CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: 20100

Search: Search took 0.00 seconds.

  1. Replies
    10
    Views
    3,908

    Re: Vulnerability on firewall itself

    Thanks, will do.

    Last month, for UTM-1 it said it was fixed by firmware 8.2.64n. Now it says there will be a new firmware for it!
    Hopefully this time would be the good one!

    Cheers
  2. Replies
    10
    Views
    3,908

    Re: Vulnerability on firewall itself

    Me again!
    I read the latest threads with interest, but I still have similar issues with our small UTM-1 Edge units.
    When I originally got these issues a couple of months, I focused on our main...
  3. Re: update from R77.20 to R77.30 Installed with Errors

    Thanks for the tip.

    Just as well I did wait a night (and read your post) before even attempting the upgrade of the 2nd gateway.
    Just for testing purpose , I stopped the active gateway (on...
  4. update from R77.20 to R77.30 Installed with Errors

    Hi
    Just upgraded the management VM from R77.20 to R77.30 no issues
    Then upgraded the passive gateway from R77.20 to R77.30. Seemed to work fine.
    Smartview Monitor shows it is now running R77.30. ...
  5. Re: Message "Please wait while updating the deployment agent"

    Thanks for your help. I needed Checkpoint support help for this, as I could not figure out why the latest version on CP web site for the manual agent was different from the gateway that had been...
  6. Replies
    10
    Views
    3,908

    Re: Vulnerability on firewall itself

    Thanks everyone for your input. I will have a good read and look through all your info and hopefully will make progress for this.

    Thanks again
  7. Message "Please wait while updating the deployment agent"

    Hi
    Decided to update our 2 gateways with latest Hotfix (6 May). No issue with the first gateway.
    With the second one, it keeps trying first to update the Deployment Agent. Not sure why, I did not...
  8. Replies
    10
    Views
    3,908

    Vulnerability on firewall itself

    Hi

    I am revisiting a thread I started 18 months ago: https://www.cpug.org/forums/showthread.php/19739-external-access-to-firewall
    but thought to create a new one, as we are now running R77.20. We...
  9. Replies
    9
    Views
    4,979

    Re: IPSEC VPN with Amazon VPC

    Hi

    Looks like a known issue: https://forums.aws.amazon.com/thread.jspa?messageID=523250&#523250

    The secret password seems to be limited to 25 characters on the UTM

    I can try pushing Amazon...
  10. Replies
    9
    Views
    4,979

    Re: IPSEC VPN with Amazon VPC

    Hi

    I cannot be 100% sure of what devices are in front the UTM devices. In one branch it is a Cisco router, but we are not nating
    On the other one, the UTM is directly plugged onto the telco MTU....
  11. Replies
    9
    Views
    4,979

    Re: IPSEC VPN with Amazon VPC

    Hi

    I tried the VPN route based setup and got a similar result.
    I used the sniffer and Wireshark, but to be honest, I did not know what I needed to look at.

    I only found the following error...
  12. Replies
    9
    Views
    4,979

    Re: IPSEC VPN with Amazon VPC

    Hi

    Thanks for the link. I was able to download the document. Looks complex to me. I will read in details. I did not have to go through all that on the R77 Gaia

    I tried a third tunnel with...
  13. Replies
    9
    Views
    4,979

    Re: IPSEC VPN with Amazon VPC

    Hi, the CLI is very basic ( either via http or ssh) and there is no equivalent to vpn debug ikeon/etc

    Mcnallym, unfortunately I do not have the correct privilege to download the first document you...
  14. Replies
    9
    Views
    4,979

    IPSEC VPN with Amazon VPC

    Hi

    We are trying to establish a site to site VPN with one of our AWS VPC.
    First we tried with our main site (running Gaia R77) and it worked great.
    Then we have been trying with another branch...
  15. Replies
    4
    Views
    2,263

    Re: external access to firewall

    Thanks guys

    I did not know about this setting. It was configured the correct way. I also tried with the internal interfaces.
    I did some extra testing, and I was wrong to start with. The port is...
  16. Replies
    4
    Views
    2,263

    external access to firewall

    Hi

    We just replaced our Secureplatform servers with Checkpoint Appliances running Gaia R77.10.
    On the 2 appliances, host access has been restricted to one internal IP address (removed the default...
  17. Replies
    0
    Views
    1,503

    Management on 2200 Appliance

    Hi

    Been running Splat on Openserver for years, just moving to appliance with Gaia.

    Been able to configure the 2 new gateways, setup new management, export/import policy and install. Great!
    ...
  18. Replies
    8
    Views
    3,409

    Re: Upgrading R65 to R71. Compilation failed

    Hi

    Yes the sk44287 worked for me. I cannot find it anymore, but from memory, it looks like the other one you mentionned, but perhaps with a bit more to do.
  19. Re: Endpoint Security E75.10 client constantly disconnects

    Here is what fixed it for me at the end:
    In $FWDIR/lib/implied_rules.def
    change the line
    #define ENABLE_TUNNEL_TEST
    to
    //#define ENABLE_TUNNEL_TEST

    Open SmartDashboard and add tunnel_test as...
  20. Re: Endpoint Security E75.10 client constantly disconnects

    I have done further testing.
    I have similar issues with SecureRemote E75.10
    As soon as nothing is typed within 30 seconds, it disconnects.

    I have found a workaround: doing a permanent ping to an...
  21. Re: Endpoint Security E75.10 client constantly disconnects

    Hi

    I have a similar issue
    I just upgraded from R65 to R71.30.
    I have licences for Secure Client.
    As soon as I connect to the site, within 30 seconds, it disconnects.

    What licences is...
  22. Replies
    1
    Views
    3,355

    Re: Nat issue from upgrading from R65 to R71

    I solved the issue (which I created in the first place!):
    I installed a web server on the DMZ host, and then I was able to access it via both the internal and external address from the LAN.
    It is...
  23. Replies
    4
    Views
    2,036

    Re: One Member is always Active

    Hi Guys

    Thanks a lot for your help.
    At the beginning I could not figure out the core things, as the 2 boxes have the same number of CPU cores, but you were referring to CoreXL.
    By running...
  24. Replies
    4
    Views
    2,036

    One Member is always Active

    Hi

    Running 2 Splat R71.30. Clustering is configured as HA, New, with "Maintain current Active Member Cluster" upon cluster recovery.

    If I stop FWB, FWA becomes 'Active'. As soon as I restart...
  25. Replies
    1
    Views
    3,355

    Nat issue from upgrading from R65 to R71

    Hi

    Doing a Static Nat one to one in the DMZ lan (ie 10.1.2.3 translated to 200.1.2.3).
    From the Lan (192.168.1.x), we can ping 10.1.2.3 but not 200.1.2.3. Then a few minutes, we can ping...
  26. Re: VPN tunnel between Checkpoint and Racoon with IPSec

    Pas trop d'autres idees, je ne connais pas iptables, racoon, etc.

    As-tu essaye locallement d'avoir un autre reseau avec un serveur M$ et joindre le domain controlleur du reseau principal?
    Ca te...
  27. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    Hi

    Just to let you know that I managed to get a new kernel patch from Checkpoint and the Intel Pro NIC seem to work now.

    I do hope it will be included automatically in the next releases, as it...
  28. Re: VPN tunnel between Checkpoint and Racoon with IPSec

    Salut

    Ce n'est probablement pas un probleme Checkpoint ou Racoon.

    Verifies que 'netbios over tcp/ip" est selectionne dans la propriete de ta carte reseau

    Verifies que le traffic ne soit pas...
  29. Thread: Finding NIC

    by 20100
    Replies
    6
    Views
    2,157

    Re: Finding NIC

    Thanks guys

    That really helped. It allowed me to identify our NIC by plugging a switch on each port one by one.

    Regards
  30. Thread: Finding NIC

    by 20100
    Replies
    6
    Views
    2,157

    Finding NIC

    You know, when installing from CD, at some stage it comes with a utility that allow to display all the NIC with their ethx number and if there are physically connected.

    By plugging a cable in each...
  31. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    Hi guys

    My issue is completly different. none of my certified Intel NIC are working in R71 and R75. When installing from CD and testing the NIC, it does not detect the Intel cards, but it detects...
  32. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    forgot to paste the link for the Certified NIC:
    -
  33. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    Hi

    I removed the NIC from the server just to make sure.
    They are 82546EB, Intel Pro/100MT Dual Port Server Adapter

    I have 4 NIC (2 per server) with both Dual port.
    3 of them have an Intel...
  34. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    Thanks. I have a support contract via our reseller, so do not have direct access to Checkpoint support.
    So far, the reseller has not been able to get anything yet.
    By chance, would someone else be...
  35. Re: Upgrade from SPLAT R65 to R71. Nic no longer work

    I just tried to install R75 and when testing the nic, at the beginning of the process, it still does not work with the 2 x Intel dual port NICs. Same on the other server.

    Anything else I can do?
    ...
  36. Upgrade from SPLAT R65 to R71. Nic no longer work

    Hi

    2 security gateways running R65 with some Broadcom and Intel Nic. I have upgraded to R71 and all connectivity is lost.
    I looked at the file that contains the mac address (I already been caught...
  37. Replies
    8
    Views
    3,409

    Re: Upgrading R65 to R71. Compilation failed

    Thanks

    I have a support contract but via a reseller, so unfortunately I cannot access the 'expert' area.

    I will keep chasing the reseller
  38. Replies
    8
    Views
    3,409

    Re: Upgrading R65 to R71. Compilation failed

    Thanks, it looks like it is the case.
    Unfortunatly, I have not been able to find the sk44287 you refer to, nor been able to find the relevant information in the knowledge base.

    As I am not using...
  39. Replies
    8
    Views
    3,409

    Re: Upgrading R65 to R71. Compilation failed

    Sorry to get back so late. I managed to screw up the Management server by removing what I thought old Checkpoint packages!

    I have reloaded the image and performed an IPS update. Still the same...
  40. Replies
    8
    Views
    3,409

    Upgrading R65 to R71. Compilation failed

    Hi

    We have 2 Splat gateways and a Windows Management. I have upgraded the Management from R65 to R71 and the first Splat gateway.

    Before upgrading the Management, I ran the verification tool:...
  41. Replies
    2
    Views
    1,952

    Re: Adding a VLAN. routing and clustering

    Thanks a lot
  42. Replies
    2
    Views
    1,952

    Adding a VLAN. routing and clustering

    Hi,

    I would like to change the main LAN interface onto VLAN to create an extra LAN using our L2 switch. Normally, to link VLANS it is necessary either to add a router in the picture or use a L3...
  43. Replies
    4
    Views
    1,612

    Re: Adding a new Subnet

    Thanks for your help so far.

    I have tried the 1st method today, but I have not been able to get it going:
    a) I have added the second IP in the interface using sysconfig. I noticed it created...
  44. Replies
    4
    Views
    1,612

    Re: Adding a new Subnet

    Thanks a lot

    >A few options.

    >1. You can add a second IP address to the interface
    That sounds good! Can 2 subnets be on the same physicall lan?

    >2. Convert you interface to a "Trunk" and...
  45. Replies
    4
    Views
    1,612

    Adding a new Subnet

    Hi, not sure I am in the right topic.
    Pretty new to all this, so hopefully someone will give me a head start:

    We are using SecurePlatform.

    We need to add another subnet without adding another...
  46. Replies
    10
    Views
    4,200

    re: Is SSL Network Extender the answer?

    Thanks guys. Looks like Connectra or Citrix are the answers. Not cheap solutions for both of them. I will have a closer look at both.
  47. Replies
    10
    Views
    4,200

    Is SSL Network Extender the answer?

    Hi,

    Not sure if it is the right place within the forum to ask:

    We have site to site VPN with partners, but only allow traffic from our office to theirs.

    From time to time we have staff...
  48. Re: 'Policy Server Down' after RX61 to RX65 Upgrade

    Hi,

    Yes you are right. the process is not running.
    I had a look in the logs and found numerous lines of "ndb_open : mmap failed for /opt/CPfw1-R55/database/SC.NDB: Cannot allocate memory"

    I...
  49. 'Policy Server Down' after RX61 to RX65 Upgrade

    Hi,

    Just upgraded the (Windows) SmartCenter from NGX61 to NGX65 OK.

    Next, upgraded the (Secure Platform) stand-by Cluster Gateway, but it comes with "problems" with "The security policy is not...
  50. Replies
    2
    Views
    2,399

    Re: Internal Routing Issue

    Just adding: I also have unchecked in Global properties menu (under "Stateful Inspection -> Out of state packets")
    But it still does not work
  51. Replies
    2
    Views
    2,399

    Internal Routing Issue

    Hi,

    We have a NGX R61 firewall. We have linked our 2 offices with Cisco routers. From the main office we can access all the boxes from the other office, but the reverse does not work.
    There is an...
  52. Thread: Cannot use skype

    by 20100
    Replies
    2
    Views
    2,505

    Re: Cannot use skype

    Thanks you put me on the right track!

    By looking at the smartdefense querry, I saw "SSLv3 malformed packets" error messages.
    So, I looked further in Smartdefense and in "VPN Protocol", "SSL...
  53. Thread: Cannot use skype

    by 20100
    Replies
    2
    Views
    2,505

    Cannot use skype

    Hi,

    Since upgrading from R55 to R61, skype does not work anymore.

    From the logs, it looks like Smartdefense is blocking traffic on port 443, but there is no rule number.

    Traffic from the LAN...
Results 1 to 53 of 53