CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: switzer

Search: Search took 0.00 seconds.

  1. VSX cluster error: failed to find any routes on the machine

    Hi all

    Trying to set up a test environment to put a couple of CP 13500s into
    In order to simulate out existing environment we have set up a VMware
    virtual server.
    When trying to set up the VSX...
  2. Replies
    2
    Views
    1,923

    Re: Problems with Fw 13500 10gig expansion slot

    hmm both sfp s are multi mode and I can see the lights
    and if I loop back the fibre cables to either the cisco or
    the firewall they both come up so this looks like some bizarre compatibility...
  3. Replies
    2
    Views
    1,182

    GAIA on a pc/server

    Hi All

    I have just installed GAIA on a pc in order to use as a test SmartDashboard.
    However when I try to get to the web interface I am unable to
    Cant see anything I should have enabled during...
  4. Replies
    2
    Views
    1,923

    Problems with Fw 13500 10gig expansion slot

    Hi All

    There may be something in don't know but I am unable to connect the
    2 10 gig fibre ports on the expansion card to anythine.
    I am connecting it to a cisco switch for testing purposed and...
  5. Pushing routing from vsx clutster members to Mgmt Gui

    Hi All

    We seem to have lost all the routing from the Mgmt Gui
    but it still on the cluster members so everything is working.
    There must be a way to push the routing table from the
    cluster...
  6. Replies
    2
    Views
    1,996

    Re: Re-imaging a SMART-1 appliance

    I am following the guidelines but the BIOS screen comes up and I am unable to change anything
    as the cursor continually moves over the screen - this is impossible as i have tried numerous settings...
  7. Replies
    7
    Views
    2,717

    Re: Upgrading Smart1 - 5 to R75.20

    Trying to follow the checkpoint doc -

    How to re-image a smart-1 appliance.

    Since it is a Smart1 - 5 you can only do this using a DVD Drive.

    However no matter how many times i press the tab...
  8. Replies
    2
    Views
    1,996

    Re-imaging a SMART-1 appliance

    Hi

    Trying to follow the checkpoint doc -

    How to re-image a smart-1 appliance.

    Since it is a Smart1 - 5 you can only do this using a DVD Drive.

    However no matter how many times i press the...
  9. Replies
    7
    Views
    2,717

    Upgrading Smart1 - 5 to R75.20

    Hi All


    I have just acquired a SMART 1 - 5 security management server.

    It currently has the following image on it ----

    NGX (65) HFA 30.

    Now i would like to upgrade this to R75.20
  10. Replies
    0
    Views
    1,429

    Upgrading my smart 1 - 5 server to R75.20

    Hi All


    I have just acquired a SMART 1 - 5 security management server.

    It currently has the following image on it ----

    NGX (65) HFA 30.

    Now i would like to upgrade this to R75.20
  11. Replies
    4
    Views
    2,140

    Re: Upgrade r65 - r67

    Me again --

    What i have from my support is i think -

    Load r65 from ext disk drive to 9020.
    Anyone know where the idiot guide is for this or the relevant commands.
    Sysconfig -set up mgmt...
  12. Replies
    4
    Views
    2,140

    Upgrade r65 - r67

    Hi

    About to upgrade from r65 vsx to r67
    Apparently need to use an external disk drive
    We are using a checkpoint 9070 box
    how does this detect the external disk drive does anyone know.
    If there...
  13. Replies
    3
    Views
    2,067

    Unable to upgrade to R71.30 on IP390

    Hi

    Anyone else had this issue -

    We are attempting to upgrade to R71.30 on IP390.
    We have attempted to strip out any unnecessary directories, arballs etcc...
    However -

    R71.30 flash package...
  14. Replies
    2
    Views
    2,121

    Ugrading IP 390 to R75 with IPSO 6.2

    Hi

    Next week we are upgrad.
    ing our Nokia Firewall to IPSO 6.2
    and Checkpoint r75.
    Are there any obvious gotchas.

    Steve
  15. Replies
    1
    Views
    1,123

    Changing R65 FW to R70 mgt server

    Hi

    I need a guide on the following -I have to change the management of
    an R65 firewall to An R70 mgt server.
    This R65 Sits on a Nokia box.
    I gather i cant create the CP node until just...
  16. Replies
    2
    Views
    1,736

    Unable to put exception or be granular

    Hi

    We are using an NGX R70 with an IPS Blade.
    When trying to communicate between 2 servers using SQL we are getting the following IPS
    Attack - MS-SQL Server Protocol Enforcement Violation ...
  17. Replies
    5
    Views
    6,550

    Using FW monitor on VSX

    Hi All

    I have just been using fw mon on our vsx -
    Using the command -
    fw monitor -e "accept src=84.45.86.92 or dst=84.45.86.92;"
    As the tracker is seeing a lot of out of state packets
    syn ack...
  18. Replies
    4
    Views
    1,811

    Re: Installing rules on VSX

    Hi Northland Boy

    Well we seem to have the right policy on the right VS's.

    I just checked on smartview monitor

    Steve
  19. Replies
    4
    Views
    1,811

    Re: Installing rules on VSX

    Thnx northlandboy


    When we try and install to other VSs we get the following message -

    Target : xxxxxxx
    You are going to install policy 'CR-DMZ-Policy'
    which has a different name than the...
  20. Replies
    4
    Views
    1,811

    Installing rules on VSX

    We have just got a new VSX firewall and we are unused to the virtual
    firewall and how it works.

    With two virtual firewalls - can you install a rule on one firewall
    with the targets set to 2...
  21. Replies
    3
    Views
    1,380

    Re: Determining HFA version

    Hi

    Sorry for being dim
    I have even asked my support for this but they dont know !!!!
    Where do you see this data - i cant see how you expand this out

    Steve
  22. Replies
    3
    Views
    1,380

    Determining HFA version

    Hi All

    I am trying to determine HFA version -
    Elsewhere on here i have seen 2 methods -

    You can use smart update to get that information.
    Right click on the gateway and click on get gateway...
  23. Replies
    3
    Views
    1,575

    Re: Error Mgt server to Firewall

    When i pushed the policy to the firewall from the
    mgt server we saw the following issues -

    from file C:\WINDOWS\FW1\R65\fw1\lib\base.def, line 340:
    CRUK-3 NGX R65 Advanced Security #include...
  24. Replies
    3
    Views
    1,575

    Error Mgt server to Firewall

    Hi All

    We recently lost all our network connections and one for our enforcement modules could not connect to the management server or backup management server.
    So we were advised by our support...
  25. Replies
    4
    Views
    5,246

    Re: OSPF through the firewall ?

    Hi Mcnally

    And thanks for you swift reply -

    The topology is as follows -

    My team leader is going to have a high speed gig link installed
    between our location (which is going to have an NGX...
  26. Replies
    4
    Views
    5,246

    OSPF through the firewall ?

    Hi All

    Probably a bit of a dumb question but here goes -

    We are using an R65 NGX Firewall on a Nokia ip390
    platform .
    I have been tasked with finding a way of using the firewall
    in front of...
  27. Replies
    2
    Views
    1,738

    Routing through Firewall

    Hi All

    Probably a bit of a dumb question but here goes -

    We are using an R65 NGX Firewall on a Nokia ip390
    platform .
    I have been tasked with finding a way of using the firewall
    in front of...
  28. Replies
    5
    Views
    3,571

    Re: Random Dropouts In IPSEC VPN

    First - this gear was designed and put in by someone else so I am learning as I go.

    Just looked at my cisco
    Protection suite of priority 1
    encryption algorithm: Three key triple DES
    ...
  29. Replies
    5
    Views
    3,571

    Re: Random Dropouts In IPSEC VPN

    Just checked myself no pfs set
    Now - lammbo can you clue me up on timeouts please
  30. Replies
    5
    Views
    3,571

    Random Dropouts In IPSEC VPN

    Hi

    I am having the same issue as a previous poster -
    CRYPTO-4-IKMP_NO_SA: IKE message from <ip add> has
    no SA and is not an initialization offer
    A chap called Lammbo by designation...
  31. Replies
    1
    Views
    1,360

    Re: Error - no certificate - but none needed !!!

    We managed to get this to sync by transferring all the files
    referring to sync.
    However although it now appears to work it says
    'lagging ' under HA status
    Cant seem to find what this means...
  32. Replies
    1
    Views
    1,360

    Error - no certificate - but none needed !!!

    Hi

    We are using NGX R65.
    Desperately trying to get a HA standby management server running.
    Its on manual and has no vpns on it.
    Every time we try and bring it up we get SIC and then the...
  33. Replies
    1
    Views
    3,306

    Error Smartcenter server - CA not running

    Hi

    We are using NGX R65.
    Desperately trying to get a HA standby management server running.
    Its on manual and has no vpns on it.
    Every time we try and bring it up we get SIC and then the...
  34. Load on module failed - not enough disk space

    Hi All

    When trying to push a policy on one of our firewalls we got the above message -
    Looking at the box it looks like we have used 100% space on the following
    drive - /dev/wd0h mounted on...
  35. Replies
    3
    Views
    1,488

    Renaming Server - ICA issues !

    Hi


    We are upgrading our management server to a new one with a new ip address and we were also hoping to rename it - it currently has a non
    easy remembering name full of numbers.
    However it...
  36. Replies
    1
    Views
    1,612

    Correct licence For HA

    Hi All

    Trying to get the HA between 2 management servers going and
    cannot.
    We are trying to get an answer from our tech support but does anyone
    know if this is the correct licence - the plan is...
  37. Replies
    0
    Views
    1,020

    Load Balancing On Vpns

    Hi

    Have just enable a second vpn gateway on the
    Participating gateways in the Remote access vpn.
    Did this at the weekend so was surprised to see
    that it didnt appear to be load balancing !!!...
  38. Replies
    3
    Views
    1,396

    Re: Firewall down After R62 - R65 Upgrade

    Hi

    Dont need to upgrade the licence.
    We have all our rule base backed up -
    but cannot access the GUI on ipso so cannot
    get the firewall working.
    Thanks anyhow

    Steve
  39. Replies
    3
    Views
    1,396

    Firewall down After R62 - R65 Upgrade

    Hi

    We have just attempted an upgrade to R65 from R62.
    Initially we upgraded the IPSO and tested it - 4.2 build 78.
    We then deleted the old IPSO wrapper and then upgrade
    via voyager Gui to R65...
  40. Replies
    1
    Views
    869

    Name of CA same as server

    If we change the CA on the smartcentre will
    this have any effect on VPN connectivity.

    We used to have the CA as not the name of the server
    but we have just changed it.
    Will this have any effect...
  41. Replies
    2
    Views
    1,516

    Re: Unable to upgrade to R65 or de-install R62

    Thanks good advice - better advice than I got from
    my support org - well done CPUG !!!!!!!!
  42. Replies
    2
    Views
    1,516

    Unable to upgrade to R65 or de-install R62

    Hi

    We need urgently to upgrade our management server to R65.

    A previous user put R62 on a drive with not enough memory for R65
    so we then tried to de- install R62 but got an error
    ref the...
  43. Replies
    7
    Views
    2,342

    High Availability ? yes or no

    Hi All

    We are currently going through a DR re- organisation.
    We want to have two Smart Servers and we want them
    to synchronise.
    Do we have to put the NGX Firewalls in HA ,or do we have
    to put...
  44. Replies
    3
    Views
    2,048

    Synchronising 2 Management Servers

    Hi All

    We are currently going through a DR re- organisation.
    We want to have two Smart Servers and we want them
    to synchronise.
    Do we have to put the NGX Firewalls in HA or do we have
    to put...
  45. Thread: 2 vpn gateways

    by switzer
    Replies
    2
    Views
    1,301

    Re: 2 vpn gateways

    I have attached the management console cpinfo and
    The cruk-2 cpinfo and Cruk-1 cpinfo.

    The problem is that original we had the vpn Remote-access
    Working into one firewall - Cruk-1.
    To get ready...
  46. Thread: 2 vpn gateways

    by switzer
    Replies
    2
    Views
    1,301

    2 vpn gateways

    Hi

    We want to have 2 vpn gateways on 2 different firewalls
    but with one management server.
    We want the user (in a DR situation ) to type in a different
    ip address in the vpn secure client...
  47. Thread: Licence Issues

    by switzer
    Replies
    1
    Views
    2,103

    Licence Issues

    Hi

    Can any kind soul - give me an idea of how the lack of presence int
    the checkpoint user centre affects the firewall .

    I assumed that the user centre should be a mirror of what is on our...
  48. Thread: No Smart Map

    by switzer
    Replies
    7
    Views
    3,057

    Re: No Smart Map

    Hi

    Nope nothing between the Policy and Search menus
    on the dash.
    Also nothing called smartmap in the views tab.
    Sadly we have just been handed this and are trying
    to work out whats been done....
  49. Thread: No Smart Map

    by switzer
    Replies
    7
    Views
    3,057

    No Smart Map

    Hi

    We recently installed R62 on a new nokia box and
    have only just spotted that all our smartmap options
    have been greyed out.
    As far as I am aware we have not pressed any options
    during...
  50. Replies
    5
    Views
    1,579

    Re: Multiple Entry Points for VPN

    Hi

    No I really meant that I want to do is have
    a vpn interface out 2 interfaces at the same time -
    ie
    I want to access via vpn on one firewall interface
    which goes to an adjacent lan...
  51. Replies
    5
    Views
    1,579

    Multiple Entry Points for VPN

    Hi

    I need to know if it is possible to have VPN connecting
    in via 2 different interfaces.
    We would like to have vpn via an internal lan to an ext
    lan on one interface and via an interface going...
  52. Replies
    5
    Views
    2,890

    Tracker Rule/Current Rule Number

    Hi All

    I am currently trying to use tracker to log certain
    events - but when i filter on the rule number i find
    that I am not seeing the rule i want.
    On looking in the record details i see 2...
  53. Replies
    1
    Views
    4,584

    Peer SIC Certificate has been revoked

    Hi

    Just posted this as we are unable to establish SIC -

    Peer SIC Certificate has been revoked

    What is the normal procedure to resolve this problem ?
    Does anyone know as currently Our...
  54. Replies
    2
    Views
    1,607

    Unable to Establish SIC

    After some reconfiguration we are unable to establish Sic between the enforcement module and the Manager
    The SIC error we are getting is 300
    Any ideas what this could be ?

    Steve
  55. Replies
    1
    Views
    1,148

    Connection Attack

    We seem to be under attack again from numerous
    connections.
    They climb when we look under -
    fw ctl pstat
    Can you tell me where in the logs we can see if
    certain ip addresses are opening these...
  56. Replies
    0
    Views
    1,023

    ATTACK by Connections

    Hi All

    We seem to be suffering an attack again by numerous
    connections.
    Can you tell me how i can see on the checkpoint logs
    where you can see who is starting these connections.
    All we can...
  57. Replies
    3
    Views
    3,463

    Nokia IP530 error messages

    Hi All

    Currently we are having to reset our firewall every
    few hours - we seem to be overwhelmed with
    connections. -
    FW-1: WARNING: The connections table is 80% full.
    In addition looking at...
  58. Replies
    4
    Views
    4,964

    Capacity Optimization

    We currently have a problem with our firewall having to be reset every few hours - while awaiting an engineer we have looked at the logs and have increased capacity optimization to 50000 from 25000...
  59. Replies
    3
    Views
    1,452

    Re: Ports to allow for VPN

    Thanks Mariol

    I will ask him to open the additional ports
  60. Replies
    3
    Views
    1,452

    Ports to allow for VPN

    Hi All

    I am trying to allow a user behind a univercity firewall to use our VPN.
    Looking at a previous config the ports we seem to have opened
    are the following -

    UDP 500

    IP 57 51 50
  61. SSLv3: Malformed Packet (field lengths do not match)

    We are getting this issue when looking doing a bank transfer.
    Currently in order to get this working we are having to turn off smart defence.
    This issue has only occurred it seems since we upgraded...
Results 1 to 61 of 61