZoneAlarm box for home, sadly, it's only ship to US and there's no local distribution in our country.
  54. Different Figures in SmartView Status and the OS

    dear guru,
    Under the SmartViewStatus of CPNGR55 environment on Solaris 5.8, the CPU is always 100%, however, where vmstat only showed a few process is running and the utilization is not fully used....
  55. Replies
    5
    Views
    2,202

    License Explained?

    dear guru,
    we're going to purchase 400 integrity clients license for two sites on two separate Integrity Server (separate domain).
    Questions:
    1. Do we need to license key for that?
    2. The...
  56. Replies
    6
    Views
    4,158

    Re: CPINFO hanging on splat R60

    The KB has been updated.

    This problem was fixed. The fix is included in the latest CPinfo packages, available for download from NGX Support & Troubleshooting Tools page.

    Installation...
  57. Reuters Workstation (in Multicast mode) Behind R61 GW

    dear guru,
    wondering if this work if my Reuters Server/Network on one of the FW segment and all the workstation is on another FW segment, if the WS is running in Multicast Mode, how the firewall...
  58. Replies
    2
    Views
    1,850

    Re: VPN won't resolve internal dns

    It can be archived by either
    1. Office mode in SecureClient (SC license required)
    - an virtual network adapter will been added to yr client
    - to receive an IP from the internal

    2. SecuRemote...
  59. Replies
    4
    Views
    1,730

    Re: IP560 VPN Acceleration and Floodgate

    The hardware acceleration is enabled thru Network Voyager on IP350/380.
  60. Replies
    2
    Views
    1,408

    Re: IP260 restarts every few hours

    Have you opened a case at Nokia Support?
    Send her your cst and see if it's a hardware issue.
  61. Replies
    13
    Views
    6,307

    Any CCSP here?

    how do you feel about the CCSP program?
    Good news for the CP partners & resellers?
    Is it another pain in the xxx?
    Any experience to share?
  62. Re: Service/connection disconnected after "upgrade" to R60

    We ever doubted there's some problem with the cluster, sync issue or even the NIC card, the sync interface is connected to hub (does not support multicast)

    The cluster seems normal, and we even...
  63. Replies
    2
    Views
    2,100

    Re: Client to site VPN

    Don't think you can use other IPSec client to connect to CP gateway, as CP has some specical implemenation on their own IPSec client, on either SecuRemote and SecureClient.
    Simply spend some pennies...
  64. Replies
    1
    Views
    2,702

    ISP Redundancy Explained???

    For Outgoing traffic,
    Does anyone know how the ISP Redundancy works at the background?
    Gone thru the manual thoroughly, it did not mention a word what method for outgoing loadsharing used.
    Is it a...
  65. Re: What is the maximum number of ISPs CheckPoint Support for redundancy?

    It's restricted in the GUI/Dashboard, the max two ISP can be added.
  66. Re: NAT with MS AD trust in corporate network

    What services/ports are allowed for such connection?
    There are some "Special Services" for AD & Exchange. Please check out the MS-RPC Service. Use these services instead of allowing the ports.
  67. Replies
    2
    Views
    1,903

    Hybrid - Mixed Manual and Auto NAT

    hi guru,
    We have quite a lot of manual NAT rules and static routes which is migrated from previous version since version 4.x, our Static NAT is simple, possible to use the Auto NAT for any new host...
  68. Replies
    5
    Views
    2,781

    Re: NGX R60, NAT and Routing question?

    Possibly, your default gateway is pointed to Leaseline, right?
    Take a look of the Xlated Source -> logs for the LAN, it should be NATed with your ADSL-ISP2, right?
  69. Replies
    9
    Views
    2,244

    Re: Is NAT must in Checkpoint

    Yes, NAT is not a "MUST" only used as required.

    As long as both target machine and source machine can route the traffic/packets back to the Gateway, i.e. both default gateway of two testing...
  70. Re: No Valid License found on SmartCenter CPMP-SCT-3-NGX

    thx,
    Got this fixed by applying the latest cp.marco
  71. Replies
    3
    Views
    1,818

    Re: web gui for SPLAT not support IE 7

    I received an reply from CP that it will be supported in next version R65 (i guess)
  72. Replies
    1
    Views
    1,386

    Time for R62?

    Hi guru,
    Knowing R65 is coming soon.
    Do you think it's confidence enough to install the R62 on production network?
    as you might find the latest version always have issues to fix.
    I only deployed...
  73. Replies
    3
    Views
    2,445

    Re: Checkpoint User Center explained?

    Here? Perhaps?

    http://www.checkpoint.com/form/contact_account.html
  74. No Valid License found on SmartCenter CPMP-SCT-3-NGX

    Hi all,
    do you have the same symptom?
    Got a few customers having this error when importing the New License file generated by UserCenter recently that prohibited the user from login to...
  75. Replies
    3
    Views
    2,088

    Re: Eventia Analyzer 2.0 on SecurePlatform

    Only one fwadmin can be added in cpconfig.
    Use SmartDashboard -> user -> administrator to add add'l fwadmin
  76. Replies
    5
    Views
    3,755

    Re: Smartcenter Crash

    Possibly you could try
    1. Reset ICA/SIC
    fwm sic_reset
    cpconfig to rebuild the ICA

    ** all the cert for gateway, other components and vpn will be lost

    2. remove the IP for your GUI and add...
  77. Replies
    6
    Views
    3,499

    Re: connecting a fw to a SmartCenter ..

    Just wondering how it would work if the SmartCenter in the HQ and the remote gateways in different timezone. Possible to do so?
    Or we have to give up the local time zone and set as the same as HQ.
  78. Re: Cannot run reports in Eventia Report R62

    Don't think this is a supported configuration.

    On Nokia IPSO platforms, Eventia Reporter is only supported as a Management
    Add-on, and only on disk-based platforms.
    ...
  79. Replies
    2
    Views
    2,223

    Re: Standby FW uses cluster address

    Is there any reasons why by doing so?
  80. Replies
    2
    Views
    1,920

    Re: Cluster XL on different OS

    It's also written in the Cluster Manual.
  81. Replies
    5
    Views
    1,719

    Re: SmartDefense Licensing for UTM Power

    UTM, Power or UTM Power?
    Which depends on what add'l functions & features are required like FloodGate, AV or not?

    The next question would be How many site(s) or firewall cluster that your...
  82. Service/connection disconnected after "upgrade" to R60

    dear guru,

    Have you ever encountered session/connection disconnected after switching to R60 firewall cluster (A-S) on SecurePlatform?
    It seems there is some changes hv been made to the kernal,...
  83. Replies
    7
    Views
    2,648

    Re: No Valid License for Firewall-1 module

    YES, your Check Point bundle license should contain two keys (one for firewall and one for mgt).

    Actually, the module (firewall) license will NOT be blinded to gateway automatically even it is a...
  84. Replies
    2
    Views
    2,078

    Re: Smartupdate NGX licensing

    http://pricelist.checkpoint.com/US/PLUSGeneral/generallist.asp
  85. Replies
    3
    Views
    2,292

    Re: Import Logs from Previous Version

    By copying the old logs (old version) to the new system (newer version) and rebuild the log pointer????
  86. Replies
    3
    Views
    2,292

    Import Logs from Previous Version

    dear guru,
    Is it possible to import the logs from previous version like R55 to R60 or above?
    Because it's not an in-place upgrade.
    Just wondering how to do so.
    TIA,
    Nick
  87. Re: Express report not working for a clusters.

    Please check whether you have "SmartView Monitor" selected under the Cluster object. SVM is required to be enabled in order to generate the Express reports.
  88. Replies
    2
    Views
    1,958

    Any S-box users here?

    Hi all,
    Any S-box users here?

    My S-box got reboot frequently if there's "too many" traffic passing thru, this is because of my BT traffic.
    Anyone got the same problems here?

    I wish I'm not...
  89. Replies
    3
    Views
    2,970

    Re: upgrade_import and password

    The "import" also imports the previous fwadmin credential to the newly imported systems.
    Please use the old fwadmin login & password.
  90. Replies
    1
    Views
    2,818

    Re: Upgrade_export for DR

    Please briefly describ what happened when you run the upgrade_export.

    Most of the time that I have encountered is the temp_dir exsits on the $FWDIR/TMP

    Simply go to $FWDIR/TMP, remove the...
  91. Replies
    10
    Views
    6,460

    Re: UTM Comparisons

    VPN-1 UTM gateways provide firewall, VPN, SmartDefense Service, IPS, web application security, and antivirus protection on an all-in-one platform. Prices include software only.

    VPN-1 Power...
Results 1 to 91 of 91