CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: sail4fun

Search: Search took 0.00 seconds.

  1. Re: Delete central module license for non-existent module?

    Sorry for hijacking this tread, but is there now in R77.10 world any other way to detach licens from a offline fw module ?
    Rgds
  2. Replies
    1
    Views
    823

    Do R75.45 scs support r65 gateways ?

    The title cover my question as i inherint a urgent upgrade... it would be less stressfull to not have to upgrade managment and 6 gateways the same night .
  3. Replies
    7
    Views
    21,682

    Re: Logging to Syslog?

    Hi.

    Will this work in a P-1 enviroment as well from the CLM ?
    for one of the firewalls there is a need to forward the logs to a syslogserver for one of the clients.

    Rgds
  4. Re: Please stay away from Power-1 Appliance 11065

    It might be something into this ?

    Are there geographicly differences in the support we get in Europe vs. USofA and eg. Australia ?

    Direct support from CP vs via VAR ?
  5. Replies
    4
    Views
    1,742

    Power -1 Appliances , recomendations

    Due to the smoke and dust in http://www.cpug.org/forums/check-point-secureplatform-splat/15290-please-stay-away-power-1-appliance-11065-a.html , I dare to ask in a separate thread.

    For a customer...
  6. Re: Please stay away from Power-1 Appliance 11065

    The heading of this thread realy woke me up this morning , for more than one reason..

    First whan i buy or recomend a product for someone support is the top priority , especialy in the...
  7. Replies
    3
    Views
    2,523

    Re: CCSE NGX, but for how long is it "valid"

    Thanks a lot

    Re B)
    What's the answer to this one ?

    Rgds
  8. Replies
    11
    Views
    2,649

    Re: Tapatalk plugin for the CPUG forum ?

    Again, thanks for implementing this feature, nice to follow some interesting treads from "anywhere" with my HTC Desire.
  9. Replies
    2
    Views
    3,145

    Re: CCSA/CCSE R71 Course Changes

    Then , will there be a new CCSE accelerated R65/ngx -> R7? exam as well ?
  10. Replies
    3
    Views
    2,523

    CCSE NGX, but for how long is it "valid"

    I got the CCSE NGX late 2008 , and is about to take the accelerated CCSE "blade" version.

    But for long is actualy the CCSE NGX valid ?

    A) 1 1/2 year ? , On my "Check Point PartnerMAP " ,...
  11. Replies
    2
    Views
    1,674

    Wanted Crossbeam C6-8C

    For a project we run we are deply in need for one Crossbeam C6-8C 1GB mem , this is due to delayed upgrade/migration to other hw, we are a bit short on spare modules.

    Please PM if you got such a...
  12. Replies
    11
    Views
    2,649

    Re: Tapatalk plugin for the CPUG forum ?

    Yes it works , Thanks a lot Barry !

    Rgds
  13. Replies
    11
    Views
    2,649

    Re: Tapatalk plugin for the CPUG forum ?

    Good !, looking forward to test.
  14. Replies
    11
    Views
    2,649

    Tapatalk plugin for the CPUG forum ?

    Another forum i visit just installed the Tapatalk plugin, any plan's for CPUG as well ?

    Great having forum access from my HTC Desire.

    Rgds
  15. Replies
    3
    Views
    1,382

    Re: Checkpoint HW Required for CCSA

    You might run it on a vm, no hw necessary
  16. Replies
    4
    Views
    1,941

    Re: Some Web Sites unreachable

    Any luck with this ?
    I see this on a old R60 (yes i known , not supporter anymore) gateway running on Crossbeam C.
    Has been running for "ages" without any problems, but now we got similary issues...
  17. Replies
    2
    Views
    3,046

    Upgrade R70 to R70.30 failed, /opt full

    Hi , a SPLAT installation that started it's life on R60 , then R65 and now R70 are not able to upgrade to R70.30 due to low on disc space on /opt.

    The /opt contains all the old bin and lib' from...
  18. Replies
    7
    Views
    3,209

    Re: R71 Upgrade/install

    R70.30 to R71 on Splat , no issues , at least not in my LAB
  19. Re: Sun 420R , 5.8 and R55 , performance / throughput

    Thanks. It's not hard to convince them, more a curiosity question.
    What was the Performance of the current R420 supposed to be ?
  20. Sun 420R , 5.8 and R55 , performance / throughput

    Hi all
    For an customer still running "Sun 420R , 5.8 and R55 , performance / throughput" i'm looking for the old perfomance notes for the Sparc plattform from Check Point Software: Check Point...
  21. Replies
    1
    Views
    6,138

    Re: CPUG CON ein großer Erfolg!

    Thanks to Barry, the verry talented Speakers, the Sponsors and Wurth !

    /Geir
  22. Replies
    10
    Views
    4,891

    Re: VPN-1 ve VS SPLAT

    Did you check the driver versions ? , might me drivers for vmware included in the -VE version ?
  23. Replies
    2
    Views
    1,663

    Re: R70, and the "build in" packet capture

    Yes , the New IPS feature
  24. Replies
    2
    Views
    1,663

    R70, and the "build in" packet capture

    Hi anyone that know how to configure a R70 gateway to capture packet's that can be view with eg. WireShark via smartview tracker ?
  25. Replies
    3
    Views
    5,184

    Re: LSI MegaRAID SAS1078

    Hi. I do have the same "issue" with my server.
    I do need to run 2.4 kernel (Hw works with 2.6)

    Got no "real" floppy drive , but both USB memory stick and USB floppy are accessible after doing...
  26. Replies
    2
    Views
    1,247

    Re: Default Smart View Monitor display cpu 100%

    We have seen this on most/all of our R65 2.6 installations.

    Seems to be a counter hickup , on one installation this occours after 63 days uptime.

    Rgds
  27. Replies
    0
    Views
    1,035

    database/SessionCache and 185000 files

    I just reasently discovered some 185000 files on the fw1/database/SessionCache directory of my smartcenter. Is it safe to remove this file , when no admin is logged into the smartcenter ?

    Rgds
  28. Replies
    4
    Views
    2,754

    Re: Hotspot timeout interval?

    Not possible ? , i just ran in to the same want to extend the time before re-auth to eg. 2 hours or more.
  29. Replies
    3
    Views
    2,804

    Re: Snapshot -revert broken on R65 2.6 ?

    Close but no cigar , sk34132 didnt solve anything on
    2.6 , and a sample snapshot is do be forwarded to r&d
  30. Replies
    3
    Views
    2,804

    Re: Snapshot -revert broken on R65 2.6 ?

    Found the solution when i usercenter was up again.

    Solution ID: sk34132
    Symptoms
    Cannot revert to saved image when using Snapshot Image Management from Pre-boot menu.

    Solution
    The issue...
  31. Replies
    3
    Views
    2,804

    Snapshot -revert broken on R65 2.6 ?

    Hi just for test i tried to create a snapshot on a new R65 2.6 installation (on hpdl360 g5) .
    No problem creating the snapshot, so then i try to revert....

    Boot , stop in Grub , choosing my newly...
  32. vpn_enc_domain_valid different from configured VPN domain

    fw tab -t vpn_enc_domain_valid -f -u is showing (more) DMZ' than what included
    in the configured VPN domains , "manualy" defined GROUP with networks.

    vpn_enc_domain_valid seems to include all...
  33. Replies
    56
    Views
    12,925

    Re: R65 HFA02 released

    Nope the Smartdashboard hfa_01 doesnt fix this
    seems like the rtm... module for the 2.6 kernel og Splat is missing in the hfa_02 ?!
  34. Replies
    56
    Views
    12,925

    Re: R65 HFA02 released

    Hfa_02 on splat 2.6 kernel causes some problem with Smartview Monitor , my enforementmodules shows as disconnected, but they are running , no problem.

    Any idea if there is a tmp fix for this (so i...
  35. Replies
    5
    Views
    1,912

    Re: Vendor seems confused, license question.

    My understadingin is that you have to buy the licens for the add. enforement modules, but the managment of these are covered .
  36. Replies
    4
    Views
    2,166

    Re: Routing Issue between firewalls

    Any clue in smartviewtracker logfiles ?
    Antispoofing ?
  37. Replies
    2
    Views
    16,224

    Re: Track by NAT Rule Number

    Yes you can, choose to view the NAT rule, then you can select the filter function on the nat rule column.
  38. Thread: SFTP services

    by sail4fun
    Replies
    5
    Views
    4,262

    Re: SFTP services

    No need for that, just choose the "ssh" service
  39. Replies
    3
    Views
    2,229

    Re: C6 keep crashing

    Did you get any solution for this ?
    We having one signle C6 with memory leak problems

    [root]# fw ver
    This is Check Point VPN-1(TM) & FireWall-1(R) NGX (R60) HFA_03, Hotfix 603 - Build 015...
  40. Replies
    2
    Views
    1,053

    Re: What do I need to upgrade to R60A or above?

    1. You can run on prod. env., you shold always download and use the latest version of the uty.

    2. No problem using this on a live env.

    3. Yes.

    + Remember when going from NG to NGX you ned to...
  41. Replies
    4
    Views
    1,587

    Re: Unable to Change Topology under R65

    If it's created as host , just "right click" , convert to gateway.
  42. Re: one (public ip) to many (different internet servers) port mapping question

    Can do, manual nat, Service aso.
  43. Replies
    4
    Views
    2,226

    Re: VSX , What platform to choose ?

    Thanks

    Any source for good, real-life firewall performance numbers on the HP' ?
  44. Replies
    3
    Views
    3,020

    Re: Voyager Scheduled backup and Automatic FTP

    Yes..., the Automatical tranfser uses anonmymous ftp.
    + it works
    - should use sftp or at least not ftp.
  45. Replies
    4
    Views
    2,226

    VSX , What platform to choose ?

    Need to build a robust HA solution between the main DC and DR. site.

    Anyone ?, should i go for Crossbeam X40/X80 to scale "for ever"
    or should I choose a pair of HPDL385 and go for SPLAT, then...
  46. Replies
    3
    Views
    3,020

    Re: Voyager Scheduled backup and Automatic FTP

    After sucessfully ftp'n of the backup the backup.gz file is removed from the local disc.
  47. Replies
    1
    Views
    1,360

    Re: Express License to Enterprise NGX R60

    No "normaly" licens upgrade/changes do not mess with the services.
  48. Replies
    2
    Views
    2,485

    Re: Sessions per Second, how to ?

    I did end up with a little script line

    while :; do fw ctl pstat| grep TCP; sleep 5; done

    then i get the aprox number of new sessions each 5 sec, in increment from last
    loop.
  49. Replies
    2
    Views
    2,485

    Sessions per Second, how to ?

    Hi , how can i determind new sessions per second on an R55 installation
    without SmartviewMonitor or Eventia ? , need the numbers for
    sizing a new configuration.

    fw ?
    cpstat ?
    ?

    Rgds
  50. Re: Urgent!about configure subnet mask in Checkpoint Provider-1

    ? Why ? , we are using both -x and -c ,(Nokia and Solaris as well) is

    Is it Crossbeam og CheckPoint that causes the pain ?
  51. Replies
    10
    Views
    5,400

    Re: QOS (Floodgate) install question

    Finaly I got it running ;

    Step 1; Installed CPfg1-50 on both modules and managment, followed instructions to run cpconfig, and reboot
    Step 2 ; Click the Qos Tab on the modules (in...
  52. Replies
    2
    Views
    1,780

    Re: Easy way to monitor bandwith

    Or a 3d approach , use tools such as mmrtg/rrdtool , an mesure the NIC's or switch ports instead.
  53. Thread: R55 HFA 19?

    by sail4fun
    Replies
    7
    Views
    1,911

    Re: R55 HFA 19?

    The Release note for HFA_19 , Says January 19...
  54. Re: I have a central licensed linked to my internal IP - Does it matter???

    Guess that the "external" har some thing to do with some Pre NG historic issues , things tend's to glue to peopels mind.
  55. Replies
    10
    Views
    5,400

    Re: QOS (Floodgate) install question

    It was possible to choose that on my usercenter account.

    *BUT* more likely to be my problem, from the "IndividualInstallation.PDF" page 7-9


    Solaris
    1 Download fg1_R55_<Build_Num>_Solaris.tgz...
  56. Replies
    3
    Views
    2,282

    Re: Static Route Configuration

    If extranal traffic is to reach your DMZ :
    2 Aproches (at least ) is possible.
    1) you having som "real" addresses in your DMZ , and your ISP routes this network to your FW's external interfaces....
  57. Re: PS -AUX shows low CPU, but CP Smartview Monitor shows extremely high CPU usage

    Are there a lot of trafic going thrue the box ? , seems things like this on
    solaris as well, and it has been lots of intr's causing high kernel(sys) load
  58. Replies
    3
    Views
    2,282

    Re: Static Route Configuration

    When you configure your DMZ interface , that ip of the Nokia will become the
    "default gw" for your clients on the 192.168.2.0/28 segment, just configure the interface in voyager , no routing for...
  59. Re: Can't add new administrator in SmartDashboard

    ?! , they can use "check point password", but must be created in smartdashboard, User & Administrators ,
  60. Replies
    1
    Views
    1,660

    Re: Loadsharing & HA on crossbeam X80

    ? , and you do a
    #CBS copy running-config startup-config
    or just
    #CBS wr
    to save / copy your running config to the startupconfig ?
  61. Re: Whats the difference between versions R55, R55P, R55W?

    I "think"

    R55 is the plain R55
    R55P is the IPSO version (Nokia)
    R55W is the Web verion

    The W stuff was merged in to the "plain" version when NGX was released , more smardefence ??

    Shot...
  62. Replies
    10
    Views
    5,400

    Re: QOS (Floodgate) install question

    The CPTC-QOS-1-NG licens are applied central.
    but no sign of etmstat on the modules , and no fq-1 running.
  63. Replies
    10
    Views
    5,400

    Re: QOS (Floodgate) install question

    Lifting this one because i have the same problem now.
    Just added the QOS licens "central" , but the QOS box on the modules are grey, and no etmstart, or fgate commands are aviable neither on the...
  64. Replies
    2
    Views
    1,217

    Re: How to manage two enforcement module

    From the top of my head.
    Install the enforcement sw on the new gateway, enter a SIC .
    Configure NIC's and routing.

    On the managment , add Object "New Checkpoint Node"> Gateway
    Fill in name, IP...
  65. Replies
    2
    Views
    2,954

    re: How to Create a Solaris 9 Jumpstart in VM

    Sun Docs' like http://docs.sun.com/app/docs/doc/819-6397/6n8dpr9b6?a=view might help U ?

    Rgds

    G
  66. Replies
    10
    Views
    3,102

    Re: Problem with Sparc System

    What kind of HW equipment is this ?

    /G
  67. Replies
    10
    Views
    3,102

    Re: Problem with Sparc System

    Hi, if you got an Sun keyboard.
    Type ABORT-A
    then
    >boot cdrom

    /G
  68. System Alert message: fw01a_1 is disconnected

    ..........
  69. Replies
    1
    Views
    2,211

    Re: Failed to create /dev/etm0

    Solved:

    Installed the Wrapper, ,did run cpconfig before reboot, then added hfa04, looking good
  70. Replies
    1
    Views
    2,211

    Failed to create /dev/etm0

    HI, im trying to install NXG 6.0 on Solaris 10 on FSC PrimePower250

    pkgadd runs fine, reboot no problem.
    Then cpconfig is causing a problem , bailing out with
    "Failed to create /dev/etm0"...
  71. Replies
    4
    Views
    4,368

    Re: Etherchannel support on SPLAT??

    LACP is supported on Crossbeam X series.
  72. Replies
    6
    Views
    3,355

    Checkpoint managment on VMWare ?

    Hi, i'm planing a new pair of Crossbeam C6' in VRRP cluster
    for an exsiting customer , initialy my plan was to use
    a Fujitsu Siemens RX100 (or RX200) for managment server , BUT
    They (The...
  73. Replies
    83
    Views
    37,677

    Re: Don't make the mistake I made with CCSA NGX

    I got a few nice tip' from you all, and scored 74% today :-)
  74. Replies
    6
    Views
    2,665

    Re: Allowing access to fqdn

    I guess that "Network objects", Domain will do...
  75. Re: Dual-processor support for enforcement and management server (SmartCenter)

    My experience is that if your enforement module just do FW no VPN , you
    don't get any utilization on the second cpu , other than a greater possibility to "survive" an cpu failure (RAS) .

    /Geir
Results 1 to 75 of 75