CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: bmolnar

Page 1 of 5 1 2 3 4

Search: Search took 0.01 seconds.

  1. Re: Locating internal host which is sending SPAM

    Assuming you have logging turned on for all rules in your ruleset, it should be pretty easy to figure out. Look in Tracker for SMTP connections to that mail server's IP address and then narrow it...
  2. Replies
    5
    Views
    1,574

    Re: Global Properties & NAT

    You mean clients that are NATed to the firewall's IP address? What you posted only applies to connection originated from the firewall itself, not connections through the firewall.
  3. Re: TCP packet out of state: First packet isn't SYN tcp_flags: PUSH-ACK

    Yep, take a look at sk41444
  4. Replies
    1
    Views
    859

    Re: NGx R71.30 gateway crash

    Yes, there was a known issue in the RedHat bonding driver that has been fixed Check Point's code in R75.30 and later. Resolved issues for R75.30 list "Resolved bond locking issues in cluster...
  5. Replies
    6
    Views
    3,350

    Re: Difference between CPSTAT CPU/Multi_CPU

    Yep, I know for a fact R70.30 has that bug. I assume SmartView Monitor also shows the CPU usage at 100% for your firewalls?
  6. Replies
    6
    Views
    3,350

    Re: Difference between CPSTAT CPU/Multi_CPU

    What version of SPLAT are you running? I believe most R70 releases had a bug that calculated the CPU usage incorrectly and it was fixed in R71. I always trust 'top' more than the Check Point...
  7. Replies
    5
    Views
    2,803

    Re: Reg ClusterXL magic MAC settings

    Any port on your firewall that is not a Sync port

    Hmmm, it was my understanding that any time you had 2 separate clusters on the same VLAN/broadcast domain, regardless if it was configured for...
  8. Replies
    32
    Views
    11,423

    Re: Open Servers - Where are the bottlenecks?

    If you had a DL380 G7 at both locations, that would give you a better indication of what your VPN throughput would be since the DL320 G6's are limiting it right now.

    Also, on the VPN performance...
  9. Replies
    1
    Views
    910

    Re: questions about CheckPoint UTM 576

    I don't know the exact URL path, but if you login to the WebUI https://10.0.0.1:4434 (I think that's the correct port), there is a link burred in there somewhere. I believe it's on the ISO too.
    ...
  10. Replies
    5
    Views
    2,803

    Re: Reg ClusterXL magic MAC settings

    If you are going to have multiple firewall clusters that have interfaces on the same broadcast domain (VLAN), then sk25977 applies regardless of how your sync interfaces are configured. The change...
  11. Re: Upgrading from R75.30 to R75.40 fails on UTM-3070

    How much disk space is available? Run df -h to check.
  12. Replies
    32
    Views
    11,423

    Re: Open Servers - Where are the bottlenecks?

    How did the DL320 G6 and the DL380 G7 fare in your testing. Wasn't sure which had the Intel L5506. The best thing you could do is pick the device with the fastest CPU if you're looking to do VPN.
  13. Replies
    3
    Views
    1,047

    Re: Checkpoint Splat Kernal saving

    jes123, what commands are you running to verify that the kernel parameters are correctly saved or not?
  14. Re: Cannot open SmartDashboard on Security Management Server!!!

    Also, make sure the management server has the correct licenses applied.
  15. Re: Managing two networks with one management server

    The OS of the management server does not need to match the firewall. Basically the only thing that matters is that the Check Point version installed on the management server has to the same or newer...
  16. Replies
    4
    Views
    1,571

    Re: Security Management Backup Sizes

    If you have R71 or newer, there is an option to automatically delete old database revisions based on either X number of days, X number total or over X disk space. I usually keep the ones for either...
  17. Replies
    4
    Views
    1,571

    Re: Security Management Backup Sizes

    How many database revisions do you have stored? They are included in backups
  18. Re: IPSO/Splat/Gaia general scripting with example script

    As the script will run as a cron job and not by the logged in user, some global variables aren't set (checkpoint binaries paths, library file etc.) Even using absolute paths, try running a cron...
  19. Re: is cable with SFP+ i/f compatible with Power-1's 10GB port?

    It most likely will not work because the Power-1 11000 NICs are picky as to which SFP's they support. It's better to just buy a SR 850nm 10gb module for your Nexus and run fiber to your firewall
  20. Re: Error in Sync Connection State between two gateway

    That cpconfig doesn't look quite right. If it thought it was supposed to be the member of a cluster, one of the 'cpconfig' options would be 'Disable cluster membership'. Since the First Time config...
  21. Replies
    3
    Views
    1,192

    Re: VLAN Configurations on 2012 Appliance

    Personally I go thru 'sysconfig' to add or change interface information, but those steps work also.
  22. Re: IPSO/Splat/Gaia general scripting with example script

    Great information, thanks for posting!!
  23. Replies
    1
    Views
    4,104

    Re: Connections per second

    Generally this means the number of new connections passing through the firewall per second. Check Point calls this 'connection rate' in the SmartView Monitor graphs. There are also values for...
  24. Replies
    304
    Views
    130,566

    Re: R70 "Free Upgrade" Check Point Promo Discussion

    FYI, I read on "the other" Check Point user forum that Check Point is ending the "free" conversion of NG/NGX licenses to Software Blades at the end of June. It's possible that there will be a fee to...
  25. Replies
    1
    Views
    2,003

    Re: Checking NTP sync

    I'm not aware of a MIB for the system time. If you want this alerting, you may have to write a custom script to look at /var/log/messages for:

    May 9 04:53:00 myfw1 ntpdate[4503]: can't find host...
  26. Re: Pop-up warning in Dashboard - Strange behaviour

    See my response above.
  27. Replies
    32
    Views
    11,423

    Re: Open Servers - Where are the bottlenecks?

    Yes, that would be fw_worker_0, which is the only process/core regardless of how many you have, that will process VPN traffic. So, right now your bottleneck looks to be CPU speed.
  28. Replies
    32
    Views
    11,423

    Re: Open Servers - Where are the bottlenecks?

    One of the main reasons I could see to get one of the upper-end appliances (12400 or above) is port density. Another is one vendor to contact/blame for issues... no finger pointing between HW & SW...
  29. Re: Pop-up warning in Dashboard - Strange behaviour

    Under the important notes for R75 Known Limitations: "This release includes all limitations of R71, R71.20, and R70.40, unless listed as solved in R70.40 Resolved Issues, or in R71.20 Resolved...
  30. Replies
    3
    Views
    3,323

    Re: Replace failed cluster member

    Chances are you're running centralized licensing, and this is stored on the management server. Licenses are applied via the SmartUpdate program. When you re-SIC your appliance to the management...
  31. Replies
    3
    Views
    3,323

    Re: Replace failed cluster member

    It's pretty easy. On your rebuilt appliance, configure all the interfaces. Then, establish SIC with the management server. Apply any licenses to the appliance & push policy.
  32. Re: Two Clusters in same VLAN SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00 in vlan 10

    I see you found sk25977 on how to change the settings. Don't forget to modify $FWDIR/boot/modules/fwkern.conf if you want that change to survive a reboot (sk26202)
  33. Re: Two Clusters in same VLAN SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00 in vlan 10

    You'll still want to change the mac-magic mac-forward-magic on one of the clusters. If you ever call in for support, this will be the first thing they'll ask you to change
  34. Re: Two Clusters in same VLAN SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00 in vlan 10

    I'm surprised it actually isn't causing problems. You should change the mac magic and mac forward magic on one of the clusters. See sk37229 and more importantly sk25977 for details on how to do this
  35. Re: Remotely start a UTM device from a graceful shutdown

    Unfortunatly, if that appliance doesn't have an ILO/LOM port on it, then you'll need someone physically cycle power for you. In the future, if this firewall is staticly routed, you should be able to...
  36. Replies
    3
    Views
    1,096

    Re: Add 3:rd member to cluster.

    Yes, this is supported as long as:
    1) All cluster members are running the same version (downgrade your new appliance to R71.20)
    2) The number of FW instances match on each member (all 2-core CPU in...
  37. Replies
    3
    Views
    2,026

    Re: Max Volume Size in GAiA R76

    Yep, mcnallym is correct, you have to use another partitioning tool like parted to create the volume. The following SK articles have more details as to what tools to use and if you wanted to use a...
  38. Replies
    4
    Views
    2,612

    Re: I only see syn packets when I do a capture

    Let me guess, you're running SecureXL? SecureXL always messes with "fw monitor" captures due to the nature of SecureXL acceleration. The only thing you can use to packet captures with SecureXL...
  39. Replies
    2
    Views
    891

    Re: Vlan Interfaces and Performance

    I have not experienced any performance issues with vlan interfaces on Check Point firewalls
  40. Re: Connect primary 4200 appliance back to full ha cluster

    That depends. Do you have a separate Smart Center server that you connect to in order to manage your FW cluster, or do you connect to the 4200 firewall itself? If you connect to the primary...
  41. Replies
    1
    Views
    723

    Re: hotfix or version upgrade

    Both activities will most likely require a maintenance window since very few hotfixes don't require a reboot. If you choose to upgrade, your management server has to also be at R71.50 (or newer), so...
  42. Replies
    6
    Views
    5,869

    Re: truncated-ip on tcpdump

    Command parameters passed to tcpdump on a capture would have no impact on traffic thru your firewall, it just determines what traffic, packet size, etc that tcpdump is capturing for you to...
  43. Re: How to send logs of messages files in /var/log to syslog server

    Theodore,
    Next time, try restarting just the syslog service. It could be that process which is failing.
  44. Replies
    4
    Views
    1,478

    Re: kernel error logs

    It most likely also applies to R71.20
  45. Replies
    6
    Views
    5,869

    Re: truncated-ip on tcpdump

    Just the output from tcpdump.
  46. Replies
    4
    Views
    1,478

    Re: kernel error logs

    Please refer to sk57540, it seems to cover these messages seen in /var/log/messages
  47. Replies
    1
    Views
    1,447

    Re: BGP on R71.40 Cluster XL

    I've used it on R70.1 and also R75.30 & R75.40(SPLAT). It's been stable for us and we have aggressive timers set and have roughly 1400 dynamic routes. Our clusters are set up in HA, so I'm not sure...
  48. Replies
    10
    Views
    11,862

    Re: SecureXL vs CoreXL

    I'm surprised that R&D would say to disable CoreXL on a 2-core appliance. CoreXL would allow one CPU to handle IRQ processing from the NIC and the other CPU to do the 'firewalling'
  49. Re: New Production Performance Security Power BenchMark

    I'd say the Firewall & IPS performance numbers are probably the most 'realistic' ones yet, I'm glad they actually published them. Also, it's the first time I've seen the 21700 appliance listed too,...
  50. Replies
    5
    Views
    1,694

    Re: Checkpoint UTM-1 Version R70.20

    It was displayed in HEX in the first error message
  51. Replies
    5
    Views
    1,694

    Re: Checkpoint UTM-1 Version R70.20

    It seems to be complaining about more than one object with IP address 195.144.79.31 being in the 'web servers' defined listed in Dashboard. Open up each object with that IP, click 'configure...
  52. Replies
    10
    Views
    11,862

    Re: SecureXL vs CoreXL

    Usually under the CoreXL option you can specify how many CPU cores you want to enable for firewall processing. I can't remember but the appliances might not give you the option to configure, it may...
  53. Replies
    11
    Views
    2,446

    Re: New Gateway on a existing Management - SPLAT

    Just so that I'm clear, this new 10.100.100.0/24 network has no way to get to the 192.168.1.0/24 network at all and they are two networks that are physically separate? On the new firewall you...
  54. Re: collecting connection counts over a period of time

    You can always look in SmartView Monitor and see a graph under 'System Counters>Firewall History' for the connections by minute if you're looking within the last hour; it'll start averaging after...
  55. Replies
    7
    Views
    2,241

    Re: upgrade_export fail

    The fact that you're calling "upgrade_export" from the local directory means you're in the /opt partition which is 96% full and saving the output to the same partition. Either cd to /var/tmp and...
  56. Replies
    2
    Views
    1,385

    Re: New Service "Talon Disc"

    I agree with this, check with the documentation for the Video Conferencing system. If the port isn't needed or not causing problems without it, there may be something that could be disabled on the...
  57. Thread: UTM-1 3078

    by bmolnar
    Replies
    5
    Views
    1,687

    Re: UTM-1 3078

    The names on the ports are just names, that's pretty much it. The license for the appliance is tied to the Mgmt port MAC address, that's the only thing I can think of.
  58. Thread: MGMT port?

    by bmolnar
    Replies
    3
    Views
    1,302

    Re: MGMT port?

    The MAC address of the Mgmt port is also used by Check Point to identify the device and the license installed is also associated to it too.
  59. Replies
    3
    Views
    1,361

    Re: 4807 or 12200 ?

    The hardware specs on both boxes are pretty similar, both have a quad core CPU and same amount of RAM (4gb). The processor in the 12200 is slightly faster than the 4800, which is where you see the...
  60. Replies
    4
    Views
    1,627

    Re: Backup not working from secondary firewall

    sendmail is installed on SecurePlatform and you can use that to send email alerts if needed.
  61. Replies
    22
    Views
    13,941

    Re: cphaprob state - Active attention

    Something is screwy on this cluster. First, fix the time on your firewalls. Use NTP if you have to in order to keep time from drifting. ShadowPeak.com asked some other questions that weren't...
  62. Re: NAT on external interface not DMZ interface???

    I don't know what your DMZ range would be, but the NAT exclusion would look something like this:

    -Orig. Src. ----- Orig Dst. -- Orig Serv. ----- Trans Src -- Trans Dst -- Trans Serv.
    (DMZ...
  63. Re: NAT on external interface not DMZ interface???

    What do your NAT rules look like? Do you have a NAT exclusion rule for your DMZ subnet when talking to RFC1918 IPs?
  64. Replies
    4
    Views
    3,799

    Re: Checkpoint firewall syslog messages

    I was referring to the opposite way, Check Point ==> syslog. I haven't played with sending ASA syslogs to Tracker, but it would make searching for ASA hits a lot easier.
  65. Replies
    4
    Views
    3,799

    Re: Checkpoint firewall syslog messages

    Check Point logs messages in syslog itself looks pretty bad. Tracker is obviously a better and faster way to look at logs. There are no message ID types in the form like Cisco has, but you'll see...
  66. Replies
    11
    Views
    22,280

    Re: how to check the failover time in checkpoint

    1. Typically there are several 'Control' messages logged from each firewall when a failover happens, and they'll all show as cluster_info not sys_message. It'll show something like "(ClusterXL)...
  67. Replies
    11
    Views
    22,280

    Re: how to check the failover time in checkpoint

    I agree, those are a ton of logs to drop because of high load. I'm assuming to saw traffic logs from fw1, then caused a failover and now fw2 is logging your production traffic and only Control...
  68. Replies
    6
    Views
    2,049

    Re: High SI load which doesn't go down

    How busy is your firewall? Typical number packet rate, connections, throughput, etc. Do any of those increase when SI is high? Is there a running process that is showing high CPU during this time?...
  69. Re: UTM-1 570 fresh install hangs Extracting SecurePlatform software

    Which ISO file did you download? Which version of ISOmorphic did you use to make the USB drive?
  70. Replies
    5
    Views
    1,871

    Re: Best way to upgrade from R65 to R75

    Sorry, your description is a little confusing. Are these two separate managment environments installed on open server? Do you have spare hardware to use or only what is listed?
  71. Replies
    4
    Views
    1,627

    Re: Backup not working from secondary firewall

    Instead of SCPing with the scheduled backup, you can have it save locally. Then, you can and write a separate script to manually transfer the file and if it fails, have it notify you.
  72. Replies
    1
    Views
    1,112

    Re: migration from Splat r70.50 to GaAA

    No, that's the correct link for the GAIA version of R75.40. The link says it's the fresh install package for open servers and all appliances. Just like SPLAT is an operating system, GAIA is what...
  73. Re: Unable to load SPLAT on Poweredge R720...any version including R75.45 ???

    Looks like the ISO for Open Servers is available on CP's website. Same link is listed for Management and Security gateway: http://supportcontent.checkpoint.com/file_download?id=20008 Personally I'm...
  74. Replies
    2
    Views
    1,434

    Re: ping works, cannot browse

    Agreed, more detail is needed. To add to the comments above from mcnallym, is SecureXL enabled?
  75. Re: Unable to load SPLAT on Poweredge R720...any version including R75.45 ???

    Gaia has a different kernel and different drivers when compared to SPLAT. Eventhough the version number for Gaia and SPLAT may be the same, there are quite a few differences, including software...
  76. Re: scheduled backup in SPLAT fails cause password goes missing.

    What do you mean gone missing? Could you post that screenshot? I'm assuming you're having the backup automatically transfer to a remote server? Could you have the backup saved locally and write a...
  77. Replies
    4
    Views
    1,728

    Re: How to size the open server right

    For an open-server, 1000 users is virtually nothing. If you get a server with at least 6gb, then you can use GAIA in 64bit mode. Installing 64gb of RAM is waaaay overkill IMO for just a FW gateway....
  78. Re: Checkpoint SPLAT NGX (R65) static routing question

    I think even with OSPF running, only one of the static routes will be used. Router A is picked because it has the lowest IP.
  79. Replies
    4
    Views
    1,728

    Re: How to size the open server right

    Basically any new (and supported) server you buy from IBM/Dell/HP etc. will be able to do what you need with no trouble at all. I'd get at least 4gb of RAM and any multi-core processor should do. ...
  80. Replies
    3
    Views
    1,770

    Re: dbedit on secure plateform

    It's really easy to screw up your Check Point installation by messing around in dbedit. The same can be said for a Windows computer and the registry. It looks like you found ofiller, stick with...
  81. Replies
    1
    Views
    1,377

    Re: R60 Upgrade to R75 (Parallel build)

    Unfortunatly, you'll have to do an intermediate build somewhere along the way to get to R65 or R70 and then take another upgrade_export from there to bring into R75 (and I assume then R75.40 or...
  82. Replies
    5
    Views
    1,389

    Re: ClusterXL for L2 link

    According to the Bridge/Transparent Mode FAQ (sk41320), ClusterXL is not supported on bridge interfaces.
  83. Replies
    7
    Views
    2,012

    Re: Maximum Policies a Smart-1 can handle

    Yeah, you can make it a bi-directional rule, but I don't see the point especially when you already know your 10.128.19.8/29 network doesn't have port 9971 open and the 5 hosts on 10.128.64.x do. ...
  84. Replies
    7
    Views
    2,012

    Re: Maximum Policies a Smart-1 can handle

    Hi Bryan,

    It looks like what you should be confuring on the Check Point side is just a uni-directional rule based on the lines from the PIX ACLOUT you posted. On the PIX side, you're only...
  85. Replies
    7
    Views
    2,012

    Re: Maximum Policies a Smart-1 can handle

    I don't believe there are any free tools available to consolidate your ruleset. If you want to purchase something, Tufin SecureTrack and Athena FirePAC are two products that have firewall rule...
  86. Re: Smart Center Server Upgrade process from 70.30 to 75

    Personally, I prefer the '6.2' method or at least performing it on like hardware in a lab environment and swapping hard drives to do the upgrade. This way, your backout method is guarenteed by...
  87. Replies
    3
    Views
    4,479

    Re: Policy installation too slow

    Since you're running in a standalone configuration, there probably isn't much you can do. Your appliance is utilizing swap space and I would suggest upgrading the RAM if possible. On some of the...
  88. Replies
    7
    Views
    2,310

    Re: UTM CLuster Smartcenter License issue

    As far as I'm aware, the management server itself has always required a license. In fact, if you have a stand-alone management server without a license, you won't even be able to login to it via...
  89. Replies
    7
    Views
    2,310

    Re: UTM CLuster Smartcenter License issue

    This makes sense that the issue came after an upgrade when moving the management server to it's own machine. (Personally I wouldn't use a Windows server as your management server, but that's your...
  90. Re: Power-1 appliance 11065 throughput performance

    Any new results with multiple PCs or many iperf threads?
  91. Replies
    7
    Views
    2,310

    Re: UTM CLuster Smartcenter License issue

    Yes, the SmartCenter server itself should have a license
  92. Re: Power-1 appliance 11065 throughput performance

    Just to make sure SecureXL is applying to your testing traffic, create a specific rule for that particular source, destination and port. I don't believe SecureXL can act on a single "any any accept"...
  93. Replies
    3
    Views
    4,479

    Re: Policy installation too slow

    Are you running the management server from your firewall gateway? What are the specs of your firewall? What is the memory usage (run free -m from the CLI)
  94. Re: Power-1 appliance 11065 throughput performance

    No, your 1.3.47 driver is much older than the 3.2.24 version I suggested trying since the interrupt coalescing bug in the driver has been fixed. I'm pretty sure it's on GAIA, but not R75.40 SPLAT. ...
  95. Re: Power-1 appliance 11065 throughput performance

    What version of the ixgbe drivers are you using? Everything before 3.4.24 has bug that artificially limits throughput. Fixed in Gaia I believe, but not included in SPLAT so far. TAC can provide an...
  96. Replies
    2
    Views
    1,019

    Re: Low priority member is always Active

    That's odd. Run "cphaprob state" on both and post the results. Should be the same on both
  97. Replies
    4
    Views
    1,562

    Re: UTM-1 450 Migration

    All 2012 appliances should outperform your current UTM-1 450. The 22xx series are desktop firewalls, so you should probably look at the 42xx series which can be rack mounted.[/QUOTE]

    Correct. All...
  98. Re: New CP Aplliance Check Point 2200 (4xxx 21xxx..) with more powerfull CPU

    The 4400 model is 1x Intel Celeron Dual-Core E3400 2.6 GHz with 4GB RAM
  99. Re: Backup smartcenter server management - problem

    You can also FTP the file off to an FTP server on your network.
  100. Re: dmesg | more

    Usually a the very first thing outputted by "dmidecode" is the BIOS information. Mine says Vendor: HP along with the BIOS version. If you scroll to the next section it should also give you the...
Results 1 to 100 of 405
Page 1 of 5 1 2 3 4