CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: crosspopz

Page 1 of 2 1 2

Search: Search took 0.00 seconds.

  1. Replies
    0
    Views
    306

    Initial client not communicating

    I enabled the SmartEndpoint on my MGMT server, imported the version 80.65.2516 and downloaded the initial client to my PC.

    After the installation I receive an error message: "The Endpoint Security...
  2. Replies
    0
    Views
    333

    JavaScript Alert

    I just got a random Alert when I was using the SmartDashboard:

    JavaScript Alert

    Failed to load the bootstrap javascript:
    ./../VAADIN/vaadinBootstrap.js

    Any clue about this alert? For some...
  3. Replies
    1
    Views
    665

    100% CPU using SmartView Web?

    Hey everyone,

    I was trying to use the SmartView Web from my management server IP, everytime I use it the SmartEvent (different server) CPU hits 100%.

    Running top command:

    4336 admin 34...
  4. Replies
    22
    Views
    4,794

    Re: Webui not working

    My problem was solved after some time, trying to update to R80.10.

    For some unknown reason the upgrade worked and the webui return back.
  5. Replies
    22
    Views
    4,794

    Re: Webui not working

    Yonatan, yes, still getting this error.

    I already tried a cpstop, cpstart, reboot.

    I have some coredumps, but none from this month;

    drwxrwx--- 2 admin root 4.0K May 10 04:36 CPM.4002...
  6. Replies
    5
    Views
    927

    Re: Internal Firewall Antispoofing?

    Yeah, sure.

    The problem here is, this Firewall has 2 interfaces, both are configured as "internal", I cannot even configure an exception!
  7. Replies
    22
    Views
    4,794

    Re: Webui not working

    Understood, I already did like you said and is pinging!
  8. Replies
    5
    Views
    927

    Internal Firewall Antispoofing?

    Hey, a topology with a External Firewall that connects directly to the internet and another one Internal Firewall that only cares Internal servers and Internal network.

    Make sense to configure...
  9. Replies
    22
    Views
    4,794

    Re: Webui not working

    lol john, it's working man, I can ping.

    I can ping myself, don't believe that this is the problem.

    THe problem is with this both services that doesn't starts.
  10. Replies
    22
    Views
    4,794

    Re: Webui not working

    John, no error, pinging normally.

    [Expert@xxxx:0]# ping xxxx
    PING xxxx (10.0.0.234) 56(84) bytes of data.
    64 bytes from xxxx (10.0.0.234): icmp_seq=1 ttl=64 time=0.028 ms
    64 bytes from xxxx...
  11. Replies
    22
    Views
    4,794

    Re: Webui not working

    john, I will do this tomorrow, but I can ping myself using hostname.
  12. Replies
    22
    Views
    4,794

    Re: Webui not working

    Hey john! This command should work? I can ping itself, but not like this command.

    Thanks!
  13. Replies
    22
    Views
    4,794

    Webui not working

    Hey, I tried for the first time in my life to update the R80 to R80.10 using CPUSE.

    I always upgrade using CLI and this time some problem happened.

    Now I try to connect to Gaia Portal and...
  14. Replies
    9
    Views
    1,940

    Re: Many problems with R80

    I sent you a PM.
  15. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    Valeri, thanks for the reply, but no success.

    [Expert@xxxxxxx:0]# cd $FWDIR/conf/db_versions
    [Expert@xxxxxxx:0]# ls
    database
    [Expert@xxxxxxx:0]# cd database
    [Expert@xxxxxxx:0]# ls...
  16. Replies
    0
    Views
    362

    Remote Access VPN with smartcard?

    Does anyone already configured or used Remote Access VPN authentication with a Smart Card?
  17. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    I did this already, nothing was shown.

    [Expert@xxxxx:0]# dbver
    Enter Server name (ENTER for 'localhost'):

    Please enter a command:

    export <version_numbers> <delete | keep>
    import...
  18. Replies
    9
    Views
    1,940

    Re: Many problems with R80

    And when you enter the link of this T132 it says "This image contains Take_76 of R80 Jumbo Hotfix Accumulator" lol
    ...
  19. Replies
    9
    Views
    1,940

    Re: Many problems with R80

    Yes and is painful. I decided to use R80 because I support many customers and decided to use internally first in production, my mistake.
    I always keep the last Hotfix, and I'm using the last take,...
  20. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    Just to let you know guys, I removed almost all of the revisions, from 200 to 20.

    The backup still have 3.3GB.
  21. Replies
    9
    Views
    1,940

    Many problems with R80

    Am I the only one with so many problems with R80?

    Many timeouts when try to connect to dashboard.
    So many crashs while using the SmartConsole.
    Many times crash when push policy.
    Trying to...
  22. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    Yeah for sure, but this is by default here in R80. I will take a look at the settings and try to change this.

    THanks!!!
  23. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    This is enabled by default, it's a good practice?

    There is an automatic maintenance for that?
  24. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    I'm not backing up the logs, I believe that is the revision, almost 200!

    I will purge and test again!
  25. Replies
    14
    Views
    1,707

    Re: Huge Backup on R80?

    Oh man I just realize that we have almost 200 revisions here. lol

    I will purge them, It's really a best practice maintain this?
  26. Replies
    14
    Views
    1,707

    Huge Backup on R80?

    Hey, I ran a backup from migrate export and realize that it's huge!

    Almost 4GB, our rulebase has 67 firewall rules and almost all blades enabled, but I think is a small amount of resources to this...
  27. Replies
    2
    Views
    1,752

    Track account question

    The track option "Account" will show on tracker the byter transferred and some other informations, under the account we can see many "Log type".

    The question is: The account is the sum of all this...
  28. Replies
    7
    Views
    4,494

    Re: Interface alias

    Yes, it works!

    You can add from the GUI or from CLI you need to add the interface vlan first, then set the interface ip.

    Cya!
  29. Replies
    1
    Views
    6,714

    Azure Active Directory + Check Point

    We want to migrate ou AD to Azure AD, so we will not have the physical server anymore.

    My question is:

    Is possible to integrate our Check Point Identity Awareness to Azure AD? Never did that.
    ...
  30. Thread: Estender VL

    by crosspopz
    Replies
    1
    Views
    6,077

    Re: Estender VL

    Veja se te ajuda.

    sk94671.

    Abraços!
  31. Replies
    5
    Views
    2,902

    Re: IPS update error SmartDashboard

    Thanks for that! Nice one!
  32. Replies
    5
    Views
    2,902

    Re: IPS update error SmartDashboard

    Hey, thanks for the reply.

    Do you know if there is any document explaining that?
  33. Replies
    5
    Views
    2,902

    IPS update error SmartDashboard

    We are getting an error message when we open the IPS blade.

    "error occurred while checking for updates..."

    When we open SmartDashboard, does the Manager uses my connections to verify updates?...
  34. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Lol, we can continue in English :D
  35. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Thanks for the help.
  36. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    I already read all this website. lol joking. :D
  37. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Before it all:

    http://www.wikihow.com/Be-Funny

    Now about CP.

    fw ver
    This is Check Point's software version R77.30 - Build 503
  38. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Not sure what Brazil's president can do with ISP redundacy ;)

    You are the guy that votes on Donald Trump and agree with his thoughts.

    Cya bro, if you want to help with the topic, I'm all ears.
  39. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    I'm from Brazil, GMT -3.

    Maybe we can talk using Skype, what you think?

    :D
  40. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    We already have a case with CP, I sent my findings and hope they check the document.

    Yes, It's already set to use the clamp.

    [Expert@xxxxxx]# fw ctl get int fw_clamp_tcp_mss
    fw_clamp_tcp_mss =...
  41. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    When I use the not pppoe as the default gw, both interface (pppoe and the other) uses MSS 1460.

    Then sometimes the browsing works (going to non pppoe), sometimes not (going to pppoe).

    When the...
  42. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Hey guys, yesterday I did some captures and got a conclusion.

    When the ISP redundancy is configured as Load Sharing, both interfaces uses the MSS from the “main” interface.

    Example:

    The...
  43. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Nice one, I will try to capture today and take a look at the findings.
  44. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    lol

    If you join me on the troubleshoot, no problem hahahaha
  45. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    I will, I want to know what is the capture MSS when the pppoe is the only active.
  46. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    You got a Hat trick ahaahhaa
  47. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    We have R77.30 without SecureXL.

    Yes, the clam is enabled on the Firewall (CLI) and Manager (GuiDBEDIT)

    I will run another capture this night, but I'm trying to find out this cap that I already...
  48. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Maybe that's the problem, the MSS on the wireshark shows 1460, and should be 1452, since is using pppoe.

    Wonder if the tcp header is 40 bytes.

    Take a look at this:

    1124

    first 4 packet is...
  49. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    We have customers that uses ISP Redundancy and works, the problem here is that I'm the only one who uses one of the interfaces as pppoe.

    Check Point doesn't help all the time, that's a fact.
    ...
  50. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    1500 is the default MTU, but configured for pppoe is 1492.

    We are using R77.30

    SecureXL is not enabled.
  51. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    I can run a tcpdump.

    But checking the wireshark here, I can see the MSS=1460. The interface MTU is 1492.
  52. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    We did an open fw monitor.

    You mean both interfaces (pppoe and the ethernet ISP)?
  53. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Hey cciesec2006, I understand that and I agree in parts. We are using here ISP Redundancy that is most likely a script running on the background.

    I agree that is not a routing or switching...
  54. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    I changed only for the pppoe interface, since I believe is the one that "needs".

    You're correct, using only pppoe works fine.

    Yes, it creates a virtual interface, just need to indicate from...
  55. Re: ISP redundancy Load Sharing + 2nd interface pppoe not working

    Hey jflemingeds, I already did all of this SK, changed the MTU.

    If this was the problem, when we use the pppoe as the default ISP (only this one active without the ISP redundancy) shouldn't work...
  56. ISP redundancy Load Sharing + 2nd interface pppoe not working

    Hey guys, we have here a Check Point Gaia R77.30.

    We have two ISP:

    1- Dedicated ethernet ISP
    2- pppoe ISP

    Using the dedicated as default gw, works fine, same with pppoe.

    I'm trying to...
  57. Replies
    1
    Views
    777

    Global Properties + Proxy

    Does anyone knows if enabling the Proxy option on Global properties will redirect all the traffic going to the internet to this proxy?

    Example.

    I enable HTTP + HTTPS proxy on my firewall....
  58. Replies
    7
    Views
    2,247

    Re: Cluster + Bridge mode

    Nice one, the traffic are managed by STP, right?
  59. Replies
    7
    Views
    2,247

    Cluster + Bridge mode

    We have a customer that already use their Firewall with ClusterXL, but right now they want to configure two interfaces as bridge mode, is possible to use this with Cluster? HA or LS?

    Thanks
  60. Re: Server to client packet of an old UDP session

    sk103598

    Regards!
  61. Replies
    6
    Views
    1,528

    Re: 3 ISP Load sharing

    R77.30 Gaia
  62. Replies
    4
    Views
    5,022

    Re: PPPoE on GAiA. Telnet working, internet no

    I'm sorry that this was too late, but here is the solution.

    How to control of the Maximum Segment Size (MSS) of TCP SYN and TCP SYN-ACK packets on Security Gateway
    Rate This
    My Favorites Email...
  63. Replies
    6
    Views
    1,528

    Re: 3 ISP Load sharing

    It's not even enabled :S
  64. Replies
    6
    Views
    1,528

    Re: 3 ISP Load sharing

    Thanks for the reply, but why are telling me about the SecureXL?

    I believe that here is another problem, the problem is that the PBR doesn't work when the two pppoe are enabled.
  65. Replies
    6
    Views
    1,528

    3 ISP Load sharing

    I have 3 external interfaces here in our company, 2 from the same ISP and 1 from another different one.

    One is a dedicated and two is pppoe. This both pppoe have the same default gw.

    What we...
  66. Replies
    10
    Views
    3,582

    Re: CPSEMD process restarting all the time!

    Yes, I already have. Just opened here to share with you and try to find someone else that have the same problem.
    Thanks
  67. Replies
    10
    Views
    3,582

    Re: CPSEMD process restarting all the time!

    Oh, thanks.

    I saw the link, but I believe I don't have the knowledge to understand this yet. There is only one answer that I don't know what means.

    Returning to the specific problem, I...
  68. Replies
    10
    Views
    3,582

    Re: CPSEMD process restarting all the time!

    No I don't, I don't know how to do it.

    I was looking for how to, but didn't find.
  69. Replies
    10
    Views
    3,582

    Re: CPSEMD process restarting all the time!

    I'm sorry, but didn't understand what you mean with backtrace on it.

    About the cpsemd.elg, I didn't get any error, only something about a license, but I generated a eval with all and the same...
  70. Replies
    10
    Views
    3,582

    Re: CPSEMD process restarting all the time!

    Yeah, I see and they already have.

    They sent me 3 hotfix, none solves the problem :S
  71. Replies
    10
    Views
    3,582

    CPSEMD process restarting all the time!

    My MGMT is R77.30 with JumboHotfix take 84.

    I enabled the SmartEvent + Correlation Unit on my MGMT, but cannot open the SmartEvent dashboard.

    I got on Monitor that the CPSEMD process is not...
  72. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Hey lil, i tried everything and To me this is a version problem.

    The way I solved this problem was configuring Checkpoint NTP and this worked.

    Hope someone find a better way for that.

    One...
  73. Replies
    0
    Views
    2,061

    156-915.77 anyone?

    I'm CCSE and is about to expire, anyone took the 156-915.77 CCSE Update exam?
  74. Thread: CCSE UPDATE

    by crosspopz
    Replies
    1
    Views
    1,850

    Re: CCSE UPDATE

    I had the same question, but you need to take CCSE again.
  75. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    I tried ntp1.checkpoint.com and ntp2.checkpoint.com, only the ntp2.checkpoint.com worked.

    Now the strange thing is, the Check Point NTP is outside the internet, and mine NTP is inside my network....
  76. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Now I'm trying in my environment and not on the customer, same thing.

    [Expert@xxxxxmanager:0]# cat /config/active | grep ntp
    process:ntpd:arg:4 /etc/ntp.conf
    process:ntpd:arg:3 -c...
  77. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    @alienbaby.

    1- I already set manually the time to the correct time and set the NTP, didn't work.
    2- I am trying right now only with the Management Server that is on the same network of the NTP...
  78. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Yes I understand, but the odd is that all the servers are configured to use this NTP.
  79. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    The command ntpdate works for me too, but what doesn't works is the configuration itself.
  80. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    We have here 4 Firewalls and 1 Management server, I tried NTP on all of them and doesn't works.
  81. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Thanks for your help.

    And yes, ntpdate is a hack that I not sure that I want to use.

    Here is the commands that you sent:

    ntpq> associations

    ind assID status conf reach auth condition ...
  82. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Look at this right now:

    ntpq> peers
    remote refid st t when poll reach delay offset jitter
    ==============================================================================...
  83. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Yes I know, I already did and is attached to this post.

    The problem is that CP send the traffic and the server responds.
  84. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Hmmmm, understood, we can do that.

    But even with this, I wanted to understand why this is not working.

    Cannot being blocked because is on the same network, there is no Firewall.
  85. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Using this command, worked. But will not be synced everytime, right?

    If I get a problem with my manager, and the time changed, will be changed and not synced.

    [Expert@smartcenter]# date
    Tue...
  86. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    I tried to use the IP too, but didn't try to use another server, since the customer just told me one single server for that.

    I changed the version to 3, as I checked on tcpdump that the server was...
  87. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Yes, I already did. Didn't work.
  88. Re: SmartView Tracker "Custom Filters" are missing after R77.20 -> R77.30 upgrade on

    Try this sk39268.

    ;)
  89. Replies
    17
    Views
    6,820

    Re: R77.30 Upgrade advice

    Make sure you have enough space disk on /opt. At least 3.5GB

    ;)
  90. Replies
    35
    Views
    12,347

    Re: NTP not syncing - Gaia

    Yes, I'm sure:

    smartcenter> show ntp active
    Yes
    smartcenter> show ntp current
    No server has yet to be synchronized
    smartcenter> show ntp servers
    IP Address Type ...
  91. Replies
    35
    Views
    12,347

    NTP not syncing - Gaia

    Is just me or someone else has the same problem?

    I configured a NTP on Gaia but received this message:

    "Time is set automatically via NTP
    No server has yet to be synchronized"

    I followed...
  92. Replies
    2
    Views
    872

    Re: Security Checkup - clean after POC

    Removing all files inside this folder will not clear the overview of those blades.

    I can reimage, but I believe it's easier just remove the logs.
  93. Replies
    2
    Views
    872

    Security Checkup - clean after POC

    Hey everyone, I have a question about how to clean every log from the MGMT/FW after a Security Checkup POC. I already cleaned the Database from SmartEvent.

    But I'm still able to see on overview...
  94. Replies
    4
    Views
    5,022

    Re: PPPoE on GAiA. Telnet working, internet no

    Problem solved using:

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk61221

    Thanks!
  95. Replies
    4
    Views
    5,022

    PPPoE on GAiA. Telnet working, internet no

    Hi all, I'm trying to configure a pppoe on my R77.20 Gaia, but for some reason it's not working at all.

    The modem is configured to bridge.
    Firewall get the IP correctly.

    When I try to use the...
  96. Re: Monitoring IPSec VPN tunnels with CheckPoint OIDs on GAiA R75.46

    Chakapoint, thanks for the solution.

    One question that I have and I use PRTG too, if I configure this and install the hotfix, can I monitor if the tunnel is up or down? If yes, I can integrate...
  97. Replies
    8
    Views
    1,535

    Re: Star VPN with 3rd party FW

    This setup must have a problem.

    Because on FWB we need to have a meshed VPN with the 3 Firewalls.

    And if I have another "FW D" I cannot share the same community on FWB, I needed to create...
  98. Replies
    8
    Views
    1,535

    Re: Star VPN with 3rd party FW

    Yes, that I was thinking about it.

    But possible I got a solution for this with meshed.

    I will write here:

    Config on FW A

    FW A - FW B (VPN Meshed)
    VPN Domain:
  99. Replies
    16
    Views
    2,921

    Re: 2 MPLS + 1 Internet

    - Is two ISPs
    - I'm not using yet, its a new environment.

    One question that I have is, the other peer needs to connfigure too the OSPF right? If the other doesn't have ADN license? Is this a...
  100. Replies
    16
    Views
    2,921

    Re: 2 MPLS + 1 Internet

    Hmm I will ask the client to call to MPLS ISP.

    What kind of config they must do? I'm a little new in OSPF of CP and don't know how to config this.
Results 1 to 100 of 163
Page 1 of 2 1 2