CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E



Type: Posts; User: speculatrix

Search: Search took 0.00 seconds.

  1. Thread: pfsense

    by speculatrix

    Re: pfsense

    thanks for that. we're using pfSense on dedicate servers and are very happy, a colleague/friend has a small colo with games servers behind it and gets excellent performance, so it's good to know we...
  2. Thread: pfsense

    by speculatrix


    previous job was a big bank and they liked checkpoint very much. current job is a startup and whilst checkpoint, especially the VPN stuff for remote workers would be nice, we've gone with pfSense for...
  3. Replies

    Re: Problem with Hash...............

    we had a similar related problem. Using a pair of Nokia IPSO + NG54 with ClusterXL in multicast mode.

    Someone had added a new interface to the firewall, but not completed the cluster configuration...
  4. Replies

    Re: The impending doom of DST

    it makes sense to run all sites as GMT or UTC and do no time switching at all, thus avoiding problems with different time zones changing at different times round the world.
  5. Replies

    Re: VPNs and NAT

    because we're using ad-hoc vpn, there's no encryption domain. I guess I could create a community for this particular vpn (it's all historical problems, sigh).

    can we have "disable nat inside...
  6. Replies

    Re: what the heck is a Route based VPN ?

    how do route based VPNs work in conjunction with NAT?

    could this work in the following scenario...

    you have natted internal IPs and want to statically nat them to real IPs before presenting the...
  7. Replies

    VPNs and NAT

    thanks for taking a look at this.

    We have a problem with getting a VPN set up to a partner company who are using Cisco 7206VXR. We are using ad-hoc vpn with shared secret (define interoperable...
  8. Re: Route based VPN between CP NGX R60 and PIX

    one good thing about having the other vpn termination device being a PIX is that it can give you a lot more useful information about what is going on - checkpoint won't tell you what it proposed for...
  9. Re: corrupted objects database - missing secure client groups

    well, good news. another department had Acronis backup/clone utility, so we got hold of another DL380 and cloned the entire system onto it (Acronis, you're magic, I highly commend you!!)

    We then...
  10. Re: corrupted objects database - missing secure client groups

    thanks for that. I have been exploring the file system and looking for the file which contains the users... interestingly, it seems that CP keeps a sequence of copies of the file fwauth.NDB with...
  11. Re: corrupted objects database - missing secure client groups

    aha, I found upgrade_export.exe and upgrade_import.exe, so I am trying those out.
  12. Re: corrupted objects database - missing secure client groups

    thanks for coming back to me so quickly.

    I've searched for dbexport.exe, db.exe and export.exe but cannot find such a program... I am wondering if you are using some abbreviation or "shortcut"...
  13. corrupted objects database - missing secure client groups

    We've got a problem with our NGX-R60 checkpoint smart console... when we fire it up we see a sequence of pop-up boxes thus:

    rule 41 - cannot locate object XYZ-Secureclient@Any
    rule 42 - cannot...
  14. Re: HTTP Error Message "message_info: CONNECT command found in HTTP request"

    hmm, well, I couldn't find where to put it, we don't have a fwkern.conf on SPLAT-R55, so I created a startup-script instead.
  15. Re: HTTP Error Message "message_info: CONNECT command found in HTTP request"

    this is quite interesting. In the NGX control panel I can see the option, and ours is disabled, and YET we're still seeing the firewall deny the traffic.

    I used the command-line tool...

  16. Replies

    Re: WSE0020001 illegal header format detected

    I found this thread whilst trying to fix a problem where desktops couldn't see the remote proxy over tcp-8080. Despite verifying that my "http-proxy-tcp8080" service didn't have the "http" protocol...
  17. VPN and NAT of internal rfc1918 to public

    Thanks for reading this, I'm getting pretty desperate to solve this problem.

    I want to set up a VPN whereby a machine on 192.168 address is presented to the remote VPN endpoint as a public UP.
Results 1 to 17 of 17