CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: gunnahafta

Search: Search took 0.00 seconds.

  1. Replies
    3
    Views
    1,813

    Re: Has my Safe@ died

    im guessing you mean the plug that goes into the power, didn't think these units had any internal power supplies. I have a universal power support i'll see if it will work.
  2. Replies
    1
    Views
    1,264

    Saving a U-5 UTM

    I have a U-5 that is configured however I do not have the passwords associated with the setup pf the device (expert and admin). I was going to simply factory default it however went to log into...
  3. Replies
    3
    Views
    1,813

    Has my Safe@ died

    Safe@office 225 been sitting running perfectly for months now hasn't skipped a beat. Suddenly today no internet. The lights on the front panel are doing all kinds of odd things. Right now the...
  4. Replies
    3
    Views
    682

    Re: URL redirect on safe@

    Update - I upgraded the unit to latest version available 8.2.64x

    I want to either redirect to an internal IP for a specific URL or do a static host entry????
  5. Replies
    1
    Views
    665

    Customizing safe@Office

    Does anyone know what the default SSH password is for a safe@office 225? I can SSH to the unit but no idea on the password, to my knowledge it hasn't been changed from default, assuming there is a...
  6. Replies
    3
    Views
    832

    Re: safe@office 225 revival

    Makes sense. Any chance anyone knows where I can find lasted firmware for the x unit? Cant get it since my CCSE expired.
  7. Replies
    3
    Views
    682

    URL redirect on safe@

    Anyone know if its possible to do a URL redirect to a specific IP address on a certain URL? Running version 7.5.55x
  8. Replies
    3
    Views
    832

    safe@office 225 revival

    I have an old Safe@Office 225 running firmware 7.5.55x

    I managed to get my hand on firmware 8.2.64a but it wont upgrade. I suspect the jump is too great and need to do it in steps but I cannot...
  9. Procedure for migrating a CLM to new hardware

    Im doing a migration of a CLM from old to new hardware. I just found out that this CLM hosts 3 customers. When doing a mds_backup etc do i need to backup each customer or is there a backup that...
  10. Re: Gateway shows a dissconnected but firewall and VPN have a green tick

    Awesome thanks for that.
  11. Re: Gateway shows a dissconnected but firewall and VPN have a green tick

    Initially i thought it might be a big aswell so i searched and searched but couldnt find anything on the issue. Can you give me the article number that talks about this particular bug.

    Also sicne...
  12. Re: Gateway shows a dissconnected but firewall and VPN have a green tick

    Thanks mcnallym. In my environemnt this could be a pretty extreme step as there are about 100 other gateways in this DB and 1000's of objects. I know all these shoudl rebuild etc but still kind of...
  13. Replies
    3
    Views
    2,542

    Re: ISP Redundnacy remote access VPN

    Thanks, i assuem this probably goes for R65 Secureclient aswell then.
  14. Gateway shows a dissconnected but firewall and VPN have a green tick

    An unusual issue. UTM-1 had its external IP address changed due to a change of ISP. We changed the IP in the gateway object, changed it on the gateway, changed the routing etc, re-estabished SIC...
  15. Replies
    3
    Views
    2,542

    ISP Redundnacy remote access VPN

    Has anyone had experience with ISP redundnacy and remote acess VPNs? I am doing testing trying to replicate an issue in production. This made me thing of an obvious question im hoping someone can...
  16. Re: MLM retore and log file recovery or new MLM install

    Thanks serlud

    I had a feeling there was not sync option but your saying its perfectly fine to just copy everthying ni the log folders manually after the rebuild? I have a primary and backup CLM...
  17. MLM retore and log file recovery or new MLM install

    I am looking at migrating my backup MLM from old hardware to new hardware. I know I could do a mds_backup on the original, take it offline, buidl the new one with the same Ip and host details etc...
  18. Replies
    3
    Views
    1,533

    Re: Search a log file on the log server

    Thanks this works pretty well. Something odd however, if I run it as is it will output the log file name and the log line that matches. However if I put the results using > into a text file it just...
  19. Replies
    3
    Views
    1,533

    Search a log file on the log server

    I have 100's of 1 GB+ log files on a log server. Rather than opening each one in tracker and filtering is there a was to search grep? the log folder for the IP im looking for and get the names of...
  20. Replies
    0
    Views
    2,406

    LDAP search query returns no results

    Strange thing happening, I have some LDAP Accoutn units defined for various branches of an Active Directory, some down to last OU level some very high with many OUs nested beneath. The odd thing is...
  21. Replies
    1
    Views
    763

    Migrate CLM from old to new hardware

    Due to various hardware reasons I need to move a CLM to new hardware. First option which im hoping to do is retain the IP address of the CLM during the move. Im not sure exactly on the procedure...
  22. Re: Time Drift tolerance on site to site VPN community

    Thanks Shadowpeak.

    1) Normally this kind of behavior would occur in an interoperable VPN scenario due to a mismatch in the IKE Phase 1 lifetime, but it sounds like you manage all the firewalls in...
  23. Simplified mode Hub and Spoke authentication

    I have a hub and spoke VPN in simplified mode all using managed firewalls. What is used for authetication of the gateways during Phase1? I assume it's certificates? Does both the satelite and the...
  24. Re: Time Drift tolerance on site to site VPN community

    yes in general it would be better to cofigure all of them to sue NTP but this company just doesnt and I have no real explanation why. Time drift is the only thing I could come up with that explains...
  25. Time Drift tolerance on site to site VPN community

    I've seen a few satelite gateways in a star community suddenly drop VPN while other in the same community are up. I noted that those which dropped clocks are in general 5-10 mins ahead of the hub...
  26. Replies
    9
    Views
    3,454

    Smart-1 on VMware

    Recently I managed to get Smart-1 running on vmware workstation. Actually it was virtuall the same as an open server install except it has particular hard drive space requriements so you just need...
  27. Replies
    2
    Views
    1,193

    Re: Smart-1 ISO installed Provider-1

    Yep, although I was careful to pick which ISO to download seems I got the wrong one. I went back to the checkpoint site and searched again and this time seem to have te right ISO.
  28. Replies
    3
    Views
    2,091

    Best way to restore a backup

    This is probably an easy answer but would like other people input. I have baackup taken on a R70.1 Smart-1 applaince via a scheduled backup created in the WebUI. Pretty straight forward so far. Is...
  29. Replies
    2
    Views
    1,193

    Smart-1 ISO installed Provider-1

    Im trying to test a backup from a Smart-1 25b. I dont have another physical Smart-1 so was hoping I could get away with installing the Smart-1 ISO in VMware and test from there. The wierd thing is...
  30. Compare 2 policies to se if they overlap

    I have a need to take 300 rules from one checkpoint policy and check each rule down to te individual host to determine if the same access is allowed by a rule in a second rulebase. The problem is...
  31. Replies
    5
    Views
    2,017

    Re: 4 servers hide nat pool to public service

    Are we sure this hasnt been around for longer undocumented? reason i ask is I have a R71.40 gateway and there happens to be a manual NAT rule that uses an IP Range obect containind 2 IPs as the...
  32. Replies
    3
    Views
    1,471

    Re: Hide NAT behind 2 external IPs

    Well my testing seems to let me use an IP address range object in the translated source field and aslong as I put entries in the local.arp file, enable proxy arp and tick the option to merge manual...
  33. Replies
    3
    Views
    1,471

    Hide NAT behind 2 external IPs

    I have a huge internal range that I want to do Hide NAT. However I think I will not be abel to handle this with just one external IP so I want to do hide NAT behind a group (2 to start with) of...
  34. Replies
    4
    Views
    3,192

    Re: E75.20 : how disable personal firewall

    If I alter this setting or any other setting in the trace_client_1.ttm file on the gateway will it update the file on the client the next time they connect?

    Or do i need to delete the site in the...
  35. Re: Failed to create new site reason site is not responding

    I fixed it myself, i had to remove the gateway from the remote access community, disable VPN and push the policy. Then re enabled the VPN blade, added it back to remoteaccess community and it...
  36. Failed to create new site reason site is not responding

    I have multiple R71.40 gateways all managed centrally and all are part of the RemoteAccess community. Recently I started to try and use endpoint connect R75.20 but for some reason it fails to create...
  37. Replies
    1
    Views
    951

    how does auto-connect work

    Hi all, can someone quickly explain how auto-connect works. What i mean is if I have multiple profiles configured and I enable auto-connect. What will cause the client to auto-connect and how does...
  38. Replies
    0
    Views
    1,011

    Auto configuration

    Wondering if anyone knows about or tried out a way to automatically configure a UTM using a script. I may need to reimage some remote UTMs is sites I wont be able to access and have no onsite staff...
  39. Replies
    4
    Views
    1,528

    Wipe a Nokia

    I have a customer with a couple IP applainces they have just replaced. We want to completely wipe any config\data from this that relate to the customer. Can anyone suggest how to do this. It has...
  40. Replies
    1
    Views
    997

    Simulate UTM in vmware

    Hi All,

    For testing purposes I wiould like to simulate a UTM in vmware. Its very easy to run up SPLAT as an Open server isntallation on vmware, can anyone suggest a configuration I can use to...
  41. Cant renew certificate on secure remote

    I have reissued a certificate on one of my users in the CP DB. Next I tried to renew the cert on the secure client I tried to renew the cert by entering the IP of the server and the passcode. it...
  42. Replies
    2
    Views
    1,085

    Re: will generating SSH keys break anything?

    Thanks for that. My testing had suggested this wouldnt break anything but wanted to get a seperate perspective.
  43. Replies
    2
    Views
    1,085

    will generating SSH keys break anything?

    I have a little script that compresses and zips up few files for me. I want to sftp this file over to a SSH server in a script. To make is seamless I was planning on using certificiate...
  44. Replies
    5
    Views
    12,324

    Re: Migrating Smart Centre to new hardware

    Awesome sounds good. Many thanks I'm hoping with a little practice it will all come back to me. Been 5 years since I did one of these.
  45. Replies
    2
    Views
    1,238

    VPN refresher

    Its been a while so Iím trying to refresh myself.

    If I have 3 separate gateways I want to setup a VPN between what would be the reasoning to use a Star topology rather than mesh? I cant think of...
  46. Replies
    5
    Views
    12,324

    Re: Migrating Smart Centre to new hardware

    Thanks I had seen these but I couldnt kind anything specific about doing a migration (windows to windows) to new hardware when the new hardware is running a newer version O\S. In my particular case...
  47. Sticky: Re: The Best One Page Summary of Check Point System Backup Procedures and Best Practi

    Barry,

    Nice post very helpful. I have only one question. If i want to migrate a Windows Smartcentre from and old server running an early version of windows e.g. Server 2003 to new hardware and a...
  48. Replies
    0
    Views
    1,089

    Unusual rule

    I am playing with endpoint server and looking at the out of the box firewall samples. One of them is interesting. It has a rule that is called "Log Internet" with a source of the Internet,...
  49. Replies
    5
    Views
    12,324

    Migrating Smart Centre to new hardware

    Its been a while so i was hoping someone could give me some quick answers to a few questions regarding Smart Centre migration to new hardware.

    When migrating you should where ever possible do...
  50. Smartdefence HTTP protection on a non standard port

    Does anyone know if I can use the HTTP tunneling protection against things like P2P on a a non standard HTTP port. E.g. I see an application that uses HTTP on port 90 (which I have to open outbound...
  51. Replies
    8
    Views
    11,090

    Re: Force the removal of a license

    version R65. Anyway i couldnt get it to work anyway i tried. Eventuall I built a SPLAT R65 FW on an old PC gave it the same IP as the old object in Smartcentre, established SIC and then I removed...
  52. Replies
    8
    Views
    11,090

    Re: Force the removal of a license

    That wont work. When I try to delete the object it does the same attempt to detach the licenses first and fails the same as in Smartupdate
  53. Replies
    8
    Views
    11,090

    Force the removal of a license

    I have an old gateway that died and we devided not to replace. As a result I have the gateway in Smartupdate with a license attached to it. When I try and remove it says "Failed to connect. check...
  54. Replies
    1
    Views
    2,513

    Can't run cpconfig

    Hi all. I just installed R65 on a Solaris 9 server. Installation seemed to go 100% with no errors and when rebooting the first time all the CP modules appear to load ok etc. The prolem is after the...
  55. Replies
    1
    Views
    39,179

    Re: Difference between 3DES and AES

    There is very little performance difference between 256-bit AES and 168-bit 3DES.

    Another description in cisco docs provides this:

    AES-Provides greater security than DES and is computationally...
  56. Thread: fwlogsum

    by gunnahafta
    Replies
    2
    Views
    2,778

    Re: fwlogsum

    Ah....I was using it on logs I exported out of the Tracker. I did a fwm logexport and it works. Still cant get it to run against a *.log file using the -L switch but. Doesnt matter for now I just...
  57. Thread: fwlogsum

    by gunnahafta
    Replies
    2
    Views
    2,778

    fwlogsum

    I know there are many people who have used fwlogsum as a nice log analysis tool. I cant get it to work. I run it against an exported file (in text format) and the resulting report hase X number of...
  58. Replies
    6
    Views
    3,917

    Re: Primary and Secondary show as active.

    Yep, reset the SIC and then went so far as to remove and rebuild the secondary management server. How ever when trying to switch the primary to standby get the error

    Failed to change over to...
  59. Replies
    6
    Views
    3,917

    Primary and Secondary show as active.

    Hi all,

    I have 2 Management servers running on Solaris that have just been upgraded to R65. In Management HA it shows both Primary and Secondary show as active. They where in collision so I...
  60. Replies
    1
    Views
    1,664

    Secureclient and Domain members.

    I have a few users that are using a laptop remotely. The users a laptop's are members of my domain. The problem is the users may not bring the laptop in for months so when they are forced to change...
  61. Replies
    4
    Views
    2,203

    Secureclient and multiple gateways

    Hi,

    I am using 5 CP NG AI r55 gateways spread across 4 countries. All of them are meshed VPN with a managment server in Sydney office. I have created a Remote access VPN community with just my...
Results 1 to 61 of 61