CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: amani

Page 1 of 2 1 2

Search: Search took 0.01 seconds.

  1. Replies
    6
    Views
    1,566

    Re: Netflow Replicator

    I wasn't aware of Logstash.

    I did find a UDP fanout device: https://www.dcbnet.com/datasheet/pr6602ds.html
  2. Replies
    6
    Views
    1,566

    Re: Netflow Replicator

    I think I narrowed it down to

    Samplicator: https://github.com/sleinen/samplicator

    and

    flow-fanout (part of a library and a collection of programs used to collect, send, process, and generate...
  3. Replies
    6
    Views
    1,566

    Netflow Replicator

    Does any know of any open source netflow replicators? The one netflow replicator I found costs $19K.

    Thank you in advance
  4. Replies
    6
    Views
    1,429

    Remote console and/or RDP (or VNC) access

    Back in the late 1990s / early 2000s, I remember using a small Linux device to provide console access to appliances.

    I've been looking for a similar device, and I came across...
  5. Replies
    16
    Views
    3,162

    Re: Poisoned ARP cache?

    NATs happen at the firewall level. ISP1 and ISP2 are on different subnets and routed to the firewall's VIP on separate interfaces.

    We are planning ISP redundancy. For now, all traffic goes through...
  6. Replies
    16
    Views
    3,162

    Re: Poisoned ARP cache?

    So here's our environment...

    1199


    When the problem occurs, we were able to capture the inbound traffic to the DMZ servers at the Meraki switch. That rules out the ISP router, because inbound...
  7. Replies
    16
    Views
    3,162

    Re: Poisoned ARP cache?

    My apologizes for not getting back to everyone sooner. I had 3 phone calls with Diamond support: two techs and one manager. So let me go through all your questions.

    The overall CPU utilization on...
  8. Replies
    16
    Views
    3,162

    Poisoned ARP cache?

    Here's my environment: I have a cluster of 12400 running R77.30 with Jumbo hotfix 159 since August. Both firewalls are maxed on memory and running 64-bit.

    About 2-3 weeks ago, we experienced an...
  9. Juniper upgrade opens root on firewalls to entire world

    Juniper is warning users of its SRX firewalls that a borked upgrade leaves a root-level account open to the world.

    ...
  10. Replies
    9
    Views
    2,457

    Re: Need assistance on R77.30 Gaia issue

    Diamond support tech called and informed me that there is a known issue attempting to install R77.30 Gaia on a Dell R630.

    I was told that it was tracked down to the device driver for the RAID...
  11. Replies
    9
    Views
    2,457

    Need assistance on R77.30 Gaia issue

    I have a Dell R630 with three 2TB hard drives in a RAID 5 configuration.

    The installation of R77.30 Gaia seemed to go okay. However, upon rebooting, the server is telling me that it's "booting on...
  12. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    The backup is an appliance, which does multi-threading because it backs up more than one server at a time. How would you spread this across multiple cores? Can you provide me with a reference? Since...
  13. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    Sorry, I've been out of the office and I'm just catching up on things. I haven't had time to go through all the comments just yet.

    Over the weekend, I heard from my reseller and a Check Point...
  14. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    Our rule set is 80 rules. It's not a huge policy. The firewall is the internal router that separates 16 subnets. We do static routing, because we kept our network design simple.

    I have talked to...
  15. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    Yeah, about 90-100 employees but I also did this at lunch time . . . so who knows what my users are doing. We're not draconian when it comes to web surfing.

    As for blades, we have VPN, Mobile...
  16. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    fw ctl affinity -l -r

    CPU 0: eth1-08 eth1-03 eth2-01 eth3-08 Sync Mgmt eth3-03 eth3-04
    CPU 1: eth1-06 eth1-07 eth1-02 eth1-04 eth3-05 eth3-06 eth3-01 eth3-02
    CPU 2: fw_3
    CPU 3: fw_2
    CPU 4:...
  17. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    Not that it should matter, but we are running r77.10 and looking to upgrade to R77.30 around May / June.
  18. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    I uploaded a CPView history file to support, and the tech said they've seen very high loads in the middle of the night. After doing some research based on the times, these are backups and night jobs...
  19. Re: Has anyone heard from a Nessus scan overwhelming a firewall?

    Thank you for the replies.

    I found this article going back to R55: http://www.gossamer-threads.com/lists/nessus/users/12535

    You would think that if this was a problem back then, then Check...
  20. Has anyone heard from a Nessus scan overwhelming a firewall?

    Last Wedneday afternoon, we were doing a Nessus scan of 5 subnets and experience a network outage. We thought it was a coincidence, but we scheduled a test for Thursday morning.

    We ran the same...
  21. Re: Scenario: Loss of top-level domain and MX records

    That's correct. Presentations at Infragard are not for public consumption, so I was amazed that kept it out of the press and why I haven't disclosed the organization. This was the best presentation....
  22. Scenario: Loss of top-level domain and MX records

    I was at an Infragard meeting recently and one of the presentations discussed an organization that had lost control of its top-level domain and MX records for 6 days. The CISO did an excellent job...
  23. Replies
    4
    Views
    2,693

    Re: Unable to access WebUI

    Check Point also pointed me to sk93395
  24. Replies
    4
    Views
    2,693

    Re: Unable to access WebUI

    I found the solution in sk106478
  25. Replies
    4
    Views
    2,693

    Re: Unable to access WebUI

    Firewalls are running R77.10

    Chrome is 48.0.2564.116

    Firefox is 44.0.2
  26. Replies
    4
    Views
    2,693

    Unable to access WebUI

    I just ran into this issue today using Firefox or Chrome.

    Chrome tells me: A secure connection cannot be established because this site uses an unsupported protocol or cipher suite. This is likely...
  27. Replies
    3
    Views
    1,756

    Re: Breaking a cluster into stand-alone firewalls

    I found sk85980: How to dissemble a cluster
  28. Replies
    3
    Views
    1,756

    Breaking a cluster into stand-alone firewalls

    Has anyone taken a cluster and changed them into a stand-alone firewall? I'm curious as to what the steps are involved.
  29. Replies
    3
    Views
    3,827

    Re: QoS and CoreXL revisited

    Thank you Eric for the response.
  30. Replies
    3
    Views
    3,827

    QoS and CoreXL revisited

    We have a cluster of 12400s running R77.10 and 4200s in our remote locations (same R77.10).

    These firewalls have SecureXL and CoreXL running, and we're talking about implementing QoS.

    I came...
  31. Basic to Advanced Check Point Gateway Troubleshooting

    I came across this blog post from 2009 by Kellman Meghu, and wanted to share it with everyone.

    http://kill-hup.blogspot.com/2009/03/basic-to-advanced-check-point-gateway.html
  32. Replies
    5
    Views
    1,280

    Re: Hub Mode with a Cluster

    This issue has been resolved.

    When disabling split tunnel, traffic to internal resources was fine . . . however, traffic to the Internet wouldn't pass through the firewall.

    I disabled IP Pool...
  33. Replies
    5
    Views
    1,280

    Re: Hub Mode with a Cluster

    I updated the IP Pool NAT to 192.168.25.0/24 subnet and the Office Mode is still 192.168.23.0/24. Our MPLS network is 192.168.30.0/24.

    I looked at the routing table appears on okay my client. I...
  34. Replies
    5
    Views
    1,280

    Re: Hub Mode with a Cluster

    Thank you, I made the change to the IP Pool NAT to a new subnet.

    Unfortunately, hub mode still is working on the cluster. Traffic still wants to go out the MPLS WAN instead of the Internet. I...
  35. Replies
    5
    Views
    1,280

    Hub Mode with a Cluster

    I've been working on a problem with Mobile Access and I need hub mode (no split tunnel) to work with our cluster firewall, and I think I may have found the issue. I was hoping someone could confirm...
  36. Replies
    1
    Views
    2,093

    Re: Split Tunnel Issue with SNX

    I resolved this issue with the split tunneling and the issue wasn't a regular setting.

    Under Mobile Access > Native application, I looked at the last defined native application that I worked on.
    ...
  37. Replies
    10
    Views
    2,943

    Re: Firewalls not logging all traffic

    Hey Eric, I had to get a maintenance window and I did try your suggestion of creating a new service with aggressive aging. I saw new log entries with the same source IP address and source port.

    I...
  38. Replies
    10
    Views
    2,943

    Re: Firewalls not logging all traffic

    After spending the weekend thinking about the connection tuple, I did some more investigation this morning. Just so it's easier to follow, the end device has an IP address of 192.168.174.200.

    I...
  39. Replies
    10
    Views
    2,943

    Re: Firewalls not logging all traffic

    I had another remote session with Check Point and the engineer offered this information.

    On a firewall, connections are identified by the 5 tuple attributes: source address, destination address,...
  40. Replies
    10
    Views
    2,943

    Re: Firewalls not logging all traffic

    I spent an hour with Check Point doing a remote session. After going through all the settings and the policy, I'm going to have to schedule a maintenance window for a kernel debug.

    We looked at...
  41. Replies
    10
    Views
    2,943

    Firewalls not logging all traffic

    I wasn't sure where to put this issue, because it seems so unusual.

    I have a ticket opened with Check Point since June 15 and we still don't have a resolution to this problem even after...
  42. Replies
    1
    Views
    2,093

    Split Tunnel Issue with SNX

    We're thinking about moving our users from the Endpoint client to Mobile Access with SNX, and I'm hitting a brick wall with split tunneling with SNX.

    When testing with the Endpoint client, I can...
  43. Replies
    3
    Views
    3,788

    Re: post lookup verification failed

    I resolved my issue this morning. On the Oxford firewall, where all the traffic was being blocked, I cleared the connections table on the gateway:

    # fw tab -t connections -x

    Once the...
  44. Replies
    3
    Views
    3,788

    Re: post lookup verification failed

    Hi mcnallym . . . I looked at the article already

    My NAT is: Internal-Networks to Internal-Networks = everything stays original

    It's the same on all firewalls

    Thank you for responding . . ....
  45. Replies
    3
    Views
    3,788

    post lookup verification failed

    In 3 of our locations, we have new Avaya phone systems and we are trying to get them to communicate with each other.

    Each location has a firewall. HQ has a cluster and all the other locations...
  46. Replies
    5
    Views
    2,720

    Re: OTP + AD authentication?

    I've been working on a problem, and I think my issue may fall under this category.

    I've been testing Active Directory authentication with Mobile Access and I have everything working great. Getting...
  47. Replies
    3
    Views
    4,987

    Re: User Directory for RADIUS Authentication

    Thank you for the reply, but now I'm a little confused.

    I was attempted to set up Active Directory authentication for Mobile Access, but I kept receiving an error message: "Failed to bind to LDAP...
  48. Replies
    3
    Views
    4,987

    User Directory for RADIUS Authentication

    I've been investigating what we need to do to allow our VPN users to authenticate using Active Directory. From what I'm gathering, I need to purchase a license for User Directory and it's licensed at...
  49. Thread: VPN Issues

    by amani
    Replies
    2
    Views
    1,314

    VPN Issues

    We've been having a lot of problems with VPN disconnects. I followed Check Point's recommendations under SK44075, but we're still having disconnect issues. I was wondering if someone else might have...
  50. Thread: CPUGcon 2015

    by amani
    Replies
    13
    Views
    4,754

    Re: CPUGcon 2015

    2 for Boston
  51. Replies
    9
    Views
    3,177

    Re: R77.10 and FTP active mode

    This is more of an informational update for anyone who is interested. I opened a ticket with Check Point and did a remote session with Level 2 support. I was able to demonstrate that with SecureXL...
  52. Replies
    9
    Views
    3,177

    Re: R77.10 and FTP active mode

    I did some more research into this issue and discovered that if I turned off SecureXL, ftp active mode worked just fine. And if I turn SecureXL back on, the problem recreates itself.
  53. Replies
    9
    Views
    3,177

    Re: R77.10 and FTP active mode

    I did that and added tcp-high-ports to the rule. Everything points to R77.10 but... if it was R77.10, then I should experience this issue at the local level as well. Our networks are segmented by...
  54. Replies
    9
    Views
    3,177

    R77.10 and FTP active mode

    Workstation ---- Cluster ---- WAN ---- Firewall ---- FTPServer


    I've got an interesting problem and I wanted to see if anyone else has experienced this issue.

    We upgraded our cluster firewalls...
  55. Re: IPSO to Gaia upgradation or clean installation

    You might find this thread helpful: https://www.cpug.org/forums/showthread.php/18207-IPSO-to-Gaia-upgrade-or-clean-install
  56. Thread: SIC Question

    by amani
    Replies
    10
    Views
    3,269

    Re: SIC Question

    Our new management station was recreated from scratch. We had a lot of database corruption. For example, we couldn't delete objects. We tried the export/import option, and the corruption followed....
  57. Thread: SIC Question

    by amani
    Replies
    10
    Views
    3,269

    Re: SIC Question

    We upgraded our management station on Wed and everything went very well. The cluster was the first thing we tackled, and here is what we did.

    On FW2, we reset the SIC and broke the cluster. All...
  58. Thread: SIC Question

    by amani
    Replies
    10
    Views
    3,269

    Re: SIC Question

    Thank you to everyone for the info and the links. I greatly appreciate it. I'll post an update when we actually do this. Hopefully someone else can benefit from this.
  59. Thread: SIC Question

    by amani
    Replies
    10
    Views
    3,269

    Re: SIC Question

    One cluster is involved, and 7 standalone firewalls are involved. We didn't think about the cluster. Thanks for bringing that up.

    The 7 standalone firewalls are in remote locations. If I break...
  60. Thread: SIC Question

    by amani
    Replies
    10
    Views
    3,269

    SIC Question

    We're a prepping to replace our old management station with a new management station, and we're having a debate regarding SIC.

    As I recall, SIC allows Check Point platforms and products...
  61. Thread: quesrydb_util

    by amani
    Replies
    0
    Views
    615

    quesrydb_util

    Has anyone ever used quesrydb_util for exporting objects and policies?

    I found this website, but was hoping to find better documentation:...
  62. Replies
    1
    Views
    830

    Building a new management station

    Our current management station is a Windows Server 2008 R2, and it has a lot of corruption issues. We're debating on building a new management station from scratch. Our main concern is that doing an...
  63. Replies
    1
    Views
    1,091

    Utility to monitor Windows Processes

    I have a Windows server and I've been seeing some unusual activity. It's attempting to communicate with the Internet using port 137. Between 11/18 and 12/4, I logged 21,773 unique destination IP...
  64. Replies
    0
    Views
    662

    Is there a utility for comparing policies?

    We have an old management server that's been around since R6x, and we're looking to replace it with a new management server with a fresh install from R75.46. Our policy is relatively small... about...
  65. Replies
    2
    Views
    1,065

    Re: Making a firewall and network neutral router

    I believe the echo command is the same as the sysctl command for enabling routing. I tried it anyway and received no error messages.

    Yeah, I forgot about fw unloadlocal and cpstop. I executed...
  66. Replies
    2
    Views
    1,065

    Making a firewall and network neutral router

    I have a 2012 appliance (4200 model) running GAIA and R75.40. I need to make it a network neutral router for a test. I've been researching this and haven't had much success, and wonder if I'm missing...
  67. Thread: SG80 and R76

    by amani
    Replies
    2
    Views
    1,189

    SG80 and R76

    Does anyone know if R76 supports the SG80 appliance?

    I've been searching the UserCenter and I haven't found any documentation that gives me a definitive yes or no answer.
  68. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    I've still seen this problem after updating to R75.40 and suspect I'll see it again in R75.45.

    We're considering on upgrading to R76 and I was wondering if anyone knew if this problem still...
  69. Replies
    1
    Views
    804

    Using Groups in the Install On Column

    I've been using groups in the Install On column for quite some time. Is there a reason why I shouldn't?

    I'm interested in opinions.
  70. Replies
    5
    Views
    1,439

    Re: Database corruption what to do?

    When I was troubleshooting a database revision control issue with Check Point, I discovered something odd. I don't know if it will help you but I'll throw it out there.

    Under database revision...
  71. Database Revision Control isn't working after R75.40 upgrade

    A few months ago, we recently upgraded from R71.30 to R75.40. When I attempted to restore an older policy, I would receive the following error message:

    Verification Failed. Unexpected verification...
  72. Re: After R75.40 upgrade, can't push policy to SG80s

    After 2 days of working on this issue with my vendor, he finally recommended that I open a service ticket with Check Point. When I left on Thurs, I still couldn't push a policy to 5 out of my 8...
  73. Re: After R75.40 upgrade, can't push policy to SG80s

    Today on "As the Firewall Turns...", I updated the licensing on the SG80s. I discovered that I can push policy to 3 out of 8 SG80s.

    On one of the firewalls that I'm having a problem with, I see...
  74. Re: After R75.40 upgrade, can't push policy to SG80s

    I did find a database revision that I could revert back to before IPS updates this morning. However, before reverting the database, I got an notification...

    Certificates of the following Gateways...
  75. After R75.40 upgrade, can't push policy to SG80s

    Tuesday morning, we upgraded our management station from 71.30 to 75.40. Everything seem to go very well and I verified that I could push policy to all my SG80s. This was around 11:08AM.

    After...
  76. Replies
    0
    Views
    884

    Connectra NGX R66

    We still have Connectra NGX R66 boxes kicking around. We made a change to the timeout value... at least that's all I thought we did... and now we're getting error messages:

    Firewall and Address...
  77. Re: Moving a mgmt station from one subnet to another subnet

    Thank you for the advice. I'll let you know how I make out when we're ready to make our next attempt.
  78. Moving a mgmt station from one subnet to another subnet

    I need to move my management station from one subnet to another subnet. For the purpose of this discussion, I've changed the IP subnets.

    Our current management station resides on the 172.16.1.0...
  79. Replies
    1
    Views
    1,406

    Re: Check Point Advanced Training Blades

    Never mind... I found a demo on Check Point's website. The artificial voice would try me crazy.
  80. Replies
    1
    Views
    1,406

    Check Point Advanced Training Blades

    Has anyone taken the Advanced Training Blades? I'm curious to know if they're worth the $200 and hotel + travel.
  81. Replies
    1
    Views
    1,458

    Remote Vendor Access

    We've been testing a new remote access system for external vendors, and a few questions have popped up. I wonder if anyone might have run into these issues.

    1. You give an external vendor RDP...
  82. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    Yeah, problem still exists in R71.30. Same exact error message as noted in the first posting. I even tried the GUI dbedit suggestion.
  83. Re: Installation failed. Reason: Load on Module failed no memory

    I've haven't updated this in a while...

    Check Point tech support informed me that this was a known issue with R71 running on an open server. There was a hotfix for it, but the hotfix was only for...
  84. Re: Installation failed. Reason: Load on Module failed no memory

    The policy is 77 rules. I couldn't give an estimate on objects.

    I did receive an email from the tech who I spoke with this morning:

    Policy installation is failing while allocating memory to...
  85. Installation failed. Reason: Load on Module failed no memory

    Before I go into details, I did do a search on CPUG and I couldn't find a similar issue to mine. I opened a case with Check Point's Tech Support, but wanted to see if someone else may have...
  86. Replies
    1
    Views
    1,964

    IPS/SIEM Deployment

    I would for a utility company and we regulations and guidelines that we need to follow. One of the guidelines that came up for discussion was how to monitor traffic on each segment (switch to switch...
  87. Thread: VLAN Confusion

    by amani
    Replies
    7
    Views
    5,521

    Re: VLAN Confusion

    That's what I thought about needing to define the VLANs under Topology, but I wasn't sure what of the format.

    After some pain and many expletives, I managed to get my test lab up and working. Now...
  88. Thread: VLAN Confusion

    by amani
    Replies
    7
    Views
    5,521

    Re: VLAN Confusion

    Thank you for the reply. It's been a slow and painful experience. Most of the documentation assumes you are working with Cisco, and I've had to scavenge for D-Link documentation.

    I did manage to...
  89. Thread: VLAN Confusion

    by amani
    Replies
    7
    Views
    5,521

    VLAN Confusion

    I admit that I'm very weak on VLANs, mostly because I've never had a need to do them.

    If I remember correctly, tagged port is when the VLAN ID is inserted into a packet compared to untagged ports...
  90. Replies
    3
    Views
    1,662

    Re: Distributed to Stand Alone

    I need to go from a Distributed to a Stand Alone, but my need is for a lab environment (limited space, limited hardware). The management server is Windows Server 2003.
  91. Replies
    5
    Views
    2,127

    Best Practice for "Install On"

    Since upgrading to R71.20, I create a group RemoteLocations and have been using it in the Install On column. It makes my life easier, but I was wondering if it was better to use a group or list the...
  92. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    I talked with a Check Point engineer for about 30 minutes. He thought that the IPS automatic updates were failing because of rights permission in Windows.

    After a lengthy discussion, he searched...
  93. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    SR# 11-325939561

    Going on 3 months now.
  94. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    If anyone is interested, I discovered the registry keys for file handlers under Windows. It's set for 10,000 and can be bumped up to 18,000.

    The registry key is: HKLM\Software\Microsoft\Windows...
  95. Replies
    31
    Views
    14,189

    Re: IPS Blade Scheduled Update Ended with Errors

    I've been working with Check Point regarding this issue for 2 months now. We may have possible cause. However, I need to know how to check number of file handlers open under Windows Server 2003 (and...
  96. Replies
    4
    Views
    1,557

    Re: ClusterXL Clarification

    Would it be reasonable to say that a failover would occur based on the number of active/up interfaces?

    Both FW1 and FW2 have 5 interfaces. If a FW1 interface goes down, the FW2 becomes active.
    ...
  97. Replies
    4
    Views
    1,557

    ClusterXL Clarification

    I was reading the R71 ClusterXL AdminGuide, and on page 28, under "When Does a Failover Occur?" it states that a failover will occur if an interface or cable fails.

    My first question is: if I walk...
  98. Replies
    4
    Views
    3,332

    Re: CCSA Exam Question

    My manager took the CCSA exam this weekend. He didn't pass either. He saw the packet question for Phase 2, and took a wild guess. He also got questions on upgrading from R55 to R71 (didn't R55 come...
  99. Replies
    4
    Views
    3,332

    Re: CCSA Exam Question

    Yes, it's the R71. My thought was: if I don't answer the question, it might not have counted against me. I download the test exam available from Check Point's website, and I'm noticing how many...
  100. Replies
    4
    Views
    3,332

    CCSA Exam Question

    I took the CCSA on Friday and failed by 4 points. I hit by 8 questions on IKE phase II and SNX. None of answers were in the courseware book, so I'm going through Check Point's VPN PDF to find the...
Results 1 to 100 of 164
Page 1 of 2 1 2