CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: jerryroy1

Search: Search took 0.01 seconds.

  1. Replies
    8
    Views
    3,433

    Re: SmartView Monitor email alerts

    Hello, Is there any way to format these emails? This is all gibberish to the customer. No xml? no text files to send only the fields we want to see? Any documentation on what all these fields are?
    ...
  2. Sticky: Re: Create and Maintain Your Own Check Point Software Repository

    I would like to get R77.80 and R80.10 and install into a VM for testing and practice, any recommendations on where to get these?

    My support contract is assigned to me by the customer and I have no...
  3. Replies
    21
    Views
    19,430

    Sticky: Re: Check Point 1400 Appliance - FAQ

    Anyone know how to get the serial number of a 1430 from the cli of the unit?
  4. Re: SmartProvisioning to get firmware of all devices?

    BTW, Any "Smart" tools to push the FW to these devices?
  5. SmartProvisioning to get firmware of all devices?

    Hello Checkpoint Guru's,

    I need your help :) I am trying to confirm the firmware that is on all 1430 devices we have deployed. I can see we have a large list that has an older version via the...
  6. Re: Smartprovisioning being used for large rollouts ?

    I "believe" SmartPro may be the way to go. When configuring devices in SmartDashboard, the FWM process will start to consume all cpu and go 100% once you get over approx 225 or more devices (in our...
  7. Re: Gateways per CMA? Large scale deployment experience?

    Now I get this after I rerun the command with correct credentials and correct security profile

    HM-SMS>
    LSMcli HM-SMS jroy MyPass Convert Gateway VPN1 HM-DEVLab-0206-CP...
  8. Re: Gateways per CMA? Large scale deployment experience?

    Thanks for the updates. OK, so I found this blurb in the admin guide.



    Problem is I only see these options for the device. How do I know which of these is for a 1430 or is it even supported...
  9. Re: Gateways per CMA? Large scale deployment experience?

    OK, Lovely. I think we have run up against this now. We have 300 1430's I want to push policy to all and we fail every time.

    SMS is stand alone running R77.30 take 216

    1) Is it possible to...
  10. Management port and Console port authentication timeout?

    Anyone know what the default timeout is for the Webui on the management interface and the console port? Can these be adjusted?
  11. Thread: CPX 2017

    by jerryroy1
    Replies
    8
    Views
    2,770

    Re: CPX 2017

    Going, 1st time ever. For those who have attended, what tips can you offer?
  12. Replies
    1
    Views
    1,024

    Tool or Script to add new objects

    All,

    I need to add approx 15 new 1430 devices every night to the SMS with all the miscellaneous objects (subnets, IP's, hostname, etc...) What tool is available to accomplish this?

    TIA
  13. Re: Checkpoint 1100 device - VPN tab not working

    Does anyone know if there is a way to hash the sic password in the autoconf.clish file?
  14. Smart Event server will not collect data from Log Server or SMS

    We have a smartevent server that used to work. It is in the same subnet as the smartlog and sms. They can all ping each other. I am unable top delete any objects or change their IP's in the policy of...
  15. Replies
    13
    Views
    6,673

    Re: no vlan 1 in gaia interface configuration

    Is there a way to set the Native Vlan for an interface like we can do with Cisco?
  16. Replies
    2
    Views
    1,813

    Re: DHCP option 43

    Was an answer ever found?
  17. Re: Dual ISP IPSec tunnel Failover on 1100/1400

    Are both links with static IP's?
    The Link Selection was done on which object? The Center GW or the 1400?
  18. Dual ISP IPSec tunnel Failover on 1100/1400

    Hello,

    I would like to know if anyone has had success in getting a 1140/1430 to use 2 isp's and to fail over the IPSec tunnel? We also need it to be able to fail back. I can't imagine that this...
  19. Replies
    21
    Views
    19,430

    Sticky: Re: Check Point 1400 Appliance - FAQ

    The 1430 does not blink a Red light like the 1140 does when a line within the autoconf.clish file hits an error. I can say one thing for sure, Checkpoint is consistently inconsistent.
  20. Replies
    1
    Views
    870

    "System Backup" via Webui

    When I do a "System Backup" via Webui, what gets backed up? Are the Logs also backed up or ONLY the OS settings?

    1161
  21. Thread: Split DNS

    by jerryroy1
    Replies
    4
    Views
    1,816

    Re: Split DNS

    Is this still the case with 77.20 on the 1140's?
  22. Replies
    7
    Views
    5,519

    Re: Interface alias

    We are out of ports and need to add an additional subnet. Does Cluster XL support Vlan interfaces?

    I can add an IP to an interface from the cli but how do I do it for a vlan interface?

    set...
  23. Replies
    2
    Views
    1,273

    Tool for Firmware upgrade 1140's

    Is there a tool I can use to upgrade the firmware on multiple 1140 devices (50, 100?) at the same time?
  24. Replies
    2
    Views
    2,532

    Unable to scp from CP box to Win box

    Can someone look at my syntax and tell me what I need to fix? I am trying to copy a file from a CP 3150 to a windows scp server..


    [Expert@SmartLOG:0]# scp...
  25. Replies
    17
    Views
    4,605

    Re: SIC Establishment and Security

    Thank you everyone for the responses.

    The Customer is still pushing for sic over ipsec.

    Really need your expertise and some input. We have some questions which relate to the Sic over IPsec.
    ...
  26. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Anyone have a working knowledge of the LSM CLI? How about a complete working example? It says NO VLANS can be added via the LSMCLI?
    ...
  27. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Has anyone been able to get Smartprovisioning to upgrade the firmware? Whats the trick?

    It continues to time out on us.

    1086
  28. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Hi all,

    Working with SmartProvisioning. I would like to know where in the tool I can templatize the Interfaces? All locations will have the same lan/vlan interface configuration with same IP...
  29. 1140 Gaia Embedded support snmp on standard UDP port 161?

    All,

    Does and 1140 Embedded Gaia support snmp on standard UDP port 161?

    Can anyone share what MIB's are available?

    Thanks!
  30. Replies
    3
    Views
    1,619

    Re: 1140 with 77.20.11 and Cli commands

    Exactly what I mean, absolute inconsistency and where the F is the documentation that shows all the CLI changes????

    This command worked in the older version 77.20

    set service-system-default FTP...
  31. Replies
    3
    Views
    1,619

    1140 with 77.20.11 and Cli commands

    Why is this gaia command line of a system that has linux OS the absolute LAMEST IN THE INDUSTRY? They took linux and screwed it all up.

    There is no command completion, per se and it it completely...
  32. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    I did a show configuration on a 1140 and get the following command under interfaces.


    set interface "LAN2" lan-access "accept"

    But when I try and apply to another factory-default box I get an...
  33. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Hi All,

    Looking for input on ways to shorten the provisioning process for CP 1140 devices. To be fair, I have not spent the time to learn smart provisioning gui yet and if it would shorten our...
  34. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    Not in the FAQ's?

    Gateway-ID-7F27B660> set internet-connection "Internet1" type
    cellular - Cellular Modem
    eoa - EoA
    l2tp - L2TP
    pppoa - PPPoA
    pppoe - PPPoE
    pptp - PPTP...
  35. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    Do the 1140's support route maps? I found this statement below on page 90 in the guide. Please tell me it is not so.

    "Note - The save config and route map commands are not supported."
  36. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    Anyone else see issues with the 1140 forcing all traffic thru IPsec tunnel and also breaking sic continually?
  37. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    How can I configure split tunneling on the 1140? I need certain traffic to go thru tunnel but undefined traffic to nat out to the internet from the Lan. Right now it looks like all is being forced...
  38. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    Can I create a Vlan1 interface and move the 192.168.1.1 IP to this interface and manage to the device? Because so far it has been unsuccessful.
  39. Replies
    53
    Views
    99,281

    Sticky: Re: Check Point 1100 Appliance - FAQ

    Is there a newer version of the Check Pointless 1100 Appliance Centrally Managed Administration Guide???

    Why is this not updated for R77.20 on 1140?

    In the autoconf.clish file example, this...
  40. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    My autoconf.clish file keeps saying error on the following line

    Bad parameter starting at 'set user admin type admin password aaaa'

    Any ideas?

    When I try and run the command on the box, it...
  41. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Why? Because I actually would want to connect more then 1 device on the same Vlan without the added expense of a switch. A Cisco, a Juniper, Fortinet, the majority of enterprise devices can do this....
  42. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Are you able to assign more than one interface to a Vlan? If so, whats the trick?

    I want 4 interfaces, Lan2 thru Lan5 in Vlan 2.

    I am unable via the Gui on the 1140 version R77.20. Anybody...
  43. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    I ran the show software-version and found its older code.

    My mistake, my Lab box was rolled back to R75.20. Let me get it updated again.

    I will share the nat problem (verified issues by CP in...
  44. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    OK, so I have confirmed embedded Gaia does not support the full command set and the "show configuration" command does not work (works in clish only). It is really looking like smart provisioning...
  45. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Excellent, Thanks!
  46. Re: SmartLSM / Smartprovisioning error in DHCP settings

    Absolutely LAME. I cannot assign an interface to a Vlan without assigning the Interface (LAN1) an IP address? Are you kidding me? This must be a joke or there is another method because it looks like...
  47. SmartLSM / Smartprovisioning error in DHCP settings

    Setting up a SmartLSM Security Gateway and having issue defining the DHCP ranges and exclusions. How do we define both the range and the exclusions? Also, we have more then one exclusion range for...
  48. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Can you still send an output file? I would like to see the syntax that would be used and it would help me understand the possibilities :)
  49. Re: Switch flapping when two clusters connected

    Thanks Guys,

    Found the following (see below). Question, I haven't rebooted yet but do you believe this will survive across a reboot?

    Executed the following commands to set one of the cluster...
  50. Switch flapping when two clusters connected

    All,

    Need your help identifying a way to stop flapping, we see it continually disconnecting webui access and ping traffic is inconsistent. We have a design (see attached image) that has two 4800's...
  51. Replies
    17
    Views
    4,605

    Re: SIC Establishment and Security

    Riddle me this, Why can't we establish SIC to the same device on two different interfaces? It seems this was a major oversight by CP or there was a technical reason why it is not possible? I can...
  52. Re: Add drives to Raid vs a complete tear down and rebuild???

    Still have two drives that havent even finished. What a Joke!

    Adapter 0 -- Virtual Drive Information:
    Virtual Drive: 0 (Target Id: 0) ...
  53. Add drives to Raid vs a complete tear down and rebuild???

    The documentation is the absolute worst I have ever seen for a logical order. No one in support can answer my questions on just adding drives vs. a complete tear down and rebuild of the Raid 6 on a...
  54. Replies
    3
    Views
    1,439

    Re: 0 Virtual drives

    What does the command raid_diagnostic show you?

    Look at this though many parts are cryptic.
    ...
  55. Replies
    0
    Views
    1,436

    Installing new drives in 3150's

    I found this http://dl3.checkpoint.com/paid/e0/e07f523c5765e52db2523bb17461c0af/CP_Smart-1_225_3050_3150_RAID_AdminGuide.pdf?HashKey=1444330945_ef81330cf1ce70c185107a5088db6c01^xtn=.pdf

    I have...
  56. Re: How can I confirm the memory on a 4800, 12400 or 3150

    This works :)

    HM-CP-4800-1> show asset memory
    Memory Slot 1 Size: 4096 MB
    Memory Slot 2 Size: 4096 MB
  57. Re: How can I confirm the memory on a 4800, 12400 or 3150

    Here is what I get:

    [Expert@HM-CP-4800-1:0]# /proc/meminfo
    bash: /proc/meminfo: Permission denied
  58. How can I confirm the memory on a 4800, 12400 or 3150

    I run dmesg and I get this. How can I confirm total Physical memory?


    [Expert@HM-CP-4800-1:0]# dmesg
    Linux version 2.6.18-92cpx86_64 (builder@Lnx30BccCmp5) (gcc version 4.1.1 20061011 (Red Hat...
  59. Replies
    17
    Views
    4,605

    Re: SIC Establishment and Security

    Sic Thru IPsec tunnel?

    As I understand SIC (which is very little to be fair :)) it is secure, but we have a customer who wants SIC established to an inside interface of the GW devices (1140) being...
  60. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Error attempting to delete last few objects.

    There are no policies so where applied?

    995
  61. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Excellent, I saw I was missing the NAT NAT but the other line was the key :)

    OK, So I have my scripting process, working on automation. How can I drop ALL host nodes and all ranges from the DB so...
  62. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    I have almost all scripts complete but keep getting "Invalid Schema Class" for the bottom three lines.

    What did I miss?


    create address_range HM-282_Range_192.168.244.2_192.168.244.18
    modify...
  63. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Just to confirm. This assumes the following.

    If just the 1st address in the Nat range is defined:
    valid_ipaddr: 172.30.122.2

    All the addresses are mapped from this address on to the end of...
  64. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    I can create a range via dbedit but how do I Nat the Range? I don't see a selection. How would I do this via dbedit?

    993
  65. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    I was preparing my post and posted BEFORE I saw your response. I never said your response did not work.
  66. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    I added the GW manually but didn't see it in the rule. Had to do a save 1st in the gui and run print again. LOL Figuring out the syntax to add the gateway into the nat. Here is what I attempted so...
  67. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Thanks for pointing out the condensed method. It is an option that looks promising. Still, If we were to do this manually thru the gui, their would be an inordinate amount of time to add the 12...
  68. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    I used DBedit and printed the variables assigned to this network object (host node)

    print network_objects HM-282_192.168.1.10

    DAG: false
    NAT: HM-282_192.168.1.10 (
    ...
  69. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Good to know there are additional options that we can present to the customer but the network on each side of the Nat do not have equal masks. This is the frustration that seems to be forcing us to...
  70. Replies
    8
    Views
    7,531

    Re: Powerful combination of Confwiz and Excel

    ????

    To view this solution, higher access level is required.
    To learn more about our support programs and plans click here.
  71. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    We have been trying to convince the customer to move to subnets but it would require changes to subnet sizes (which is actually good to accommodate future growth) and they would have to remask and...
  72. Replies
    30
    Views
    7,555

    Re: Confwiz supports R70!!!

    Can this tool be used to add a large number of Host Nodes in NAT Policy? I need 128K (yes 128,000) Nat Hosts.

    Anyone have an example script they have used to do something similar?

    988
  73. Re: Help with scripting a flat file with IP's into a dbedit format.

    Does odumper/ofiller have issues with 77.20?
  74. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    Thanks for all your help! It is greatly appreciated. :)
  75. Replies
    21
    Views
    14,128

    Re: Large Deployment provisioning process?

    I don't have a license to smart provisioning I am sorry to say. Is this an image of a tool you created yourself? Can you share? Can you send a sample of a generated config file?

    Thanks!
  76. Re: Configure 1140 with 6 Vlans that are /27 to nat to 1 subnet /24

    Visual for the Nat design.
  77. Configure 1140 with 6 Vlans that are /27 to nat to 1 subnet /24

    At its most basic level. I want to share a single /24 subnet (The Unique NAT subnet) across 6 separate vlans with static nat (thru the Ipsec Tunnel) and hide Nat (out to internet). Our design is hub...
  78. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    Is there a complete list of all the commands and their syntax available for the 1140 command line?

    I would like to see all the available "set", "fetch" and all available commands

    TIA!

    Found...
  79. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    I tried "save configuration <script name>" but no go.

    I ran "bashUser off" and then "clish" then got into expert mode and tried again but does not recognize the command. Any other ideas?
  80. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    Is there a way to configure the 1140 via the GUI and export a text file via the command line and use it on another device? (Slight changes like Hostname, Nat, Subnets for settings for different...
  81. Replies
    17
    Views
    4,605

    Re: SIC Establishment and Security

    Good to hear that SIC is considered secure :)

    For locations that have a Dynamic IP assignment like DSL PPPoE or Cable DHCP, how does SIC get established? I assume the establishment of SIC is from...
  82. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    I was able to follow the process with a USB and do a new code upgrade. Can I not do this with a config file?
  83. Replies
    17
    Views
    4,605

    SIC Establishment and Security

    Hi All,

    I need to understand SIC security and establishment process. Would you feel SIC is secure enough to manage 1140's (or any CP FW's) deployed in the field on the Public IP interface or do...
  84. Replies
    11
    Views
    4,253

    Re: ISOmorphic in R77.20

    I don't see an .iso image available for the 1100 series (1140 specifically). Does this mean Isomorphic is not an option for the 1100 series? (see sk97766)

    Are there any other tools available?
  85. Replies
    21
    Views
    14,128

    Large Deployment provisioning process?

    Hi All,

    We will be deploying a large quantity of 1140 and I would like to know the best method for getting these configured. Would we do this after the box arrives or preconfigure before being...
  86. Replies
    2
    Views
    1,055

    Best Practices for Large Deployment?

    Hi All,

    I want to know what would be considered a best practice for a deployment. Would you recommend a separate Policy Package for each set of devices or include all Rulebase policies in a single...
Results 1 to 86 of 86