CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Search:

Type: Posts; User: rajeevraj

Page 1 of 2 1 2

Search: Search took 0.00 seconds.

  1. Installation failed. Reason : load on module failed- failed to load security policy

    Hi,
    i have an Power-1 appliance running in cluster XL Load sharing Unicast mode. Now, today i was installing a policy on the firewall and the policy was installed with partial success stating the...
  2. Re: Installation Failed. Reason: Failed to Load Policy on Module. (Message from membe

    Do you run the IPS module on the gateways ?? if yes try disabling the IPS and install the policy hope it might help, not for fixing it but at least narrow down the area of issue.
  3. Replies
    4
    Views
    5,269

    Re: InfoView/pInfoView on Win7 & Win 7 XPMode

    A simple way to resolve this issue is the if you are using Win7 operating system then right click on the shortcut of the infoview icon and go to properties, then go to the compatibilty tab and check...
  4. Replies
    0
    Views
    2,417

    Does Confwiz work with R71.40

    Does ConfWiz tool work with checkpoint R71.40 smart center server? i was going through the Installation guide of Confwiz and it said the R71.40 version is not supported.!

    Although I completed the...
  5. Re: Smartreporter consolidation creation error on Smart-1

    check for the services if they are running or not. first one is smart reporter database and second is smart reporter server. this error comes when anyone of these services are stopped..i had the same...
  6. Replies
    6
    Views
    5,805

    Re: Rules permitting Netbios/Microsoft-DS

    there are some risks associated with these vulnerable ports and these can be misused as your firewalls dont help within VLANs until you have a personal firewall installed on the host machines or...
  7. Replies
    3
    Views
    4,678

    Re: Checkpoint UTM-1 appliance reboot

    as suggested by Robby,

    check for the log messages you might find clue what made the firewall to reboot...

    sometimes there are some bug which cause it and may be there can be bug with the...
  8. Security Power number and real world throughput??

    i would like to know what does security power number means in terms checkpoint appliances? i may be wrong in the terminology i used..pls correct if i am wrong :)

    what is the real world throughput...
  9. Replies
    2
    Views
    2,903

    Re: Failed in CCSE R71

    My advise to you would be

    To clear CCSE R71 all you need to study all the checkpoint documentation provided by checkpoint, i did the same for a very long time and i did clear with 84 % of marks.
    ...
  10. Re: How does IPS software blade work with other software Blades?

    thanks for the info bjoljo,

    can anyone explain me the detailed packet flow through the firewall.
  11. Replies
    7
    Views
    7,918

    Re: Packet Flow Through the INSPECT Engine

    wonderful post plamy.

    your post provokes me to know more on packet flow and inspection...
  12. How does IPS software blade work with other software Blades?

    Hi Guys,

    I was just going through the IPS admin guide and IPS-1 sensor guide, and a question came through my mind.

    How does the CP's IPS handle a connection and traffic whether before the...
  13. Replies
    1
    Views
    3,844

    Re: Passed 156-315.71 - CCSE R71

    i am planning to take up the CCSE R71 exam, can you please guide me through the topics where i should concentrate.

    cheers
    Rajeev
  14. Re: Help with a possible clustering issue - sessions not being sync'd?

    By looking at your fw ctl stat on both the gateways,
    I would check the cluster configuration and cluster running status as the cluster state sync packets are getting dropped as per the stats pasted...
  15. Re: Checkpoint NGX R65, Problem on installation of new rules on Cluster XL

    You can make the following checks.

    1. Check the SIC status from the management server to enforcement(Gateway) modules.
    2. Check the cluster status of both the gateways(status, errors etc..)
    3....
  16. Replies
    3
    Views
    2,479

    Re: Problem with CheckPoint cluster

    You may check the following,

    1. DNS entry on the firewalls if they are same and correct.
    2. Drops on the gateway using a tcpdump command, see how the packet are being worked while opening a page....
  17. Re: Nokia IP390 Cluster with state sync license Question

    Another thing i would like to add here for your setup is that you better keep the IPSO sync and Checkpoint sync in 2 different interface if available. Because recently i had faced a lot of issue with...
  18. Re: IBM Hiring in multiple locations: Atlanta, Detroit, worldwide.

    Hi,

    How much years of experience are you looking for ?

    Raj
  19. Replies
    2
    Views
    2,467

    Re: Hide NAT Problem

    Correct me if i have got you wrong...

    I think the host is able to go through to internet without the ISA because it is also hide nat behind the gateway,please check.

    If yes, then remove the...
  20. Replies
    1
    Views
    1,643

    Re: Upgrading from NGX R65 HFA70 to R7X?

    Before upgrading to any version please do see the release note and make sure you have properly taken the backup of the existing setup and noted each and every point which is to be considered in a...
  21. Replies
    3
    Views
    4,342

    Integration of RSA with Checkpoint R71

    Guys,

    Recently we upgraded our IPSO version and CP version to 6.2 and R71 respectively. Now i am not able to integrate My RSA 6.1 with the CP R71 as i follow the procedure i found that after...
  22. Thread: X11 problem

    by rajeevraj
    Replies
    6
    Views
    2,994

    Re: X11 problem

    I have seen a slightly different scenario i needed any communication between 2 clients in my network and still they were not able to communicate as X11 was not included in the ANY service and traffic...
  23. Replies
    4
    Views
    6,122

    Re: Match for Any

    Its always the best practice to have minimal no. of duplicate services on your rule base, to avoid problems and warnings.
  24. Re: Client Authentication vs Policy Installation

    There must be some similarity between rule No. 12 and Rule 13, thats why you are having the logs like mentioned by you.

    check the rule base..
  25. Re: SNMP on linux-based CP gateway - how to enable?

    Go through the below SK,

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34511
  26. Re: IPSO denies traffic sourced public ip to LAN interface

    Your vendor must be using your gateway's Public IP to poll the status of the device and not through LAN interface IP of your firewall to poll, which is impossible as your private IP will not reach...
  27. Re: CP Smartview Tracker R71.20 Does Not Open Completely

    can you upload any snapshot of the error? and do check the connectivity between your smartcenter and gateways.
  28. Replies
    4
    Views
    1,736

    Re: Moving license to new Public IP

    According to me its always best to use an Internal IP to generate the licenses to attach...as IPs belong to the gateway IP and they are not changed on usual basis...you will skip all the dependencies...
  29. Replies
    8
    Views
    3,675

    Re: VPN-1 crashing and shutting down tunnels

    I am using Nokia IP 690 and i am getting this error very frequently...any solutions yet?
  30. Replies
    3
    Views
    2,315

    Re: 1st Sync and 2nd Sync ?

    Is bonding of interfaces possible with IPSO??

    I have also heard of bonding in SPLAT platform but not in Nokia IPSO...could you please confirm that? How would bonding help in my requirement ?
    ...
  31. Replies
    3
    Views
    2,315

    1st Sync and 2nd Sync ?

    Hi Guys,

    In my clustered environment i have designed a 1st sync which takes care of the state synchronisation only and i have been observing the following errors drastically.

    Sync:
    ...
  32. Replies
    16
    Views
    7,011

    Re: Unused Policies on SCS

    I uploaded the checkpoint config file(OFFLINE) on the Tufin and i came accross few good things but, what i was expecting from tufin was to have a look at the unused rules defined on the checkpoint.
    ...
  33. Replies
    16
    Views
    7,011

    Re: Unused Policies on SCS

    I have installed tufin software on one of my testing linux servers..

    I want to know one this i would like to check my rules using the offline method, this software is asking for the checkpoint...
  34. Replies
    16
    Views
    7,011

    Re: Unused Policies on SCS

    Thanks buddy...

    I have requested for a demo for 30 days.

    It would be great if you can provide me with any download link wherein i can download it directly.
  35. Replies
    16
    Views
    7,011

    Unused Policies on SCS

    Hi,

    I have a very good number of rules defined on my rule base and i would like to improve my rule base. My main aim is rule out and remove all the unused policies which are defined on my rule...
  36. Replies
    4
    Views
    27,326

    Re: Passed CCSE R70

    I am planning to write CCSA and CCSE R70 cert. soon so if you could help.

    Can you share any links for downloading some CBTs for CCSA R70 and CCSE R70 ?

    Thanks in advance.
  37. Replies
    11
    Views
    6,063

    Re: Pre_Upgrade Verification Tool

    thanks buddy...

    I am planning to upgrade my SCS soon..what kind of errors are you talking about ?

    Could you please specify few of their types?
  38. Replies
    3
    Views
    2,886

    Re: Export rules and objects

    To which R7x you want to upgrade? You should be careful doing an upgrade and check the compatibilty and pre requisites too.

    Simple, You can use import/export tools to do that but it works only...
  39. Replies
    11
    Views
    6,063

    Re: Pre_Upgrade Verification Tool

    What does this Pre upgrade verifier do exactly ?
  40. Replies
    17
    Views
    6,661

    Re: Upgrading from R65 to R71

    how is your exp. with R71...if you could share.
  41. Replies
    9
    Views
    3,271

    Re: Downgrade R71 to R70.40 ?

    Whats the reason you are downgrading it from R71 to R70.40 ...why i am asking this because i am planning to upgrade my setup soon..it would be helpful if you could share.
  42. Replies
    8
    Views
    3,565

    Re: IP395 Unable to Connect to SNMP

    Its always a small and basic mistake which results into a big problem...

    the best practice is stick to basics...
  43. Replies
    8
    Views
    3,233

    Re: Poweroff command

    yes this was the only way i use to halt my gateways.

    Was this the correct method ? has there been any new modifications made on this ?
  44. Replies
    8
    Views
    3,565

    Re: IP395 Unable to Connect to SNMP

    Login to your voyager go to configuration-->system configuration-->SNMP and check for the configuration you have done there for enabling the SNMP on the IP appliance box. It mainly consists of SNMP...
  45. Replies
    4
    Views
    2,198

    Re: Leaving information security

    All the Best ..!!!
  46. Replies
    2
    Views
    1,492

    Re: Upgrade: R65 to R70

    @serlud
    I was wondering if you could share the info on What performance downgrade did you experience when using a Nokia appliance?


    @chaitanya
    Its better to upgrade it to R70 as R65 is going...
  47. Replies
    9
    Views
    4,839

    Re: Checkpoint Traffic Logs

    Yes you can do it...

    You can check for the option for deleting and managing these logs from your smartcenter Properties login to the smartdashboard, go to the SC object and go to "logs and...
  48. Replies
    9
    Views
    5,052

    Re: SecureXL and Connections Table modify?

    Cant we just kill the pid of that particular connection ?

    Would like to get some info on this as I have never done this before...
  49. Replies
    6
    Views
    2,338

    Re: encrypted packets not reaching destination

    When you are not able to receive the packet on the other side of the tunnel then i think that the tunnel is not up and running... even though it is showing UP on the SVM.

    Are you getting logs of...
  50. Replies
    4
    Views
    1,862

    Re: IP Clustering with different IPSO versions

    Cluster will work only with same version installed on both the gateways...

    What i will suggest you is that you do a fresh installation of boot manager and IPSO on both the gateways and try.
  51. Replies
    3
    Views
    1,919

    Re: Not seeing both sides of communication

    Are you talking about the 3 way handshake logs between 2 entitites?
  52. Replies
    8
    Views
    3,233

    Re: Poweroff command

    Even i used to poweroff my SPLAT using "shutdown" command and after my firewall has halted properly then i used to physically poweroff the power supply.

    Is this the correct way or is there any...
  53. Replies
    9
    Views
    4,839

    Re: Checkpoint Traffic Logs

    Why do you want to delete those logs ?
  54. Replies
    7
    Views
    2,108

    Re: Smart Center Server Redundancy

    I have imported backup a lot of times and i never had to attach licenses again...so i think we need not worry about licenses.





    Your passive server will work when you assign the production...
  55. Re: SVM shows WRONG Active Virtual Memory after Upgrading to R70.

    I have worked the similar setup in my previous organization and what you have suggested and implemented is far more secure and perfect....



    i can make use of these points ...thanks.
  56. Replies
    7
    Views
    2,108

    Re: Smart Center Server Redundancy

    I agree with Danielpb's answer to the requirement...

    All you need to do is export backup from live server and import the backup to the redudant server..

    By the way installing a secondary SCS...
  57. Re: Using secondary LAN interface of SCS to push policy

    i have to work out and think before i go ahead and try this thing let me think and try out this scenario...
  58. Replies
    7
    Views
    2,204

    Re: managing multiple gateways

    @mcnallym and @northlandboy...

    Thanks for input guys :)
  59. Replies
    7
    Views
    2,204

    Re: managing multiple gateways

    I have had my backup of R65 management server imported to New R70 management server and things were working fine for me.

    I would like to know why manual creating of objects ? wouldn't it be easier...
  60. Replies
    7
    Views
    2,108

    Re: Smart Center Server Redundancy

    You have an option to install a secondary SCS on your network...Yes for that you need a additional license for using a redundant SCS.

    Whenever your live SCS goes down you can push policy on your...
  61. Re: Using secondary LAN interface of SCS to push policy

    i agree with you northlandboy..

    But these certificates must have some identity(hostname or some other entity) of the existing SCS so that the certificate is established ? Because all the...
  62. Re: SVM shows WRONG Active Virtual Memory after Upgrading to R70.

    For this i need to convince my management...its a loooooooooong process..!!!

    I have worked on SPLAT box too and i do agree with you on the point that managing SPLAT box is more easy than a win 2k3...
  63. Using secondary LAN interface of SCS to push policy

    guys,

    The scenario which i am going to brief you all might be little tricky but let me try...

    I have a SCS(existing) in which i have only one LAN module installed through which i manage my...
  64. Re: R71 SmarrtDashboard: "This Rule is Disabled" tool tip in the NAT Rules

    Could you please brief more about the issue as i am planning to upgrade my SCS to R71.
  65. Replies
    6
    Views
    3,058

    Re: "Server is disconnected"

    Thanks buddy...

    Looks like i have to take your advice and keep saving my work time to time so that i dont loose my work...

    btw i will try to debug the processes..
  66. Re: Redirect Dropped/Rejected Connections in R65?

    you could use a Web Filtering feature to block users from accessing the web pages/sites and the checkpoint block page is informative too...i think even you can customize the block page instead of...
  67. Replies
    5
    Views
    1,779

    Re: New rule installed but traffic dropping

    If you are getting drop packets when you are trying to connect to the destination network...then the packets are dropping at your gateway...

    could you share more info on the dropped packet...?
    ...
  68. Re: SVM shows WRONG Active Virtual Memory after Upgrading to R70.

    My issue is with the Active virtual Memory utilization...i have installed my SCS on windows server 2003 R2 and waiting for thr right patch ..

    Has anyone got a perfect patch for this issue ?
  69. Replies
    6
    Views
    3,058

    Re: "Server is disconnected"

    Does the HFA60 release notes specify or mention anything about this issue ?
  70. Replies
    3
    Views
    2,312

    Re: SNMP monitoring problem

    I have personally enabled SNMP On my SPLAT gateways through the sk id which i gave you in my last post and i have been monitoring it on a private community string which works perfectly okay for...
  71. Replies
    6
    Views
    3,058

    "Server is disconnected"

    hi guys,

    It really starts irritating when you are continously working on the smartcenter server for hours together and suddenly you are popped up with the following message

    "Server is...
  72. Replies
    16
    Views
    7,238

    Re: SQLNET through FW1

    The second thing which came into my mind is that i am going to keep my agreesive aging to the default value and only increase the agressive aging for the SQLNET port 1521 which looks to me a better...
  73. Replies
    4
    Views
    2,036

    Re: FTP port redirect issue

    check your rule base you might be having some access polcy which prompts for the auth .....make sure you place the security rule which you have specified is placed top of that auth rule...
  74. Replies
    16
    Views
    7,238

    Re: SQLNET through FW1

    Allowing "out of state" is not the best practices and more over you have disabled a main feature of checkpoint firewall and which should be enabled. And more over anyone can flood your network with...
  75. Replies
    16
    Views
    7,238

    Re: SQLNET through FW1

    Yes i have increased the agressive aging to a certain limit and i will be observing it for few days and will let you know guys...i hope this should solve the issue and function properly.
  76. Replies
    16
    Views
    7,238

    Re: SQLNET through FW1

    i am getting the packets at the firewall....my gateway is processing the packets.

    what else i can do to know this issue clearly?
  77. Replies
    16
    Views
    7,238

    Re: SQLNET through FW1

    i would like to know that what Oracle protocols are you talking about which checkpoint doesnt support? Can you brief your statement


    i am facing a similar issue in my network one of my oracle...
  78. Replies
    3
    Views
    2,312

    Re: SNMP monitoring problem

    when you are changing the RO community string you need to change the string in 2 locations..

    you can refer sk34511 for more info on this....
  79. Replies
    8
    Views
    2,647

    Re: Packet Dropping during policy push

    I dont know about cisco but in checkpoint While pushing a policy the connections are disconnected and connected back without hampering the link between the client and peer....i dont think so the...
  80. Replies
    7
    Views
    18,294

    Re: “top” does not show all CPU cores.

    thanks for input yeah the "top" command doesnt work in IPSO 6.x and below but to the core utilization there is no option.....the only option you have is the following

    ^L - redraw screen
    q ...
  81. Replies
    1
    Views
    1,413

    Re: SIC - Explained

    following link should help you understand SIC

    http://www.cpug.org/forums/authentication/14403-sic-how-does-work.html
  82. Replies
    5
    Views
    8,315

    Re: SIC-How does it work ?

    thanks ShadowPeak.com..

    It was very informative and i appreciate the concern.
  83. Replies
    5
    Views
    8,315

    SIC-How does it work ?

    HI Guys,

    We all known that SIC is a very important and mandatory process for all checkpoint products. I know what SIC does and how to troubleshoot issue with SIC.

    But i always wondered how...
  84. Replies
    12
    Views
    6,975

    Re: Disable antispoofing for a subnet

    To my best of knowledge this feature should be kept enabled and known networks can be defined not to
    e checked.

    Does checkpoint suggest to disable anti spoofing on the interfaces?
  85. Re: NAT Problem on outgoing interface in Nokia IPSO

    Is the issue resolved ?
  86. Re: SVM shows WRONG Active Virtual Memory after Upgrading to R70.

    My both nokia boxes are showing me proper CPU utilization after updating the patch on them. My concern is for the Smartcenter server for which i got a patch from my support team but it did not work...
  87. Replies
    7
    Views
    18,294

    Re: “top” does not show all CPU cores.

    guys,

    what is command for viewing the core CPU load on Nokia IPSO ?
  88. SVM shows WRONG Active Virtual Memory after Upgrading to R70.

    HI Guys,

    I have recently upgraded my smartcenter from R65 to R70.20 and i also upgraded my Nokia Boxes simulataneously..

    After Sucessfully upgrading we observed that the active virtual memory...
  89. Replies
    9
    Views
    2,449

    Re: Migrating from R65 to R70

    1. Yes you can upgrade to R70 without license only if you choose not to use IPS and Core Features.
    2. Yes R65 support ends on March 2011
    3. Nokia IPSO 4.2 does not support R70 so you need to...
  90. Replies
    1
    Views
    1,094

    Error while logging into the SmartCenter

    hi,

    Sometimes when i login into smartcenter i get this error and for few minutes i am not able to login into the policy manager.

    I got some hint from sk12120 and followed it too but couldnt...
  91. Replies
    9
    Views
    2,449

    Re: Migrating from R65 to R70

    Even i have upgraded my IPSO firewalls to upgraded version 6.2 and Smart center to R70 and i have NOT activated the IPS and coreXL so not much of a difference migrating R65 to R70, just some graphics...
  92. Re: Local Interface Address Spoofing after swapping external address

    Try clearing the ARP of the ISP router.....hope it should work
  93. Replies
    0
    Views
    1,545

    Log files generated on smartcenter

    Can anyone help me with the type and functionality of the each type of log which we see on the smartcenter's directories..following are few logs which i could not figure it out.

    My smartcenter in...
  94. Replies
    26
    Views
    9,868

    Re: IPSO 6 CLuster in forwarding mode problems

    i had come across the same kind of issue with my Nokia IP690 when i was upgrading it to IPSO 4.2 from IPSO 6.2. The issue was that the services were working fine with one gateway and when put on...
  95. Replies
    8
    Views
    3,746

    Re: Multicast vs Unicast Mode

    Choice of using HA or LS depend totally on the amount of load which persists on your gateways.

    Just in case if load on one of the gateways is 25%-35% in LS mode then why do you need to run both...
  96. Re: NAT Problem on outgoing interface in Nokia IPSO

    i just wanted to highlighten the text.

    Sorry if it bothered...
  97. Replies
    8
    Views
    3,746

    Re: Multicast vs Unicast Mode

    I Agree...
  98. Re: NAT Problem on outgoing interface in Nokia IPSO

    The NAT rules which you are talking about are they Automatic NAT rules or Manual NAT rules ?
  99. Replies
    12
    Views
    9,554

    Re: Member state down but no other errors?

    can you tell me ..what error is it showing in the smart view monitor ?

    If you happen to go to the ClusterXL more information tab of the gateways you will find the status of all the interfaces and...
  100. Replies
    8
    Views
    3,746

    Re: Multicast vs Unicast Mode

    When talking about the multicast and Unicast mode you need to be sure that what kind of traffic you might be expecting in your network and If you are trying to use multicast mode then make sure you...
Results 1 to 100 of 119
Page 1 of 2 1 2