CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: boldin

Page 1 of 5 1 2 3 4

Search: Search took 0.01 seconds.

  1. Thread: CCSA R75 Exam

    by boldin
    Replies
    17
    Views
    17,870

    Re: CCSA R75 Exam

    Check Here:
    Training and Certifications

    Once there, go to "Training Resources."
  2. Re: Cut & Paste Objects between different policies?

    This is something for which many P-1 admins. I know have been asking for a long time. It would also be helpful to right-click an object in the CMA's Dashboard and have a drop down selection such as...
  3. Replies
    0
    Views
    1,178

    Looking for the best of the best!

    Please review the below link and apply online if you feel you would be a good fit.

    Smyrna Firewall Administrator Job - GA, 30080

    Thanks,
    Andy Boldin, CISSP
  4. Replies
    6
    Views
    2,055

    Re: SIC activation key

    A long time ago, I think I saw that on a UTM that was setup as a standalone. Since it's a standalone there was no need for SIC - management was on the same box.

    Of course I think that was back in...
  5. Replies
    4
    Views
    3,245

    Re: HTTPS Inspection Issues - 75.20

    Our local CCMA has advised us against it. Apparently there's so much new functionality and/or improvements that he feels it should have been more like a major version release as opposed to a minor...
  6. Replies
    6
    Views
    3,028

    Re: Google mail is able to bypass URl Filtering

    Yeah, we get the same thing with Google Plus.

    We've put plus.google.com into URL filtering custom URL list. It's blocked with http, but not with https.
    R70.30
  7. Thread: NFS mount

    by boldin
    Replies
    8
    Views
    5,860

    Re: NFS mount

    Survives reboots for us...

    df -kah shows it every time until we unmount it.
  8. Re: Error FW-1 at FW-1: Failed to connect to the WWW server.

    This error is displayed when URL Filtering is turned on and the Firewall cannot reach the site in question.

    For instance, we have the following:
    User -- FW -- T3 -- FW -- Inet

    The FW closest...
  9. Replies
    5
    Views
    2,708

    Re: Blocking FaceBook using SmartDefense

    Go to SmartDefense, DNS protections, Domains block list. Enter Facebook.com.
  10. Re: Might buy the R70/71 courseware - any takers after Im done?

    I'll take it on the fifth time around for $100....

    In all seriousness, I'm waiting on the R75 material to be released prior to upgrading my cert.
  11. Re: How to find a rule which is not used for a period of time

    I've only seen the demo on Tufin and as soon as I did it was bumped to the highest spot on our procurement list. As soon as the CR ends, we'll be purchasing this for our organization, no if's and's...
  12. Re: IPS Update fails to see Checkpoint site (and another problem)

    This happened to me once and I realized that I hadn't set up a DNS server on the firewalls...
  13. Replies
    29
    Views
    8,301

    Re: Power-1 appliance 9075 vs Splat gateways...

    And to be clear on my part, the reason it takes a few days is because we get the replacement appliance shipped to us (off-site) for us to configure and then ship to the off site location.

    Again,...
  14. Re: URL-Filtering Blade Modify "Page-Blocked" page

    I'm sure you can hack it. Just don't know how.

    You would also lose support if CP TAC found out about it...
  15. Replies
    29
    Views
    8,301

    Re: Power-1 appliance 9075 vs Splat gateways...

    I'll agree with the part about you doing the work or someone else, only in a different way...

    If you are on site or have capable eyes/hands on site to support the system, definitely go for the...
  16. Replies
    7
    Views
    21,058

    Sticky: Re: How To Enable SNMP on SPLAT

    Thanks - I always thought that was a size in Kb...
  17. Replies
    24
    Views
    6,573

    Re: Has CPUG banned Check Point from the forums?

    And I appreciate both sides but have had just about enough.

    PhoneBoy: I appreciate your advocacy between us and CP. It's an invaluable service for which you are uniquely qualified.

    Barry: I...
  18. Re: URL-Filtering Blade Modify "Page-Blocked" page

    Probably your best option is to build a page on another server and use the redirect option to that URL.

    Otherwise, I haven't dug in deep enough on the product to hack it to the extent to which you...
  19. Replies
    7
    Views
    21,058

    Sticky: How To Enable SNMP on SPLAT

    Let me be the first to "jump in."

    This is the procedure we use to enable SNMP on Check Point SecurePlatform (SPLAT).

    1. ssh to the firewall and switch to expert mode.
    2. verify the Check Point...
  20. Re: Anyone else had UTM 3070 R65 HFA40 reboot for no reason?

    Where are core dump files stored by default?

    I've enabled dumps and set the limit to a large enough size (about twice the amount of physical memory).

    thanks,
  21. re: ALERTS!!!! Checkpoint snmp trap does NOT work and here is why

    I'll see if I can replicate it as well - we've been having such a hard time with traps that I gave up on getting it to work...
  22. Replies
    2
    Views
    1,686

    Re: URL Filtering DB Update kills FWM on CMA

    Edit $FWDIR/conf/fwopsec.conf on the relevant CMA and insert the following line (2000000 can be increased up to 20000000 maximum):

    cpmi_server conn_buf_size 2000000

    2. Restart CP service...
  23. Replies
    2
    Views
    1,686

    Re: URL Filtering DB Update kills FWM on CMA

    I forgot to post that the contents of FWM.elg for this particular CMA show this repeated over and over again.


    Failed to send reply on session 0x0c15c548 with error code -1 (OPSEC...
  24. Replies
    2
    Views
    1,686

    URL Filtering DB Update kills FWM on CMA

    Good morning,

    We are in the process of standing up URL filtering on a test/lab system as a proof of concept before moving URL filtering into production.

    As it stands, we have things configured...
  25. Replies
    3
    Views
    1,916

    Re: Console port via kvm switch?

    I know it's basic, but try pressing <Enter>. It's bitten me in the butt a couple of times - thinking it isn't connected, but a quick keypress makes it come alive.

    If that works (or if it doesn't...
  26. Thread: Failed today

    by boldin
    Replies
    17
    Views
    4,193

    Re: Failed today

    Check Point is my "bread and butter" (as a co-worker put it), but with all of the problems we've seen with custom hotfixes, etc., along with DoD 8570 certification requirements, we've been seriously...
  27. Replies
    11
    Views
    3,583

    Re: Saturday last day for CCSE R65

    Dude, I about laughed my ass off when I saw your signature line...
  28. Thread: SSH - SCP

    by boldin
    Replies
    12
    Views
    6,879

    Re: SSH - SCP

    Also here: how to enable scp on a splat gateway

    http://www.cpug.org/forums/check-point-secureplatform-splat/10619-how-enable-scp-splat-gateway.html
  29. Thread: Failed today

    by boldin
    Replies
    17
    Views
    4,193

    Re: Failed today

    I remember having a few questions on OCSP functionality and service/port requirements (at least three different questions) on the old R65 CCSA. At the time I had no idea what it was so I know I...
  30. Replies
    13
    Views
    4,692

    Re: Geo Protection in R70.30 not updating

    Ours isn't that date, but it's the install date with no updates since then. For the record it's July 29th.
  31. Replies
    3
    Views
    3,387

    Re: Recording RDP Traffic

    I heard that the US Air Force uses them (Bomgar) and I've heard good things too. Good enough for them, I'd think it's good enough for you...
  32. Replies
    3
    Views
    3,387

    Re: Recording RDP Traffic

    I think DameWare has a Proxy-like device you can throw on the DMZ. Have your internal and external customer connect to it and then it connects them.

    I think it works with Smart Card...
  33. Replies
    16
    Views
    5,983

    Re: Unused Policies on SCS

    We had a showcase showdown among Tufin, Firemon and one other one that I can't even remember now because it was so basic.

    Tufin won hands down. The interface was intuitive, easy to use/learn and...
  34. Re: Upgrade R65 to R70 ? R71? What's the best choice

    We've been running R70.30 for quite some time with no problems attributable to anything version specific (that we are aware of).

    The only exception to this is sk36634 which is a bug that shows...
  35. Replies
    16
    Views
    6,019

    Re: Need review from customers on GEO Protection.

    And my memory fails me again...

    I even commented on the post.
  36. Thread: Archiving Logs

    by boldin
    Replies
    3
    Views
    2,975

    Re: Archiving Logs

    This should be the same if it's a UTM-1, which runs on SecurePlatform.

    SSH to the firewall and go to /etc/fw/log. You should see .log files there and associated *ptr* files. Remember, don't mess...
  37. Thread: Archiving Logs

    by boldin
    Replies
    3
    Views
    2,975

    Re: Archiving Logs

    We have a stand-alone log server running on SPLAT - here's what we do.

    Open tracker, specify the log server. Using remote files management, pull all firewall logs from local firewalls, if they are...
  38. Replies
    16
    Views
    6,019

    Re: Need review from customers on GEO Protection.

    We are on R70.30 P-1, three CMAs. I can't find it anywhere and it was my understanding that it was a "free" option that came with the IPS (SmartDefense) blade.

    After contacting support, it turns...
  39. Replies
    5
    Views
    1,949

    Re: Serial Connection Banner Message

    I'll have to test these. We've had the banner requirement for as long as I've been in my job and we could never quite figure out how to do the web interface banner without hacking a file and...
  40. Replies
    2
    Views
    2,114

    Re: Quickest Way to block IP

    In SmartView Monitor, you can go to Tools > Suspicious Activity Rules. Then add/remove IPs and/or Networks as source/destination(s) and add services if you wish.

    We use this daily when we see...
  41. Replies
    5
    Views
    2,128

    Re: Reboots every Tuesday Morning

    Funny, I was thinking the same thing when that what they said the issue is. By the way, the sk article we're using to collect kdb's is sk31511.
  42. Replies
    5
    Views
    2,128

    Re: Reboots every Tuesday Morning

    /var/log/messages showed nothing out of the ordinary. Just the syslogd saying startup initiated.

    We've considered turning off the IPS, but at this time, it sounds like it's possibly a NIC driver...
  43. Replies
    14
    Views
    3,684

    Re: cluster failover office mode not working

    I couldn't agree more. This is an often-overlooked item when it comes to security infrastructure. Sometimes I think Check Point is forgetting that they are a firewall/vpn company - not a...
  44. Replies
    5
    Views
    2,128

    Reboots every Tuesday Morning

    We have a weird on-going issue here...

    Hypothetically speaking, let's say we have two data centers, let's call them East coast and West coast. The internal firewall which separates the WAN from...
  45. Replies
    25
    Views
    11,435

    Re: All Edge firewalls rebooted 10/30/2010 8:58 p.m.

    Actually, they could market this as a "feature" so that all systems that have been up for a long period of time will auto-magically reboot themselves every 13.6 years as a "scheduled maintenance."
  46. Replies
    25
    Views
    11,435

    Re: All Edge firewalls rebooted 10/30/2010 8:58 p.m.

    Good for us value investors. CP isn't going anywhere anytime soon - pick some up at 14% off today!
  47. Replies
    25
    Views
    11,435

    Re: All Edge firewalls rebooted 10/30/2010 8:58 p.m.

    Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot
  48. Replies
    12
    Views
    2,280

    Re: Has anyone seen this before?

    If Google doesn't know about it, then it really hasn't been seen before - "The Google" knows all!

    On a more serious note I haven't seen anything like this on an M-series appliance, which is about...
  49. Replies
    2
    Views
    1,759

    Re: SAM Rule Not Logging

    When you enable the SAM rule, there's an option for the track. You can log/no-log/alert for the track. You can also choose an action of drop/reject/notify. And there's a check box for close...
  50. Replies
    36
    Views
    17,355

    Re: Web Security Blade

    I believe those are converted into the new "blade" but I don't know how all of that works since we never had them to begin with prior to the upgrade to blade architecture.
  51. Replies
    3
    Views
    2,738

    Internal Website Logging for URL Filtering

    We are about to begin testing of the URL Filtering blade. We are looking for a way of logging vital information about the users who are visiting blocked URLs.

    My initial thought was to create an...
  52. Replies
    36
    Views
    17,355

    Re: Web Security Blade

    According to our SE, all of the protections are available in R70 IPS (R65 SmartDefense), but won't work until the "blade" is purchased and enabled.
  53. Re: External Interface just disappeared - UTM-1 13x / R65 HFx

    On some of the IBM's I've worked with, if you unplug power after powering down, then press and hold the power button for a few seconds, then plug in and power up, it will clear out the capacitors on...
  54. Replies
    5
    Views
    2,680

    Re: Microsoft Direct Access / UAG

    I can mention one policy here - no IPv4 in IPv6 or IPv6 in IPv4 tunneling allowed, period end of story. Pair that with no split tunneling and some other problems with policy and we're out of luck.
    ...
  55. Replies
    5
    Views
    2,680

    Re: Microsoft Direct Access / UAG

    We had a proof of concept setup and due to various security policies (the majority of which I can't get into in a public forum), it was nixed rather quickly - to the point where Microsoft didn't even...
  56. Replies
    1
    Views
    2,371

    Block SNMP-write, allow SNMP-read

    This is a two-part question and I'll get right to it...

    1. I'm looking for a way to disallow SNMP-write access to our firewall devices - this is seemingly pretty straightforward and I'm really...
  57. Replies
    5
    Views
    7,804

    Re: SIC-How does it work ?

    I was afraid that was the answer - can anyone provide insight as to what is required to turn on FIPS mode? I've heard that it basically shuts off SmartUpdate and that we would have to do a clean...
  58. Replies
    5
    Views
    7,804

    Re: SIC-How does it work ?

    It would also be helpful, at least for me in the US Gov't side of things, to know if SIC is FIPS compliant...
  59. Re: Looking for UTM-1 & Power-1 CPU (cores, speed) information

    Along with the specific types of traffic in your environment and your ruleset...

    If it's all HTTP and you have a lot of rules with URI resources in them, it may be much lower, but if you have an...
  60. Replies
    3
    Views
    1,414

    Re: Redirect Dropped/Rejected Connections in R65?

    This may be possible with a URI resource, but I don't have too much experience with this. It's also really resource intensive, dependent heavily on your traffic flow...
  61. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    Thank you.

    I found out I passed the day before my anniversary and my dad's birthday (same day). Those are on the day before my wife's birthday. And this year, my wife's birthday is the day before...
  62. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    It was a good sign. I passed the test - just found out today.

    Now for the endorsement process.
  63. Replies
    3
    Views
    5,003

    Re: Email secured by Check Point

    This can also be done in Dashboard by going to the Anti-Spam and Email tab, choosing advanced > disclaimer on the left menu. You can customize the text as well as enable or disable it altogether.
  64. Replies
    4
    Views
    3,376

    Re: RSA and Smart Center Authentication

    Anyone know if smart card certificate-based authentication is supported?
  65. Replies
    2
    Views
    1,473

    Re: Locally to Centrally managed deployment

    As far as I know, yes. If you install with the standalone deployment then it won't offer the cpconfig option to establish sic.

    If you are going to do this, I'd recommend you use the 3070 as the...
  66. Replies
    3
    Views
    1,547

    Re: Hello From a new member rvillano

    Only what, about 200 or so posts are "newbie" posts, right?

    Nothing like some self-deprecating humor to make a new cpug-er feel right at home...
  67. Replies
    4
    Views
    2,001

    Re: WSE0120001 Malicious Code Detected

    Funny you mention this. We're still migrating to R70.30 from R65.02. I just added my first exception in today so we'll see how it works over the weekend.

    Hopefully it works the way I assume it...
  68. Replies
    3
    Views
    1,547

    Re: Hello From a new member rvillano

    Welcome aboard! Don't be afraid to ask anything...
  69. Replies
    2
    Views
    1,589

    Re: Basic Question about logs

    Never a good idea to turn off all logs. At a minimum you'd want to keep at least any of the drop logs.

    As far as the difference, the debug logs provide a bit more detail when poking around when...
  70. Replies
    7
    Views
    2,477

    Re: spoofed packets from External interface

    Since it's on the external interface, it would only get dropped if the attacker spoofs the packets to come from a source that would be on any of the other interfaces. My guess is that they are still...
  71. Re: What happens after log server gets back online?

    That's usually what we have to do after a logger problem. It kinda sucks having to do a cprestart on 50 firewalls because the logger craps out for a bit. It's hit or miss as to whether the firewalls...
  72. Replies
    4
    Views
    4,498

    Re: IPS Geo Protections

    Does anyone know if this will be in a future update? We shouldn't have to go into GUIdbedit to get functionality via a workaround that should be included in the actual software to begin with.

    We...
  73. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    Ok, all I can say is study, study and then study some more. Use multiple sources: books, study guides, practice exams, etc.

    Every version is seemingly different, but know the common criteria,...
  74. Replies
    14
    Views
    3,121

    Re: Upgrade from NGX65 to R70 nightmare

    Funny, I've experienced problems, but none of them seemed out of the ordinary. We went from R65 hfa(x) to R70 and then directly to R70.30 after that. Make sure you have the right file for what you...
  75. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    Wish me luck! I'm off to take the test first thing in the morning. Hopefully there'll be one more CISSP in the world by the time I'm done (or at least my test is graded).

    Thanks for the support...
  76. Replies
    24
    Views
    8,526

    Re: Error on policy verify but not on install

    Any software version similarities (or any other similarities) among those that have the problem? Maybe you're all on the same version and this is a bug - wouldn't be the first time...
  77. Replies
    19
    Views
    16,542

    Re: Difference between snapshot vs backup

    Most major upgrades (not HFA or minor release) require this. It's usually in the pre-upgrade documentation. Unfortunately, we've gone through it several times and in virtually every case we ended up...
  78. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    I've heard the same thing from every CISSP I know.

    For what it's worth, Clement responded to my email and upgraded me to a paid account for free until I take the test on 15AUG10.

    Just be sure...
  79. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    I've confirmed it - the cccure.org testing engine is now $39.99 US for 6 months. Otherwise, you get 40 quizzes, limited to 25 questions each.

    This started literally the night that I was going to...
  80. Replies
    5
    Views
    1,842

    Re: Drawing about static routes

    SmartMap.
    Go to global properties > smartmap. Enable smartmap by checking the box.

    It does slow things down a bit, but if you you don't mind the extra resources being utilized I could see how it...
  81. Thread: Good to be here

    by boldin
    Replies
    13
    Views
    3,299

    Re: Good to be here

    That's weird, I was logged into the user center. Are you a partner or something (with more access)?
  82. Replies
    33
    Views
    6,837

    Re: CCSA Practise Exam

    I think that's an idea we can all love.

    I'm just so tired of seeing the "noise" and I do love the "signal." But the "noise" level seems to be escalating as time progresses...
  83. Replies
    33
    Views
    6,837

    Re: CCSA Practise Exam

    Based on my experience with the R65, the courseware and pdf's from CP, along with practical experience, was enough.

    However, with such drastic changes in R70 exams (and I haven't seen an R70 exam...
  84. Thread: Good to be here

    by boldin
    Replies
    13
    Views
    3,299

    Re: Good to be here

    I'm getting a "Not Authorized" page when I try to load your link.

    I'll take a look for it - the type of information in the CCSE+ was exactly what I was looking for. A coworker had his and some of...
  85. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    I've noticed the same thing. Many of the CISSPs that I know are undeserving (or at least seemingly so) in that they are good test-takers but lack real-world knowledge. Don't get me wrong, I'm not...
  86. Replies
    21
    Views
    7,286

    Re: I've waited long enough

    Has anyone seen cccure.org's free quizzes? I went there last night after using their free engine for months and now it looks like they want to limit me to 25 question quizzes and a total of 30...
  87. Thread: LogRhythm

    by boldin
    Replies
    8
    Views
    5,065

    Re: LogRhythm

    Another update for anyone interested and for posterity...

    They are also unable to collect the following types of logs (again, the sales person said "no problem" or similar answer to our specific...
  88. Thread: LogRhythm

    by boldin
    Replies
    8
    Views
    5,065

    Re: LogRhythm

    The problem is that they don't work with a dedicated logger, of which we have four. They have it well-documented how to collect from an SCS with logging capability or a standalone firewall....
  89. Re: Old Gateway was shown in Monitor - already deleted in Dashboard

    Did you perform a policy installation or an 'install database'?
  90. Thread: No more logs

    by boldin
    Replies
    8
    Views
    3,454

    Re: No more logs

    I would think that you should have upgraded to R71 base before applying R71.10. That may be why the box is toast. Also, see Tobias Lachman's blog here for a problem that may have been overlooked on...
  91. Thread: LogRhythm

    by boldin
    Replies
    8
    Views
    5,065

    Re: LogRhythm

    I'll do some digging. I doubt we're really going to sue, but man I hate salespeople. No offense to any salespeople here, obviously...

    However, our customer may decide to sue. You don't want the...
  92. Thread: LogRhythm

    by boldin
    Replies
    8
    Views
    5,065

    Re: LogRhythm

    Found out today:

    LogRhythm sales people say their OPSEC compliant and can take all Check Point logs - over a year ago they said this. Today, we find out that they can get logs from an SCS with...
  93. Thread: Service "X11"

    by boldin
    Replies
    7
    Views
    3,468

    Re: Service "X11"

    Yes, apparently "Any" in the rule base doesn't really mean any service. Just those services that are a match for "any" according to check point - this is one of those cases where "match for any"...
  94. Replies
    1
    Views
    14,788

    TLSv1 Alert and SSL Half-closed socket

    I was troubleshooting an issue where one of our servers is communicating with another server via SSL...

    I see FIN/ACK events in my dump and I noticed that all of the FIN/ACK packets coming from...
  95. Replies
    4
    Views
    2,609

    Re: cpstat mg on P-1 on R70.30

    I guess I should have tested that before offering the advice ;)

    The only other way that I knew of was as you described from the CMA context...
  96. Replies
    4
    Views
    2,609

    Re: cpstat mg on P-1 on R70.30

    Try "mdsstat -h" to get the legend of various switch options. If it's an HA manager, and you haven't upgraded the other one, then I'm guessing that they will both think that they are active until you...
  97. Replies
    13
    Views
    2,429

    Re: VSX NGX R67 is officially released

    Really? I've had flaky Broadcom's from time to time in the past - just something that you get to know with experience - or it might be that I've just had bad luck with the Broadcom's and they...
  98. Replies
    2
    Views
    2,080

    Re: Power-1 appliance 9075 and NGx R70.30

    I doubt that this is normal. The product information sheet on CP's site says "redundant, hot-swappable" drives.

    edit: please keep me updated as we are about to buy at least four of these, possibly...
  99. Replies
    3
    Views
    2,682

    Re: EndPoint Connect - Office Mode ETC

    To add to that - we've seen this in the past where home users' bit torrents (availability) and other traffic types (malware, worm traffic) start jumping into the tunnel and then pop out on your...
  100. Replies
    4
    Views
    1,597

    Re: "Information" field in logs

    Just a note - I found that even if you turn them on in "Monitor Only" it still won't log the domain - they must be in protect mode.

    However, I'm not sure which specific protection enables this....
Results 1 to 100 of 500
Page 1 of 5 1 2 3 4