CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: mjensen

Search: Search took 0.00 seconds.

  1. Replies
    6
    Views
    2,726

    Re: How to enter maintenance mode in esxi ?

    Does anyone know if this is still true with R80.10 ?
  2. Re: ERROR in execval: optimization disabled: displacement too large

    I have a suspicion this error may be in the Application Control / URL filtering policy. I no longer use Check Point for URL filtering or Application control so I disabled those blades from all...
  3. Re: ERROR in execval: optimization disabled: displacement too large

    Thank you Tim. Yes, I do have host objects that have the same IP address as gateway object's interfaces. I will start by eliminating those and see if that resolves this.
  4. ERROR in execval: optimization disabled: displacement too large

    Hello,

    Has anyone seen this message before after installing a policy? - "ERROR in execval: optimization disabled: displacement too large"

    My SMS is running R80.10 and the security gateways are...
  5. ERROR in execval: optimization disabled: displacement too large

    Hello,

    Has anyone seen this message before after installing a policy? - "ERROR in execval: optimization disabled: displacement too large"

    My SMS is running R80.10 and the security gateways are...
  6. fw unloadlocal and routing daemon stopping?

    Hello,

    I have come across some conflicting information regarding the "fw unloadlocal" command and whether or not it stops the routing daemon on a Check Point appliance. I am not clear if it does...
  7. Replies
    2
    Views
    772

    Change Mgmt interface on appliance

    Hi,

    I have a HA active / standby cluster of two 15,400's running R77.30 and my SMS running R80.10.

    I currently have the management interface set to eth 2-07 which has a IP of 192.168.255.x. I...
  8. Re: HA Failover appears to be caused by sync interface

    I want to provide an update on this:

    Check Point TAC decided to RMA the second cluster member. I installed today and the Sync interfaces are now operating at 1000 Mbps / Full using auto...
  9. Replies
    3
    Views
    2,165

    Re: Disk space on SMS

    I ran cd / and then du -h and my SSH session has been scrolling showing these files for about five minutes now:

    4.0M ...
  10. Replies
    3
    Views
    2,165

    Disk space on SMS

    Hello,

    I have a SMS running R80.10 and started receiving messages in SmartConsol that "Partition /opt has: 1716 MB of free space and it's lower than required: 2000 MB".

    I ran the commands...
  11. Re: HA Failover appears to be caused by sync interface

    I was able to get my cluster back together correctly without a service interruption. Now I'm just back to the original problem of the sync interfaces not operating at 1000Mbps /full. I will try...
  12. Re: HA Failover appears to be caused by sync interface

    Hello,

    That is very interesting. I didn't know I could make a bond interface with only one member and I like your reason for doing it with sync interfaces.

    After several hours with support...
  13. Re: HA Failover appears to be caused by sync interface

    Am I supposed to be using a straight through cable for the sync interface or a crossover cable? Some clusters in my environment use straight through and others user crossover. I don't know if this...
  14. Re: HA Failover appears to be caused by sync interface

    I had the same issue happen again this morning. Is it possible for me to update the drivers of these NIC's or is that something only Check Point can do?
  15. Re: HA Failover appears to be caused by sync interface

    I was under the impression that drivers got updated with Jumbo Hotfixes. Is this not the case?
  16. Re: HA Failover appears to be caused by sync interface

    SECURITY GATEWAY 1

    [Expert@msgcu-intfw1:0]# ethtool Sync
    Settings for Sync:
    Supported ports: [ TP ]
    Supported link modes: 10baseT/Half 10baseT/Full
    ...
  17. Re: HA Failover appears to be caused by sync interface

    I replaced the cable twice with brand new CAT 6 and the sync ports are still negotiating at 100 / full. I also tried disabling the ports in the web gui and re enable ling with the same result.

    If...
  18. Re: HA Failover appears to be caused by sync interface

    How can I replace the sync cable without causing the two security gateways to freak out and possibly end up with a split brain?
  19. HA Failover appears to be caused by sync interface

    Hello,

    Yesterday my HA pair of Check Point 5800's experienced a unexpected failover. I was able to retrieve the local message logs and have included them below. If I am reading them correctly it...
  20. Re: Unable to install Jumbo Hotfix - failed to uninstall old

    I was able to uninstall take 303 by copying the repository contents from the other security gateway in the cluster to the gateway in question, stopping and starting CPUSE from the command line, and...
  21. Unable to install Jumbo Hotfix - failed to uninstall old

    Hello,

    I am trying to install Jumbo Hotfix Accumulator take 338 for R77.30.

    While troubleshooting a previous issue a deleted the contents (without fully knowing the consequences) of...
  22. Replies
    1
    Views
    450

    Strange block for VPN traffic

    Hello,

    I have attached a couple screen shots to this post. I have a host on my network (10.17.16.89) that sends udp-domain traffic through a IPSEC VPN. The DNS server on the other end of the VPN...
  23. Replies
    2
    Views
    2,715

    Re: Move VLAN interface between bond

    I had a similar issue yesterday moving VLAN interfaces between bond groups and the passive security gateway in the cluster remained down. After troubleshooting for a while I found that the Cisco...
  24. Replies
    0
    Views
    1,061

    Cisco OTV with Check Point

    Hello,

    Has anyone here every used Cisco's Overlay Transport Virtualization (OTV) data center technology in data centers with physical Check Point security gateways?

    I haven't been able to find...
  25. Re: Identity Awareness for Terminal Servers R77.30

    Thank you for the information. Is it possible to define multiple security gateways as "the server" to pull ID information from? I would like to avoid only one security gateway answering all of the...
  26. Identity Awareness for Terminal Servers R77.30

    Hello,

    I am running R77.30 and am attempting to setup Identity Awareness for Terminal Servers. In SmartDashboard I went into the Check Point objects and enabled Identity Awareness for Terminal...
  27. Re: Management Server HA two different data centers?

    I have a question regarding the two management servers in a real DR event.

    To fail over to the secondary server, per the Check Point documentation, I am to first login to the active server and set...
  28. Re: Management Server HA two different data centers?

    It turned out to be a routing issue for the passive members in each HA cluster.

    The second management server sent traffic to it's default gateway 10.x.x.1 (The VIP of the cluster), in this case...
  29. Re: Management Server HA two different data centers?

    Hello All,

    I have traffic from the secondary management server successfully passing to all security gateways after adjusting anti spoofing, except for two gateways.

    I have a internal HA pair of...
  30. Re: Management Server HA two different data centers?

    Hello,

    Moving the network the SMS is on in the active data center to the DR data center in an emergency isn't feasible. We plan on getting a dedicated log server in the future.

    I was able to...
  31. Re: Management Server HA two different data centers?

    Thank you for the feedback. With the primary SMS being the log server, will logs continually replicate to the secondary SMS?
  32. Management Server HA two different data centers?

    Good Morning,

    My organization currently has two data center, one active, one standby. We currently have only one Check Point SMS running on VMware and we are looking to add a secondary SMS on...
  33. Thread: SMB 750 ?

    by mjensen
    Replies
    0
    Views
    319

    SMB 750 ?

    Hello,

    Has anyone here every used a SMB wired 750 Check Point? I am considering purchasing one due to the fact these small devices can handle a DHCP IP from a provider really easy. I had a 600...
  34. Replies
    5
    Views
    609

    Re: Check Point DHCP Interface

    Got it! Thank you.

    I am running the security gateway and the management server separate. When I use the check box for
    dynamic gateway I receive an error that reads "Dynamic gateways can only...
  35. Replies
    5
    Views
    609

    Re: Check Point DHCP Interface

    Hi PhoneBoy,

    I can't find the option to define my security gateway as having a dynamic address. I am looking in the gateway object.
  36. Replies
    5
    Views
    609

    Check Point DHCP Interface

    Hello,

    I want to have a physical interface on my Check Point 4600 R77.30 receive a IP via DHCP. I go into the web portal and select the DHCP check box for my chosen interface. In SmartDashboard...
  37. Replies
    15
    Views
    4,006

    Re: SecureXL getting disabled

    Hello,

    I have different Security Gateway running R77.30 that shows Accept Templates are disabled from rule # 6 and disabled by IPS protections: storm center.

    I have attached a screen shot of...
  38. Replies
    15
    Views
    4,006

    Re: SecureXL getting disabled

    Good Morning,

    I removed the following services from the rule in question; snmp-read-only, icmp-proto, and snmp-trap. Accept Templates now show enabled. I left TCP 135 for now and will monitor to...
  39. Replies
    15
    Views
    4,006

    Re: SecureXL getting disabled

    Good Morning,

    I am having a similar issue where SecureXL accept templates are being disabled by my firewall rule # 15, however I am not able to determine exactly what in that rule is the cause.
    ...
  40. Replies
    1
    Views
    324

    Install R77.30 on a Desktop PC?

    Has anyone here ever installed R77.30 on an old desktop computer to turn it into a security gateway for lab purposes?
    I have an old desktop and I tried to install R77.30 from a bootable flash drive...
  41. Re: ISP Circuit Change and Check Point- assistance request

    We tried another turn up of the and migration with the new circuit last week and it was successful. The fault was on AT&T's end. They are using Edge Water routers that are Unix based with a built...
  42. Re: ISP Circuit Change and Check Point- assistance request

    Hello, the IP's stay the same. The ISP migrates the IP's from the old circuit to the new.
  43. Re: ISP Circuit Change and Check Point- assistance request

    We have a /26 block of IP's from the provider. From looking at the configuration of the providers router on the current working circuit I see that the first usable IP from the /26 is assigned to the...
  44. ISP Circuit Change and Check Point- assistance request

    Good Morning,

    My organization has a HA pair of Check Point 15400 appliances running R77.30 with Jumbo Hotfix Accumulator GA take 302.

    My organization has public IP's from our ISP for things...
  45. Replies
    8
    Views
    1,023

    Re: Max Processor Speed

    Thank you Bob. When I run dmidecode -t processor | grep Version, the speed shown there is what my security gateways are actually running at:)
  46. Replies
    8
    Views
    1,023

    Re: Max Processor Speed

    What confuses me is that I am not running open hardware and on page 37 of your book it reads "all processors should be running at maximum speed at all times."
  47. Replies
    8
    Views
    1,023

    Max Processor Speed

    Hello,

    I have 4 Check Point 5800 and 4 15400 appliances in my environment and when I run the dmidecode -t processor | grep -i "speed" command I am seeing some unexpected results.

    On all four of...
Results 1 to 47 of 47