CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: (ccc)

Search: Search took 0.00 seconds.

  1. Replies
    1
    Views
    1,282

    The "Escalate" button

    Hi Friends,

    Maybe in the user center you saw the Escalate button and thought you would make your ticket get solved faster by escalating it. A great idea.

    Unfortunately this is badly labeled and...
  2. Replies
    8
    Views
    1,786

    Re: Check out this firewall my wife and I made.

    It's always good to have a layered security solution
  3. Re: Anyone with lab running R75.anything + dynamic routing test something?

    This describes defining custom pnote (and in later versions, userspace process monitoring); maybe you could use it for routed: http://supportcontent.checkpoint.com/solutions?id=sk92878

    Do you...
  4. Re: Anyone with lab running R75.anything + dynamic routing test something?

    I'll see if I can get one to try with tomorrow if nobody else has done it yet.
  5. Replies
    7
    Views
    1,840

    Re: New logical volume disappears after reboot

    I've told them I think the clean solution will be to take it offline and actually reclaim that 18G of swap (which appears to be on a real partition currently). Otherwise, we've found that it works if...
  6. Replies
    7
    Views
    1,840

    Re: New logical volume disappears after reboot

    I don't know, it's weird. Customer found that one MDS has a larger swap and they want them to match for some reason. Actually not sure why I said larger, because the large one right now is 18GB so if...
  7. Replies
    7
    Views
    1,840

    Re: New logical volume disappears after reboot

    Thanks, but I double-checked in the VM and it seems that this only handles viewing the current volumes and changing the sizes of lv_current and lv_log. The script is just a front-end, nothing you...
  8. Replies
    7
    Views
    1,840

    New logical volume disappears after reboot

    I am no stranger to finding that Check Point has blown away my changes but this is on a whole new level.

    Here is how I added the new logical volume (customer wants a larger swap and this was...
  9. Replies
    2
    Views
    1,575

    Re: Gaia web portal - Backup vs Snapshot?

    Comparison charts here:

    https://www.cpug.org/forums/showthread.php/15796-The-Best-One-Page-Summary-of-Check-Point-System-Backup-Procedures-and-Best-Practices

    Snapshot is a disk image. In Gaia,...
  10. Replies
    5
    Views
    1,652

    Re: Internal Server Fault when pushing policy

    I don't see any "ERROR" lines in that log, but here are some SKs that may provide a lead :

    http://supportcontent.checkpoint.com/solutions?id=sk94632 ...
  11. Replies
    19
    Views
    7,603

    Re: Bash Vulnerability

    I have some interesting hits on my box so far.



    nginx-access.log:209.126.230.72 - - [25/Sep/2014:01:41:36 -0500] "GET / HTTP/1.0" 444 0 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan...
  12. Replies
    19
    Views
    7,603

    Re: Bash Vulnerability

    So we can see that our bash is vulnerable in that it will keep parsing commands after the function definition has ended, but is there a real attack vector from the outside? That is, putting aside...
  13. Replies
    1
    Views
    1,371

    "Forbidden" when attempting to reply to thread

    Received message: http://bpaste.net/show/FI2Xz33axdSYCmO3VB5q/

    When trying to post: http://bpaste.net/show/uOzObkNZB7fS9KHwoZWe/

    To:...
  14. Replies
    4
    Views
    2,133

    Re: customer partition?

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94671

    This has some info on resizing the LVs, if you scroll past the VMWare stuff.
    ...
  15. Replies
    8
    Views
    7,578

    Re: Adding disk space to /var/log - best method

    Yes, you can definitely resize the logical volumes instead of reinstalling entirely. Space can be taken away from the unallocated space left for snapshots or from existing volumes.

    SK100329 talks...
  16. Re: Path issue in cron job for web visualization tool

    Is the csh script started with #!/bin/csh?

    You could try:

    SHELL=/bin/csh
    * * * * * /path/to/file.csh
  17. Replies
    2
    Views
    5,423

    Re: Checkpoint GAIA Web UI not loading

    Is it a gateway or manager? Is other traffic passing, or only traffic not destined directly for the gateway? What policy is loaded in 'fw stat'? Does it have rules to allow connection to the relevant...
  18. Re: how to make the gateway send logs to the domain server public ip

    Try editing $FWDIR/conf/masters

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk38848

    "Verify the contents of $FWDIR/conf/masters...
  19. Re: you can not access the SmartDashboard, message GUI

    Check that the loopback interface is properly defined in /etc/sysconfig/netconf.C



    : (conn

    :ifname (lo)

    :type (6)
  20. Re: you can not access the SmartDashboard, message GUI

    Turn on debug
    # cpd_admin debug on TDERROR_ALL_ALL=5

    Stop the cpd process
    # cpwd_admin stop -name CPD -path "$CPDIR/bin/cpd_admin" -command "cpd_admin stop"

    Find the cpd process ID
    # ps aux...
  21. Replies
    9
    Views
    1,527

    Re: Spam in logs "ps: At _nss_tacacs_getpwnam_r"

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk93447
  22. Re: A certificate with this name already exists, please specify a different name and

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk41962
  23. Replies
    9
    Views
    1,527

    Re: Spam in logs "ps: At _nss_tacacs_getpwnam_r"

    I checked again and it seems I got mixed up. Someone provided a fix for a different recurring log entry, but noted that the one we're seeing is cosmetic only. It was fixed in Gaia+ R75.40 and in...
  24. Replies
    9
    Views
    1,527

    Re: Spam in logs "ps: At _nss_tacacs_getpwnam_r"

    The guy on this CR just said 'syslog flag was changed to debug' (causing the problem), so I'll e-mail him and see if he knows where. Could be some compile-time option.

    Edit: Looks like there are...
  25. Replies
    9
    Views
    1,527

    Re: Spam in logs "ps: At _nss_tacacs_getpwnam_r"

    Maybe it's somewhere else. You could try "grep -r SYSLOG_OPTIONS / | less" and see if it's set elsewhere, but otherwise I'm not sure.
  26. Replies
    9
    Views
    1,527

    Re: Spam in logs "ps: At _nss_tacacs_getpwnam_r"

    Found a known issue in which "_nss_tacacs_getpwnam_r appears every minute" due to "syslog flag was changed to debug" (maybe left there accidentally by dev).

    Check in /etc/init.d/syslog for the -d...
  27. Re: DLP doesnt work when using chrome browser and gmail upload attachment

    I found an SR with this issue in R77.10 (opened 3rd April). It's acknowledged by R&D as a known issue and they're working on a fix.
  28. Re: Firewall CPU reached 100 % - Checkpoint server FWD process stopped abnormally

    Is it at any consistent time or after some particular action?

    Try this if you don't have to wait too long and let the logfiles grow:
    ...
  29. Replies
    5
    Views
    3,213

    Re: Could not connect to Monitoring blade

    Uncheck the monitoring blade, push policy, then check it and push policy again, and see if the problem still happens after that.

    Or 'rtmstop' then 'rtmstart'.

    'rtmstat' may show some useful...
  30. Replies
    3
    Views
    1,416

    Re: Removed eval license now I can't push policy

    Do you have licenses installed other than eval? What about for monitoring?

    Post the output from 'cplic print' please.
Results 1 to 30 of 33