CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E

 

Search:

Type: Posts; User: Dende

Search: Search took 0.00 seconds.

  1. Re: Adress Spoofing with Always On VPN RAS Server

    I can't see any problems!?

    [vs_0][fw_1] eth2:i[60]: 192.168.73.24 -> 10.90.90.13 (ICMP) len=60 id=5966
    ICMP: type=8 code=0 echo request id=1 seq=97
    [vs_0][fw_1] eth2:I[60]: 192.168.73.24 ->...
  2. Adress Spoofing with Always On VPN RAS Server

    Hi,

    we have set up a RAS server in our DMZ network (192.168.76.0/24). Behind this RAS server is the RAS VPN network with its own IP range 192.168.73.0/24. A route to this network was set up on the...
  3. Thread: HTTPs Inspection

    by Dende
    Replies
    6
    Views
    1,537

    Re: HTTPs Inspection

    Hey,

    now I have installed a Sophos UTM WAF as Reverse Proxy, it works perfect for me. Thanks for you comments!
  4. Replies
    3
    Views
    8,777

    Re: QoS einrichten bei R77.30

    Hi Jejerod,

    vielen dank für die Erklärung, ich denke, jetzt hab sogar ich es verstanden ;)

    wenn ich dann quasi eine Bandbreite für VPN "reservieren" möchte, wenn zB. ein Download die Bandbreite...
  5. Replies
    3
    Views
    8,777

    QoS einrichten bei R77.30

    Hi Leute,

    ich benötige mal hilfe auf deutsch, da ich die Anleitung von Checkpoint nicht kapiere!

    Wir möchten unseren VPN Verkehr in der Firewall Priorisieren, weil wenn jemand z.B. runterlädt...
  6. Thread: HTTPs Inspection

    by Dende
    Replies
    6
    Views
    1,537

    Re: HTTPs Inspection

    Nobody any idea?
  7. Thread: HTTPs Inspection

    by Dende
    Replies
    6
    Views
    1,537

    HTTPs Inspection

    Hi,

    we have inbound https inspection activated. One Server with extern ip 1.1.1.1 have two Websites with https Certificates installed. If I configure the external IP 1.1.1.1 with one Certificate...
  8. Replies
    3
    Views
    12,367

    Host Header Redirection

    Hi,

    is it possible to confige the Checkpoint Firewall to redirect Host Header entrys to different webservers?

    for example: We only have one externel IP address 65.65.65.65 and want to Redirect...
  9. Re: IPS Protect internal hosts only - recommendation

    Hey Shadow,

    I want to repeat, that I understand it right:

    All Traffic came from Extern Interface (Topology = External) to Intern (DMZ or Intern -> Topology = Internal) it will be protected via...
  10. IPS Protect internal hosts only - recommendation

    Hi guys,

    I got a question regarding IPS:
    Is it useful, or recommended to activate the IPS system only from external to internal, ie:

    -------------
    Protect internal hosts only:
    If you select...
  11. IPS System: Nur Interne Hosts schützen - Frage - Empfehlung

    Hi Leute,

    Ich hab mal eine Frage bezüglich IPS:
    Ist es Sinnvoll, bzw. Empfohlen das IPS System nur von extern nach intern zu aktivieren, also:

    Protect internal hosts only:*
    If you select this...
  12. Replies
    4
    Views
    1,410

    Re: Two extern IP Ranges don't work

    We found the Problem...

    Our ISP had no route to oure secondary IP Range created.

    Now it works fine ;))

    Thanks all...
  13. Replies
    4
    Views
    1,410

    Re: Two extern IP Ranges don't work

    Hi alienbaby,

    yes we are Natting, the intern address in DMZ is 192.168.76.12 and I gave the Host a static NAT address 62.123.2.22. So the NAT rule will be created automatically, or!?
  14. Replies
    4
    Views
    1,410

    Two extern IP Ranges don't work

    Hi Guys,

    we have two extern IP Ranges, for example:

    62.123.1.64 255.255.255.240 -> First IP allocated to the Ethernet Port
    62.123.2.18 255.255.255.240 -> Secondary IP on the same Ethernet Port...
  15. Replies
    5
    Views
    1,982

    Re: Can't Change IP address behind interface

    Hi,

    I convert it to a Gateway, now I can change the Interfaces....

    Thanks...
  16. Replies
    5
    Views
    1,982

    Can't Change IP address behind interface

    Hi,

    I have installed a VMWare Checkpoint Firewall for my Test Lab. I have 5 interfaces and all configured, If I open the Checkpoint Host under Topology, all Interfaces are set to Externel under...
  17. re: Help: Reason SIC General Failure [ SIC Error no, 148 ]

    Hi,

    here is the output, whats wrong??

    cpwd_admin:
    APP PID STAT #START START_TIME COMMAND MON
    CPD 10834 E 1 [07:24:27] 7/9/2011 cpd ...
  18. Help: Reason SIC General Failure [ SIC Error no, 148 ]

    Hi,

    I need help. I can't push new policy on my SPLAT, so I can't do any changes! I get the error "Reason SIC General Failure [ SIC Error no, 148 ]"

    If I run cpinfo I get an error at: CP Status...
  19. Re: Web security: Invalid 'Content-Length' header in response

    Hi, I have the same issue, have somebody found a solution?? FW R65

    Web security: Invalid 'Content-Length' header in response.

    Policy Info: Policy Name: Standard
    ...
  20. Thread: Hide NAT Problem

    by Dende
    Replies
    2
    Views
    2,284

    Re: Hide NAT Problem

    Hi rajeevraj,

    I have created a Network with the address 10.0.0.0 and I have activated on this Network the Hide Nat, now it's working.

    regards
    Dende
  21. Thread: Hide NAT Problem

    by Dende
    Replies
    2
    Views
    3,694

    Re: Hide NAT Problem

    Ne, im ISA ist alles freigeschaltet, wie gesagt, wenn man in der Checkpoint Hide-Nat aktiviert auf dem PC gehts ja.

    Meine Lösung:
    Habe jetzt ein neues Netz angelegt, indem ich Hide-Nat aktiviert...
  22. Thread: Hide NAT Problem

    by Dende
    Replies
    2
    Views
    2,284

    Hide NAT Problem

    Hi,

    we have the following problem:

    we have second firewalls in our company, and the users surf by a proxy (ISA 2006):

    ISA2006 -> Checkpoint -> Internet

    The first rule in the checkpoint is...
  23. Thread: Hide NAT Problem

    by Dende
    Replies
    2
    Views
    3,694

    Hide NAT Problem

    Hi Leute,

    ich hab folgendes Problem:

    Wir haben eine 2 Stufige Firewall und alle User Surfen über den Proxy (ISA):

    ISA -> Checkpoint -> Internet

    In der Checkpoint steht die erste Regel,...
  24. Replies
    4
    Views
    2,847

    Re: Sommerzeit und Winterzei

    Supi, danke für die ausführliche Antwort. Hab das mal so eingerichtet, werde mal schauen, ob das bei der nächsten Zeitumstellung klappt.

    Vielen Dank ;)
  25. Replies
    4
    Views
    2,847

    Re: Sommerzeit und Winterzei

    Hi Maarten,

    danke für die schnelle Antwort.

    Im WebUI hab ich die Einstellung gesehen, da stell ich dann auch immer zur Sommerzeit die Zeitzone auf +2 und im Winter auf +1 zurück, obwohl ich...
  26. Replies
    4
    Views
    2,847

    Sommerzeit und Winterzei

    Hallo Leute,

    gibt es eine Möglichkeit, daß die Firewall sich automatisch auf Sommerzeit und Winterzeit einstellt?? Momentan mach ich das immer manuell!

    Firewall NGX R65
  27. Re: Cannot connect to Smart Dashboard with my VMWare after Restore

    Hi belvdr,

    I have done a backup with the ssh portal on the original FW and then I done a restore from the CLI portal on the VMWare!

    I think it's a SPLAT config?! But I don't know, I'm a newbie...
  28. Cannot connect to Smart Dashboard with my VMWare after Restore

    Hi,

    I have a problem with my VMWare NGX R65.

    - I have installed the iso image R65 on my VM
    - I have installed the license
    - I have installed the same Products on the VM like my SPLAT
    - I...
  29. Thread: time incorrect

    by Dende
    Replies
    11
    Views
    2,228

    Re: time incorrect

    hi,

    if I type in this command (cpstop, cpstart). What is the impact?? Will I lost some connections for this time for example Internet, DMZ or something else. Will be the users affected?? Should I...
  30. Thread: NTP Time Change

    by Dende
    Replies
    0
    Views
    1,456

    NTP Time Change

    Hi,

    I have changed the time at the https site of my firewall. After the change the Info comes up - I must restart the Appliance Service - !
    Can I restart this service without restarting my...
  31. Replies
    4
    Views
    4,878

    Re: VPN Tunnel adjust MTU Size

    Hi plamy,

    Thanks for your answer...

    is it possible to change it only for a VPN Tunnel Connection or can I only change it for an Interface??
  32. Replies
    4
    Views
    4,878

    VPN Tunnel adjust MTU Size

    Hi,

    We have an external Company connected via a VPN Tunnel, they have a smaller MTU Size than we. It is possible to adjust a MTU Size only on the VPN Tunnel to 1400??
    I know it is possible for a...
  33. Replies
    1
    Views
    3,051

    VPN Tunnel MTU Size anpassen

    Hi Leute,

    wir haben einen VPN Tunnel zu einer externen Firma von uns, die haben aber eine niedrigere MTU Size als wir.
    Meine Frage: ist es möglich eine MTU Size z.B. 1400 nur auf einen VPN...
  34. Replies
    2
    Views
    3,123

    Re: FW Monitor - Wireshark Cap File

    Supi, dank dir, hat geklappt ;)
  35. Replies
    3
    Views
    2,925

    Re: FW Monitor - Create .cap for Wireshark

    Cool, thank you very much ;)
  36. Replies
    3
    Views
    2,925

    FW Monitor - Create .cap for Wireshark

    Hi,

    with fw monitor I can create a .cap file for analyse with wireshark. Creating is no Problem, but how can I copy the .cap file from the Firewall to my PC??

    We have a NGX R65, OS: Secure...
  37. Replies
    2
    Views
    3,123

    FW Monitor - Wireshark Cap File

    Hallo Leute,

    wenn ich auf unserer Firewall (NGX R65, OS: Secure Platform) über FW Monitor ein Cap File für Wireshark erzeugen lassen, wie bekomme ich dieses von der Festplatte der Firewall auf...
  38. Replies
    10
    Views
    4,034

    Re: Can not Ping to the Internet

    It's looks like:

    PC(10.90.90.80) -> ISAIntern(10.90.90.5) ISAExtern(192.168.75.2 - NATing 62.125.xx.2) -> FW1Intern(192.168.75.1) FW1Extern(69.225.xx.1)

    The ISAExtern have a static NAT...
  39. Replies
    10
    Views
    4,034

    Re: Can not Ping to the Internet

    Not for my PC. I have a NAT rule for the Checkpoint External Interface and for the ISA Server External Interface which is connected with the Internal Interface from the Checkpoint Firewall.

    MyPC...
  40. Replies
    10
    Views
    4,034

    Re: Can not Ping to the Internet

    @tomama:
    Sorry but I'm a newbie in checkpoint Firewall, you mean the Smartview Tracker to check the response?? It shows:

    Number: 9709922
    Date: ...
  41. Replies
    10
    Views
    4,034

    Re: Can not Ping to the Internet

    The ISA is proxying and have a NAT Rule in the checkpoint Firewall and a Rule with ISA -> any every protocoll.
    If I go to the Internet and look for my external IP address, I get the external IP from...
  42. Replies
    10
    Views
    4,034

    Can not Ping to the Internet

    Hi People,

    I have a problem, if I want to ping to the Internet from my client, but I get timeout.

    The connection looks like:
    MyPC --> Switch --> ISA Firewall --> Checkpoint --> Internet

    I...
  43. Replies
    3
    Views
    1,510

    Re: Patterns at allowed URLs (Web Filtering)

    Yes I try, but it don't works. It only works with original writed sites:
    Sites.com - We take the garbage out for you. - it works
    if the explorer open a site for example "do.site.com" - it doesn't...
  44. Replies
    3
    Views
    1,510

    Re: Patterns at allowed URLs (Web Filtering)

    Hi,

    I have the same problem, have you found a solution??

    regards Dende
Results 1 to 44 of 44