CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: sebastan_bach

Page 1 of 5 1 2 3 4

Search: Search took 0.01 seconds.

  1. forwarding decrypted SSL Traffic to Netwitness

    Hi,

    Can we forward SSL decrypted traffic via a another port to netwitness for traffic analysis. We are doing HTTPS inspection on the gateway and netwitness requires a copy of the traffic for...
  2. Replies
    4
    Views
    4,354

    Re: AV Blade vs. Traditional AV

    Hi,

    Has anything changed with R80 yet with regards to AV. I haven't played with R80 yet hence checking with folks who are playing with it. Are there any configurable options for FTP, CIFS. Do we...
  3. Re: how to download blocked file by Anti-Virus

    I think your solution would not work. As the file will only go to TE if it's not known to the AV engine & there is no matching hash of the file as malware in the firewall. Only then the file is sent...
  4. Re: how to download blocked file by Anti-Virus

    thanks ED.

    Regards

    Sebastan
  5. how to download blocked file by Anti-Virus

    Hi,

    One of the pdf files are being blocked by the Anti-Virus blade. We are able to see the file name and the virus family name of it. But is there a way we can download the file and check it on...
  6. Replies
    8
    Views
    2,599

    Re: support for R80 on older appliances

    Thanks everyone

    Regards

    Sebastan
  7. Replies
    8
    Views
    2,599

    Re: support for R80 on older appliances

    Thanks for your prompt reply. Is there any release notes for R80.10 for gateways which mentions the list of appliances supported ?

    Regards


    Sebastan
  8. Replies
    8
    Views
    2,599

    support for R80 on older appliances

    Hi,

    Is R80 gateway release supported on older appliances as well. Can the 13000 & 12000 series appliances be upgraded to R80 as well. I know R80 management does support managing these appliances....
  9. Re: how to block unknown or applications not available in appwiki

    hi tomerk,

    Thanks a lot this is exactly what I was looking for.

    Regards

    Sebastan
  10. Re: how to block unknown or applications not available in appwiki

    Hi,

    Thanks a lot for your detailed response. Since we are using R77.30 I we would need to use the rule you mentioned at the bottom of the application rulebase right to ensure all the recognised...
  11. Re: how to block unknown or applications not available in appwiki

    Hi,

    I am using R77.30 and not R80. and as per R77.30 documentation since there is no implicit deny for application rules. For every allowed application in the rule-set we would need a implicit...
  12. how to block unknown or applications not available in appwiki

    Hi,

    How can we configure the policy to block the applications that the firewall either does not have a signature or cannot identity. what is the best policy logic to be applied here.

    Any help...
  13. information on application dependencies for App Control in R80

    Hi Team,

    I would like to know if there is any information available on the R80 console related to the application dependencies that can we use to ensure all applications are allowed in the...
  14. how to identify application dependencies for App Control

    Hi Team,

    I would like to know if there is any information available on the R80 console related to the application dependencies that can we use to ensure all applications are allowed in the...
  15. Replies
    4
    Views
    2,788

    Re: AV Blade vs. Traditional AV

    Hey,

    Just a correction I received from a check point SE is that SMB scanning is supported with AV blade but unfortunately there is no option to set any configurations for that. But its enabled by...
  16. Re: Checkpoint Clustering vs. Cisco ASA Clustering

    Hi,

    There is no additional cost of ASA cluster it uses LACP for load-balancing across multiple nodes in a cluster. Every Firewall has a maximum no. of session entries it the session table. In ASA...
  17. Re: Checkpoint Clustering vs. Cisco ASA Clustering

    The query my customer had asked was does Check Point clustering helps to scale the overall performance in a linear fashion or is it more of a redundancy feature. They were comparing it to Cisco ASA's...
  18. Re: Checkpoint Clustering vs. Cisco ASA Clustering

    Thanks,

    Any idea about linear scaling with Checkpoint clustering. I mean since the sessions are replicated across all the cluster members the session table of all the nodes would be equally...
  19. Re: Checkpoint Clustering vs. Cisco ASA Clustering

    Hi,

    I am not comparing Checkpoint with Cisco router but with Cisco ASA with regards to clustering. Cisco ASA clustering does not require security context for active/active deployment. ASA...
  20. Checkpoint Clustering vs. Cisco ASA Clustering

    Hi Team,

    I want to understand the fundamental difference between the clustering architectures of Checkpoint vs. Cisco especially with regards to session replication. In Cisco ASA Clustering each...
  21. Checkpoint Clustering vs. Cisco ASA Clustering

    Hi Team,

    I want to understand the fundamental difference between the clustering architectures of Checkpoint vs. Cisco especially with regards to session replication. In Cisco ASA Clustering each...
  22. Replies
    4
    Views
    4,354

    Re: AV Blade vs. Traditional AV

    Thanks a lot for your response. I am glad that you pointed out that these are two separate products. I was under the impression that AV blade activates both the AV engines and like you mentioned I...
  23. Replies
    4
    Views
    2,788

    Re: AV Blade vs. Traditional AV

    Thanks for your response mate.

    Looks like I would have to switch it to traditional AV for having support for FTP. For traditional AV do we still need to buy the AV blade or the traditional AV is...
  24. Replies
    4
    Views
    4,354

    AV Blade vs. Traditional AV

    Hi,

    I am wondering is there a document mentioning the difference between the two AV engines. I have read in the documentation that we cannot use both the engines together. So is there any specific...
  25. Replies
    0
    Views
    891

    AV Blade vs. Traditional AV

    Hi,

    I am wondering is there a document mentioning the difference between the two AV engines. I have read in the documentation that we cannot use both the engines together. So is there any...
  26. Replies
    4
    Views
    2,788

    AV Blade vs. Traditional AV

    Hi,

    I am wondering is there a document mentioning the difference between the two AV engines. I have read in the documentation that we cannot use both the engines together. So is there any...
  27. Replies
    3
    Views
    2,371

    Re: are these claims true about Sandblast

    Thanks

    Regards

    Sebastan
  28. Replies
    3
    Views
    2,371

    are these claims true about Sandblast

    Hi,

    Has anyone come across a bullish claim from Fortinet folks that Threat Emulation is only supported for HTTP, HTTPS & SMTP protocol.

    Regards

    Sebastan
  29. Replies
    2
    Views
    1,524

    Re: VE-Edition Licensing Query

    Thanks a lot for your response.

    Regards

    Sebastan
  30. Replies
    0
    Views
    636

    VE-Edition Licensing Query

    Hi Team,

    I understand the VE-Edition licensing is based on vCPU. so if are looking for using 4vCPU solution then we need to multiply the cost of the gateway X 4 right & the same goes for...
  31. Replies
    2
    Views
    1,524

    VE-Edition Licensing Query

    Hi Team,

    I understand the VE-Edition licensing is based on vCPU. so if are looking for using 4vCPU solution then we need to multiply the cost of the gateway X 4 right & the same goes for...
  32. Replies
    11
    Views
    5,009

    Re: Threat Emulation Hold Scanning

    Hi Christoph,

    I am not sure how the sandblast agent can solve the problem of threat extraction while emulation is still happening. Does the agent also supports creating a local copy of the file...
  33. Re: any idea on performance with vSEC for NSX

    True,

    but I heard from Checkpoint SE that it would be around 2 Gbps. But nothing more whether it's with all features or only Firewalling. Whether it's UDP raw throughput or the production...
  34. Replies
    11
    Views
    5,009

    Re: Threat Emulation Hold Scanning

    Hi,

    The solution to this is probably using the threat extraction feature. With this while the threat emulation for the actual file is done threat extraction can create a clean format of the...
  35. Replies
    16
    Views
    4,489

    Re: Checkpoint for Cisco guys

    Your CCIE story is Cool mate. I was lucky to have nailed the CCIE Security in my 1st attempt. but had slogged crazily over it for almost a year cause with every preparation I was always left to...
  36. any idea on performance with vSEC for NSX

    Hi,

    we are planing to propose the vSEC gateway for the NSX edition of Vmware. On the datasheet only minimum required CPU & memory is specified. I would like to know if we provide the required...
  37. Replies
    0
    Views
    1,262

    vSEC gateway for NSX Performance

    Hi,

    we are planing to propose the vSEC gateway for the NSX edition of Vmware. On the datasheet only minimum required CPU & memory is specified. I would like to know if we provide the required...
  38. Replies
    13
    Views
    6,051

    Re: SandBlast Agent Now Available

    Hi,

    Is the documentation available yet. I would like to read through the stuff before presenting the solution to a prospect. Any idea on when the documentation would be available.

    Regards
    ...
  39. Replies
    13
    Views
    6,051

    Re: SandBlast Agent Now Available

    Thanks mate do let me know.

    Regards

    Sebastan
  40. Re: IPS Protect internal hosts only - recommendation

    Thanks a lot Shadow.

    Regards

    Sebastan
  41. Re: IPS Protect internal hosts only - recommendation

    Thanks for the detailed write-up shadow. So the protect internal hosts is not limited to the interfaces named as internal in the Firewall Objects right. It refers to any interface that has private IP...
  42. Replies
    13
    Views
    6,051

    Re: SandBlast Agent Now Available

    Thanks for the great Insight. I don't think CP has made the administration guide available yet for understanding the deployment options. Do you have the link for the same.

    Regards

    Sebastan
  43. Replies
    13
    Views
    6,051

    Re: SandBlast Agent Now Available

    This is awesome as it will cover the entire lifecycle of the attack. Any idea when it will be available for general availability or early availability for getting hands on it. Best part is it can be...
  44. Replies
    21
    Views
    8,078

    Re: New 15000 and 23000 Appliances

    Thanks Phoneboy,

    But if I am not wrong Threat Extraction happens on the Gateway itself right where it strips the java and other scripts from PDF & word documents and generate a new document and...
  45. Replies
    21
    Views
    8,078

    Re: New 15000 and 23000 Appliances

    Thanks a lot for this clarity. I really think CP should streamline the performance metrics across all their platforms and make our lives easy. The newer appliance with NGTP throughput is really nice...
  46. Replies
    21
    Views
    8,078

    Re: New 15000 and 23000 Appliances

    wow really some high performing appliances. Looking forward to get my hands on them.

    Have they change the way the traditional performance mentioned in their data sheets use to be like IPS...
  47. Re: How to estimate the performance impact of HTTPS Inspection using the Appliance Si

    Hi Phoneboy,

    Is there a special permission required to access the knowledge base, even partner login is not supported to access the knowledge base.

    Regards

    Sebastan
  48. Re: How to estimate the performance impact of HTTPS Inspection using the Appliance Si

    Thanks a lot for your reply.

    So when we use the appliance selection tool for sizing does it consider HTTPS decryption as well cause I don't see an option in there. or should be go ahead as per the...
  49. Re: How to estimate the performance impact of HTTPS Inspection using the Appliance Si

    Thanks a lot guys,

    So in short there is no thumb rule that we can use to measure the impact of SSL Inspection on the gateways.

    Regards

    Sebastan
  50. Re: How to estimate the performance impact of HTTPS Inspection using the Appliance Si

    Thanks a lot for your prompt response guys.

    So if I am seeking a 1 Gbps Internet edge gateway NGFW I should multiple it probably into 1.6 or 2.0 right. But no one would be decrypting 100% SSL...
  51. How to estimate the performance impact of HTTPS Inspection using the Appliance Sizing

    Hi Team,

    Does anybody know how to estimate the performance impact of HTTPS inspection on the Firewall. I have used the appliance sizing tool but could not find any options for setting the % of...
  52. Replies
    2
    Views
    2,771

    Re: Detecting Botnets via URL

    Thanks a lot mate

    Regards

    Sebastan
  53. Replies
    2
    Views
    2,771

    Detecting Botnets via URL

    Hi,

    I understand the Anit-Bot Blade can recognise botnet activity based on C&C IP Address & DNS domains. But can the Anti-Bot blade detect the call backs to C&C URL domains as well or would we...
  54. Replies
    8
    Views
    1,727

    Re: File-Blocking of exe in box

    Hi,

    Just one more clarification unlike other vendors i hope we do not need the IPS blade to decode the streams and strip the files and then send it to AV blade for file-type recognition and...
  55. Replies
    8
    Views
    1,727

    Re: File-Blocking of exe in box

    Thanks a lot mate for clarifying

    regards

    Sebastan
  56. Replies
    5
    Views
    1,313

    Re: Bi-Directional IPS scanning Throuhput

    Thanks a lot everybody for your prompt inputs.

    really appreciate it. Its really fun to be back on the forum after a long time and connecting with geeks like you.

    Regards

    Sebastan
  57. Replies
    8
    Views
    1,727

    Re: File-Blocking of exe in box

    Thanks a lot mate for your prompt response really. So i can block the.exe files either at the AV blade or at the IPS level. When doing the blocking at the AV blade does the same restriction apply...
  58. Replies
    8
    Views
    1,727

    Re: File-Blocking of exe in box

    Hi,

    Thanks for your response. But i just want to configure the policy to block .exe files completely without worrying whether it's good or bad from the customer policy perspective.I guess i...
  59. Replies
    5
    Views
    1,313

    Bi-Directional IPS scanning Throuhput

    Hi,

    I just wanted to check whether the production throughput of FW+IPS is based on bi-directional scanning of IPS traffic.

    Can somebody please confirm on the same.

    Regards

    Sebastan
  60. Replies
    8
    Views
    1,727

    File-Blocking of exe in box

    Hi,

    Can we set a application policy to not allow users to upload or download .exe files known to be malicious from box application. The customer is currently only having Firewall,IPS &...
  61. Replies
    11
    Views
    4,879

    Re: SSL decryption for Office365

    Thanks a lot,

    to be frank the customer is currently looking for TLS decryption & AV scanning for office 365 and not threat emulation (I thought for regular scanning of SMTP traffic by AV blade...
  62. Replies
    11
    Views
    4,879

    Re: SSL decryption for Office365

    Hi Phoneboy,

    Thanks a lot for your response really appreciate it. So when configuring the Firewall in MTA mode purely for SMTP scanning for threats, can we also use the same firewall for other...
  63. Replies
    11
    Views
    4,879

    Re: SSL decryption for Office365

    Hi Phoneboy,

    Thanks a lot for your response. With regards to email scanning on Office365 if I am not wrong it's SMTP for outgoing but I am not sure incoming is SMTP or POP3.

    And I guess we...
  64. Replies
    11
    Views
    4,879

    Re: SSL decryption for Office365

    Hi,

    Is there nobody from the forum who can officially respond to this thread. I tried googling but in vain could not get any concrete answer to this.

    Sebastan
  65. Replies
    11
    Views
    4,879

    Re: SSL decryption for Office365

    Hi,

    I think we need forward ssl proxy because office 365 is in the cloud and not in premise. So all the requests for emails and office stuff the traffic is outbound so ssl forward proxy is...
  66. Replies
    11
    Views
    4,879

    SSL decryption for Office365

    Hi,

    I am back on the forum after a long time and getting my hands back on CP. My customer is asking do we support the capability for SSL decryption and scanning of that traffic using the AV...
  67. Replies
    2
    Views
    784

    Re: No. of VPN tunnels supported ???

    Hi Shadow,

    Thanks a lot. I am sure the 10K concurrent VPN tunnel support would not be possible for all the platforms. My guess would be it would not processed on software as VPN consumes the max...
  68. Replies
    2
    Views
    784

    No. of VPN tunnels supported ???

    Hi All,

    I just couldn't find any info on no. of vpn tunnels supported on any of the platforms. Only VPN throughput is mentioned. How are we suppose to do sizing for data centers when we have to...
  69. Replies
    13
    Views
    12,929

    Re: Aggressive aging

    Hi,

    If i am not wrong as per the documentation CP R76 already supports importing Snort rules by converting them by using the CP conversion tool.

    Regards

    Sebastan
  70. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Thanks a lot guys,

    Regards

    Sebastan
  71. Replies
    4
    Views
    3,917

    Re: Writing Custom Signatures in IPS Blade

    Thanks for your response,

    Yes i haven't tried creating custom signatures using Snort & hence asked the question in the forum.

    Would have not posted if one knew everything or could try...
  72. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Thanks a lot Phoneboy,

    From your answer I am guessing could be supported on the higher end appliances like 12000 series & above or probably even the 4800 series.

    Regards

    Sebastan
  73. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Hi,

    Thanks a lot for your valuable info. Was really not aware of that. Is that version applicable to any of the CP appliances right from 2200 series to 12000.

    Just curious to know.
    ...
  74. Replies
    4
    Views
    3,917

    Re: Writing Custom Signatures in IPS Blade

    Hi,

    Thanks for your response.

    So since we have the liberty to make the custom signatures using Snort's open language.,

    What is the level of support we can expect from CP TAC.

    In case...
  75. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Hi,

    Thanks a lot for info.

    I was just through this article in knowledge base sk22343 which refers to 64-bit Linux Kernel support for SPLAT which can support up to 24Gb of ram. But i m sure...
  76. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Hi,

    Thanks got the point. so it could be either Gaia or SPLAT but in 32-bit because of ram limitation. Is SPLAT 64-bit version available & if yes whether its supported on these platforms.
    ...
  77. Replies
    14
    Views
    3,519

    Re: Gaia Support on 2000 & 4200 series

    Hi Tom,

    Thanks for your response. So what is the default OS on the 2200 to 4600 series appliances is it Gaia 32-bit or Secureplatform.

    Regards

    Sebastan
  78. Replies
    14
    Views
    3,519

    Gaia Support on 2000 & 4200 series

    Hi All,

    I understand that Gaia is a 64-bit operating system which requires more than 6Gb ram. But I guess through Cli we can still make Gaia work in a 32-bit mode right. Cause i am wondering the...
  79. Replies
    4
    Views
    3,917

    Writing Custom Signatures in IPS Blade

    Hi All,

    Can someone please guide to writing custom signatures in IPS. I couldn't find any info abt the same in the IPS administration guide.

    Can someone please point in the right direction. ...
  80. IPS software fail-open Failover Scenario

    Hi all,

    As I understand the architecture where the Firewall send the traffic to the IPS module for scanning. What happens if the IPS engine fails for some/any reason. I know the chances are bleak...
  81. Re: New Production Performance Security Power BenchMark

    Not sure when R76.X is due & what new features we can expect. Anyone having tentative timelines about R76.X

    Regards

    Sebastan
  82. Re: New Production Performance Security Power BenchMark

    Yeah same thoughts here. But not sure are they using TCP based profiles like Cisco does unlike in their datasheets where they clearly mention that the performance nos. are purely based on large UDP...
  83. New Production Performance Security Power BenchMark

    Hi All,

    I am not sure if anyone noticed a new performance no mentioned in the appliance comparison chart which talks about Production performance.

    Not sure how different the traffic profile...
  84. Re: VOIP Software Blade no more available in the Firewall Ordering page

    Thanks a lot Mcnallym,

    So looks like VOIP Blade functionality is now embedded into the Firewall & there is no separate cost associated with it.

    That sounds great.

    Regards

    Sebastan
  85. VOIP Software Blade no more available in the Firewall Ordering page

    Hi All,

    Would like to know is the VOIP blade is still orderable or it has merged with the default Firewall Blade. In the ordering page for most of the Firewalls I don't see the option of adding...
  86. Replies
    4
    Views
    2,400

    Re: Basic Licensing Query

    Hi Mcnallym,

    Thanks a lot for your reply. In the user center I don't see the option for selecting appliances in HA. So what I am doing is selecting a single appliance which has IPS blade in it...
  87. Replies
    4
    Views
    2,400

    Re: Basic Licensing Query

    Hi Mcnallym,

    Thanks a lot for your prompt reply. I just forgot to mention that the appliances are going to be HA. So with the 1st year subscription being free along with the base appliance. For...
  88. Replies
    4
    Views
    2,400

    Basic Licensing Query

    Hi All,

    I am just confused little with the licensing. With the checkpoint appliance we get few blades free for the 1yr like the IPS blade along with it's subscription.

    If my customer is...
  89. Replies
    2
    Views
    4,933

    Re: Endpoint Security R73 HFA3 released

    Hi all,

    I would like to know whether there is a roadmap for integrating the remote access vpn client & the mobile access SSL vpn client in a single client with endpoint security.

    Cause i feel...
  90. Replies
    8
    Views
    2,415

    Re: Clustering without Switches

    Hi, Thanks lot for your detailed replies. So I got the understanding that the BVI interfaces will work as the logical switch interfaces through which CCP traffic for the outside interfaces will...
  91. Replies
    8
    Views
    2,415

    Re: Clustering without Switches

    Hi Northlandboy,

    Yeah i thought that would be only we could get it work. In that case the firewall would need good routing functionality to handle that. but will the stateful sessions will still...
  92. Replies
    8
    Views
    2,415

    Re: Clustering without Switches

    Hi Alen,

    Thanks for your prompt response. So you meant o say we can have a BVi on the cisco routers and the firewall interfaces in etherchannel mode.

    But in this case if the firewall...
  93. Replies
    8
    Views
    2,415

    Clustering without Switches

    Hi All,

    My customer is having a requirement for firewalls with 2 wan routers. he wants failover with 2 firewalls with each firewall having 2 outside interfaces connecting to each of the router....
  94. Re: Vpn solution requirement over ADSL with UTM EDGE/safe office firewalls

    Hi Guys,

    Thanks a lot for your prompt reply yes the initial setup is for more than 150 branches with the edge appliances.

    So as mcnallym suggested I need to use utm edge devices since they...
  95. Vpn solution requirement over ADSL with UTM EDGE/safe office firewalls

    Hi all,

    I have a requirement for huge number of small branches which will be connected over adsl and they would require to have a site to site vpn with the head office firewall which is a nokia...
  96. Re: contact info in checkpoint regarding certificates

    Thanks a lot robby.

    Regards

    Sebastan
  97. contact info in checkpoint regarding certificates

    Hi All,

    I had cleared my provider-1 exam long time back. But i haven't received the certificate from checkpoint yet. I am unable to find a contact info on their website to which i can write about...
  98. Replies
    1
    Views
    1,418

    Re: Authentication dropped by Cleanup rule

    Hi,

    Could you please let us know the kind of user authentication you are using .

    Regards

    Sebastan
  99. Re: Very basic doubt abt nokia ipso clustering

    Hi mate

    thanks a lot for ur detailed explanation it really helped me in understanding the concept.

    Regards

    Sebastan
  100. Re: Very basic doubt abt nokia ipso clustering

    hI MATE,

    thanks a lot for ur reply. so the configurations that we confgure either on the entire cluster or individual cluster members are propogated to the cluster members using these cluster...
Results 1 to 100 of 449
Page 1 of 5 1 2 3 4