CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: Peter-L

Search: Search took 0.00 seconds.

  1. Re: Killing a TCP Connection from the state table?

    Haha



    Ah right ok, I'll have a dig around to see where they are.

    Thanks!
  2. Re: Killing a TCP Connection from the state table?

    Do you know how to remove the other entries?



    This was one of the first things I thought of, it shouldnt have been turned off.... however on inspection some genius has done. FFS
  3. Re: Killing a TCP Connection from the state table?

    Hi,

    Thats great thanks I'll give it a shot, though what i'm trying to simulate is the following

    Client A is connected with a TCP session to Server A which routes via FW Cluster A. Routing then...
  4. Killing a TCP Connection from the state table?

    Hello,

    Can anyone please advise if they have an easy way to kill a specific TCP session from the connection state table?

    I know "fw tab -t connections -f -u | grep <IP>" will help me identify...
  5. Cisco OTV/LISP for East to West VM Migrations and Checkpoint TCP Stateful Inspection

    Hello,

    We're currently in the process of implementing Cisco OTV/LISP on Nexus 7k devices and ISR 4431's to ensure that traffic follows are symmetric. LISP ensures that traffic destined for the...
  6. Replies
    3
    Views
    1,550

    Re: R80 Validation Errors

    I've just had confirmation that our 3rd party support company has also been able to reproduce the issue. (workaround is seemingly to delete the interface and re-create it - I'm still to try this)
    ...
  7. Replies
    3
    Views
    1,550

    Re: R80 Validation Errors

    Yep, updated both the sections (General and Member).
  8. Replies
    3
    Views
    1,550

    R80 Validation Errors

    I've had to change a few subnet masks on my cluster & gateways but now when I try and publish a policy I get -

    "Cluster Interface Subnet Error" - "The interfaces of all the members in this...
  9. Replies
    3
    Views
    950

    Re: iBGP Route Reflector Setup

    Ha been here before also with eBGP peers and routemaps, however we're wanting to remove some of the BGP routing responsibility from the checkpoints, hence making them just a reflector.

    I'd thought...
  10. Replies
    3
    Views
    950

    iBGP Route Reflector Setup

    Hello,

    If I have a Active/Passive cluster of gateways that I want to be iBGP route reflectors would I peer with the VIP or the physical address and could I use my loopback addresses?

    eth0 -...
  11. Replies
    7
    Views
    3,237

    Re: R80 Issues / Views

    Hi foks, thanks for the replies. I've just getting back to looking at this and trying to get a few gateways (77.30) setup so I can cluster etc and do a property test.

    IgalN - no rush right now,...
  12. Replies
    7
    Views
    3,237

    Re: R80 Issues / Views

    Is there a planned release date for R80.10 gateway? (I'd naively assumed that R80 was going to be both gateway and management)

    Yea my Management Server and desktop client where SmartConsole are...
  13. Replies
    3
    Views
    2,113

    Re: Issues Posting in R80

    Hi, it was the R80 subforum here. I've worked out that it was something in my post was generating a server error on my last list point (what part exactly I dont know yet).
  14. Replies
    7
    Views
    3,237

    R80 Issues / Views

    Hi Folks,

    Interested to hear your feedback or views on my experience so far with R80


    R80 is only for the management appliance, what version of gateway supports the sub policies etc? (when...
  15. Replies
    3
    Views
    2,113

    Issues Posting in R80

    Anyone else having issues posting to the R80 forum?
  16. re: R70.30 Can't push first policy after hardware failure

    FYI, this was caused by a large IPS profile.

    Doing a CPSTOP, export commit_func_timeout=1200 and CPSTART on the gateways resolved the issue when pushing a policy. You MAY need to change the...
  17. R70.30 Can't push first policy after hardware failure

    Hi Guys,

    I was hoping someone her might be able to help urgently? Basically I've got a HA cluster of R70.30 running SPLAT on UTM boxes (active/passive). One of the boxes failed and was RMA'd by...
  18. Replies
    2
    Views
    2,383

    Re: Generating SPU for Open Servers?

    Hi,

    Thanks for the info, I had said 4 Core as 8 Core I believe to be overkill for us. (though adding a 2nd processor to cover a failure hence the 2nd processor and therefore 8 cores).

    These...
  19. Replies
    2
    Views
    2,383

    Generating SPU for Open Servers?

    Hello,

    After reading on Tobias Lachmann blog (Appliance hardware – Updated 13th June 2013) the hardware under the hood of the 2012 range (and prior) of appliances and having first hand experience...
  20. Replies
    10
    Views
    2,957

    Re: Public Addresses Used Internally NAT Headache

    Yea the plan is to try and get them switched in due course but as we dont maintain the systems its not our project to do. I just dont want their/not their (public) address block ending up in our...
  21. Replies
    10
    Views
    2,957

    Re: Public Addresses Used Internally NAT Headache

    Ahh I didnt realise you could use two networks and it would do a 1-to-1! Cheers folks

    Edit: For clarification they dont own the public addresses they've used.
  22. Replies
    10
    Views
    2,957

    Public Addresses Used Internally NAT Headache

    Hello,

    Hopefully someone could provide some advise on how to best handle this problem.

    We have recently had a new office (recent acquisition) want to use some of our services on our 10.0.0.0/8...
  23. Replies
    5
    Views
    1,562

    Re: disconnect_clients script and Crontab

    Checkpoint support came back and said that using crontabs are not supported... I created a workaround of a script to login and execute the command on a schedule... clunky but it works!
  24. Replies
    5
    Views
    1,562

    Re: disconnect_clients script and Crontab

    Unfortunately using the full folder path didnt help, any other ideas or logs to see where/why its failing?

    Thanks
  25. Replies
    5
    Views
    1,562

    Re: disconnect_clients script and Crontab

    Cool thanks will give it a try and see tonight.
  26. Replies
    5
    Views
    1,562

    disconnect_clients script and Crontab

    Hello,

    I've put the CP disconnect_clients script into my $FWDIR/bin/ on my Smart-25 appliance, I've then added a second line to my crontab (using crontab -e) and it looks as follows -

    0 18 * *...
  27. Replies
    0
    Views
    1,637

    Port Knocking for Secure Access?

    For those who are not aware what port knocking is.

    Basically all ports are closed until a client connection is initiated, this client connection will try and connect on a specific sequence of...
  28. Replies
    2
    Views
    3,269

    R70.30 and R75.20 Voip SIP Inspection

    Hello,

    Firstly, can someone confirm that the VOIP Blade is only for NGX R65.2.100 and nothing later?

    Also can someone advise of how best to resolve this SIP problem?

    We have an Cisco ASA...
  29. Replies
    2
    Views
    2,529

    Re: WMI Monitoring through SPLAT

    Hello,

    Yes it would seem that im getting high source port drops (from service 445/137/139). I'm using SPLAT 75.20 and its Server 2008 R2 monitoring Server 2008 R2.

    Cheers,
    Peter
  30. Replies
    2
    Views
    2,529

    WMI Monitoring through SPLAT

    Hello,

    Im pretty new to RPC / DCE-RPC objects but I want to monitor WMI objects through the FW from a Solarwinds Orion Server. From what I understand is that it starts on TCP Port 135 and then...
  31. Re: Active/Passive Cluster Failure & GateD using BGP

    150 on one and 151 on the other... Yea they use the same AS and ID. Every neighbor has soft-reconfiguration inbound set. (which I believe is the same as graceful restarts?)

    Cheers
  32. Replies
    2
    Views
    6,490

    Re: Reliable Static Routes in Checkpoint?

    Just come across this which may help -

    yang Penting Jalan !: IP SLA-like Script

    Hack it up to add something like rather than send an email or do both -

    route add -net 0.0.0.0 gw <ISP...
  33. Replies
    2
    Views
    6,490

    Re: Reliable Static Routes in Checkpoint?

    This sound exactly like something im wanting to do with BGP... Currently the best option I've had was to use Cisco IP SLA on the ISP Router and peer the GateD with the ISP router using a route-map...
  34. Active/Passive Cluster Failure & GateD using BGP

    Hello,

    I'm just wondering if anyone has the best idea how to fix this problem.

    We have an active/passive gateway configuration that uses BGP to to peer with its neighbors (peered on the VIP). ...
  35. Replies
    0
    Views
    967

    R70.30 GateD Received/Advertised Routes?

    Hello,

    Just wondering if there is any way you can see what routes are being advertised to a specific peer or received from a specific peer.

    For example in JUNOS (*spit*) you can do a "show...
  36. Replies
    1
    Views
    1,886

    SPLAT syslog for Routing changes

    Hi,

    We have SPLAT Pro and our using the advanced routing function. I'm trying to send any routing table changes to syslog and then onto our syslog server.

    I've issued the "log system all "...
  37. Replies
    1
    Views
    1,996

    Re: Aggregate Route and Route-Map Issue

    It turns out that the aggregate-address <IP> protocol DIRECT works and not the BGP.

    It can then be filtered with a route-map (in or out) to required peers.



    router aggregate
    ...
  38. Replies
    5
    Views
    3,002

    Re: Problems with route-map with BGP on GateD

    Thanks to this post I found why my aggregate routes arent working (it had to be direct), all, BGP etc didnt work.

    try using the aspath-prepend in the neighbor statment eg -



    neighbor...
  39. Replies
    1
    Views
    1,996

    Aggregate Route and Route-Map Issue

    Hello,

    I'm hoping someone can help me with aggregating routes and with route-maps etc? Basically I am trying to aggregate the 10.222.0.0/20 (as its currently redistributing smaller /21 to /29s...
  40. Replies
    3
    Views
    1,723

    Re: eBGP or iBGP over VPN Mesh?

    Ah good, not just me that thought it was a bit wacky... I'll switch them to seperate ASNs and see how I go.

    Thanks
  41. Replies
    3
    Views
    1,723

    eBGP or iBGP over VPN Mesh?

    Hello,

    We've recently ditched a 3rd party and I've been thrown in at the deep end with trying to fix some outstanding issues, especially with the VPNs etc. The previous 3rd party had setup all...
Results 1 to 41 of 41