Search:

Thanks for the replies. I do have auto ARP set in Global policy.

I spoke with someone with +10 years on many Check Point platforms. He told me this is not uncommon on SPLAT. SPLAT can fail to...

northlandboy, thanks for the suggestion. I thought of the static route too but want to hold that card for last if I cannot see the source of this problem.

hotice, I do not have entries for the...

I am working on a SPLAT R65 HFA02 box. I have created an object in a DMZ with auto static NAT address (A.B.C.197/24). No 'Internet' src can get to the box. Zero entries in the logs and zero tcpdump...

What is the Cisco technology that implements User Authority - type functionality?

My management wants to know how tough it would be for me to replace our 9 Checkpoint firewalls with Cisco to save...

This suggestion is what I am going to move forward on. It seems to have the benefit of simplicity. I am not sure why the previous admin defined 2 nodes for each server to implement NAT'g. Thanks...

Bingo! That worked.

I looked through the rule base for traffic between the same internal and NAT subnets and see rules (and traffic) with and without the NAT object included in the policy. Is...

Yes, a rule is in place to allow traffic from the vendors subnets on defined ports to the RFC 1918 addresses for the servers.

The NAT rule is also defined; traffic sourced from Vendors subnets to...

A NAT technique I have used successfully is suddenly failing and I cannot find the loose thread.

DMZ servers use RFC 1918 space.
DMZ servers are static NAT'd to addresses in a public subnet for...

In R55 I managed our logs by deleting and restarting User Authority.

I would kill and restart the UserAuthority process to release the log's file descriptor.
...

Thank you, this is very useful.

In R55, I can remove all files in /CPuag-R55/log after a backup. But which files in R60 (CPsuite-R60/fw1/log can be removed and what is the purpose of these? Or are their pointers to good...

I have setup a VPN with a partner's SSG 520; tunnel is up successfully and their telnet requests to our sever are working fine. Policy is good, NAT works and snoop shows traffic inbound through the...

The problem was isolated to the management server running linux. The 'mutex' error refers only to Linux.

The lock files are written to $CPDIR/tmp. Delete those files in tmp and the problem is...

I have learned that a mutex is a "lock" on key system resources that prevents 2 processes from using or writing to the 'locked' resource at the same time. This is used in multi-threaded programming...

I am pushing policy to an R55 NG AI and am seeing a strange error message on policy install failure:

installx_top: MtMutexCreate failed

I see it is failing on validate and install but when I...

OK, beneath 'Administrator' is an object 'cpconfig_administrators'. In 'cpconfig_administrators' are myself and boss (who has been out of STD for months). When I right-click 'Administrator' and...

Let me start by saying I'm a newbie at security and CP in particular. I have inherited several firewalls. No support contract and no training.

I am trying to add an new admin so he can use...

I am a L2/3 engineer, mostly Cisco for 10 years. Our Security engineer reported to me for the past 2 years and has recently left the company. I am picking up were he left off. I have very little...

RayPesek; thanks for the advice. I have seen the clock problem before - in fact I fixed a vendor SC connection yesterday with that solution.

Our connectivity was restored after many hours with CP...

Are scc commands server or client side?

I'm not sure if this debug output helps:

[vpnd 891 1]@saintpeter[19 Jun 13:38:59] fwCert_FindCertListAndKey: Entering
[vpnd 891 1]@saintpeter[19 Jun 13:38:59] Cert Reqeust got from peer:
[vpnd...

Our SC VPNs are all failing with the 2 errors; one is "Negotiation with gateway XYZ at site ABC.NYR has failed. Make sure the user is properly defined on the firewall. Connection canceled" others say...

Thank you. I was able to load the correct policy from the console.

I installed border policy on an internal firewall, should I simply install the correct policy to fix this?