CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: m_1607

Search: Search took 0.00 seconds.

  1. Replies
    1
    Views
    1,304

    unable to open https session

    unable to open https session , trying changing port to 4434 still no luck.
    On firewall we are seeing traffic allowed , but actuall web portall connection is not opening.
    Any help with issue...
  2. Re: R77.30 installation getting stuck at first time configuration wizard

    OK great I will give a try.
  3. Re: R77.30 installation getting stuck at first time configuration wizard

    thanks for reply it is Other Linux 2.6 kernel with 4GB RAM HDD is 40 GB.

    Apart from these parameters anything needs to be checked , I am able to login through webui but once it comes to mgmt...
  4. R77.30 installation getting stuck at first time configuration wizard

    I am trying to install R77.30 in vmware workstation environemnet , it is getting stuck at web ui of gaia ,I can login , selected fresh install tab then at mgmt tab it stucks.
  5. Replies
    2
    Views
    5,598

    how to export cpinfo log file from firewall

    Need assistance with exporting cpinfo file out from firewall.
  6. Replies
    2
    Views
    2,196

    Gaia R76 Cluster failover logs

    Could someone help with finding if cluster failed over logs.

    Thanks in advance.
  7. Replies
    1
    Views
    1,581

    New Security Gateway installed on Open server

    Query : - After I installed security gateway on open server in standalone with no server installed yet.
    After complete installation I lost ping to gateway .
    I am trying to understand what policy...
  8. Re: RX errors increasing on External Interface of Splat firewall

    Just one doubt how do you know ISP side is set to half duplex.

    Thanks.
  9. Re: RX errors increasing on External Interface of Splat firewall

    NIC statistics:
    rx_bytes: 251666659859
    rx_error_bytes: 0
    tx_bytes: 55334578774
    tx_error_bytes: 0
    rx_ucast_packets: 280757565
    rx_mcast_packets: 0
    ...
  10. Re: RX errors increasing on External Interface of Splat firewall

    Settings for eth2:
    Supported ports: [ TP ]
    Supported link modes: 10baseT/Half 10baseT/Full
    100baseT/Half 100baseT/Full
    ...
  11. RX errors increasing on External Interface of Splat firewall

    we are using open server server and RX errors are increasing on external interface we check speed and duplex is fine on both side CPU utilization is also normal.

    eth2 Link encap:Ethernet ...
  12. Replies
    10
    Views
    5,957

    Intermittent Tunnel Loss

    I am losing tunnel intermittently looking through logs i get following error

    encryption failure: Warning: possible replay attack. Sequence Number 459475

    Any help with why this tunnel is...
  13. Replies
    1
    Views
    1,347

    Re: VPN-1 Edge routing question.

    IF it is working from PC behinf Edge Gateway and not working behind client connected by VPN , I assume it is configuration issue with secureRemote.
  14. Replies
    1
    Views
    8,341

    Split Tunnel Concept in Checkpoint Firewall

    I wish to understand how checkpoint firewall handles DNS query

    we have configured DNS servers on checkpoint as 8.8.8.8 which is public DNS server.

    And we have DHCP server configured for...
  15. Replies
    1
    Views
    2,615

    Understand fw monitor keywords i,I,o,O

    Can someone help me understand traffic flow kernel out to firewall .I see it as i,I,o,O

    lets says when traffic comes from internet how does it flow in terms of i,I,o,O

    same from network.
  16. Replies
    2
    Views
    1,127

    VPN Tunnel Need help

    Can someone help me with Ports required to open VPN connection with 2 Site to Site VPN.

    Thanks
  17. Replies
    6
    Views
    6,928

    Re: Need some Suggestion about Vmalloc size

    Any help here ?
  18. Replies
    6
    Views
    6,928

    Need some Suggestion about Vmalloc size

    In last few days we had issue with our core firewall we were unable to push policy error we are getting is memory allocation failed.

    Then after increasing vmalloc size in grub.conf file it fixed....
  19. Error unable to get VPN tunnel tables on edge n firewall

    We are facing intermittent VPN tunnel drops looking at event logs or says error unable to get VPN tunnel tables

    Please some help me understand this message
  20. Replies
    4
    Views
    1,426

    Re: VPN Tunnel issue need help

    It is Intermittent.
  21. Replies
    4
    Views
    1,426

    VPN Tunnel issue need help

    I need some help here:-

    Scenario is VPN tunnel between 2 sites are dropping.
    When we checked from from Firewall towards ISP router ping response is fine.
    When checked from Tracker it says there...
  22. Replies
    1
    Views
    549

    Re: Checkpoint secure client Encrypted traffic

    Anyone ther to help ?
  23. Replies
    1
    Views
    549

    Checkpoint secure client Encrypted traffic

    how can we check for encrypted traffic from secure client.

    I mean to say , If I am connceted through secure client how can we make sure traffic is encrypted when communication happens between...
  24. Replies
    7
    Views
    2,419

    Re: How to check throughput on each interface

    Using Cacti would be best option.
  25. Replies
    20
    Views
    33,595

    Re: FTP over SSL fails with VPN-1/FireWall-1

    So what are workaround we have to make FTPS work from checkpoint R71.30 ?
  26. Replies
    4
    Views
    1,466

    Re: Unable to map network drive

    That' ok it is sprted out , ISP was blocking 445.
  27. Replies
    21
    Views
    5,526

    Re: Finally passed the R71 Exam

    PLease send me link for flashcards my email id mandar1607@gmail.com
  28. Replies
    3
    Views
    1,117

    Re: Access firewall on Inside network

    U mean to say with default policy right ?
  29. Re: Cli command to check dhcprelay service on UTM edge device ?

    Anyone here to help ?
  30. Unable to unload policy from checkpoint splat firewall

    When trying to unload policy getting error :

    unable to open dev/fwo:No such file or directory
    Failed to uninstall security policy: No such file or directory

    Any help appreciated with why we...
  31. Cli command to check dhcprelay service on UTM edge device ?

    Cli command to check dhcprelay service on UTM edge device ?
  32. Replies
    3
    Views
    1,117

    Access firewall on Inside network

    How can I make firewall to access from inside office network.

    Let say curently 10.5.1.1 is my external interface and mgmt interface

    and 10.121.1.1 is my inside network and I want to access my...
  33. Replies
    5
    Views
    12,119

    Re: Check if QoS Rules Working Properly

    lets say if we have 10 mb B.W from ISP and we assign guarantee 2 Mb to Voice traffic

    How much B.W would be available for rest of application ?
  34. Replies
    5
    Views
    12,119

    Re: Check if QoS Rules Working Properly

    Sorry to bump question here.

    I have R71.30 ,We have Setup QOS how can we make sure It is setup of correctly as Smartview Tracker doesnt show anything

    Thanks for help Appreaciated.
  35. Replies
    1
    Views
    1,077

    IPS Exception for particular domain.

    How can we add Exception in IPS for Complete domain .

    For Example I want to exclude complete gmail from IPS scanning how can we do that ?

    Thanks for your help .
  36. Re: Step by step guide to install R71 splat on windows os based on vmware

    I want to install checkpoint gateway and smart center server both on vmware.

    Could you please tell me which ISO should I downlod for that ?

    Also my laptop has single NIC I hope sever and...
  37. Replies
    8
    Views
    1,762

    Re: facing issue with send emails from one domain

    doesnt connect
  38. Replies
    8
    Views
    1,762

    Re: facing issue with send emails from one domain

    Looks like our ISP is blocking port 25 in this scenario how can we check if host is able to communicate with mail server ?
  39. Re: Step by step guide to install R71 splat on windows os based on vmware

    Anyone there to help
  40. Replies
    8
    Views
    1,762

    Re: facing issue with send emails from one domain

    They are trying to send emails getting error sending failed.

    would that help ?
  41. Replies
    8
    Views
    1,762

    facing issue with send emails from one domain

    one of our customer is trying to send email from one domain but it doesnt work.
    Similarly when they to send email from outside office networks it woks ,

    Just wondering what could be issue ?
    ...
  42. Step by step guide to install R71 splat on windows os based on vmware

    Coud someone please guide me through step by step to install R71 splat os on windows I have windows sever 2003 running on Vmware


    Help Appreciated
  43. Replies
    0
    Views
    1,535

    Vmware installtion help ?

    I have installed Smartcenter server R75.3 and gateway on VM and I want my gateway to talk with server how can we do that , I have only 1 NIC card ? any help appreciated
  44. Re: How can we check which traffic is moving across different CPU

    how can we check which services is comsuming max cpu ?
  45. Replies
    1
    Views
    9,095

    RDP session slow

    We are facing issue with slow RDP connection can we create QoS rule for port 3389 and assign weight to that

    would that pace up speed ?


    Thanks
    Mandar.
  46. Re: What should be the metric value I can use for the default route of lower priority

    As far as my understanding we dont need to define addtional default route cpisp_update file automatically does that work for you
  47. Re: how can we check total time of SA beween 2 tunnels

    Example please
  48. Replies
    4
    Views
    1,466

    Re: Unable to map network drive

    how can we check for CIFS traffic on firewall ?
  49. Replies
    4
    Views
    1,466

    Unable to map network drive

    From our internal network I am unable to map network drive ,I can ping and tracert to that system

    what could be issue ?
  50. Packet Loss when pinging Internal Interface of Nokia Ip260

    I am getting Packet Loss when pininging internal interface of firewall ,External interface for firewall ping looks ok.

    Also Internal interface doesnt show any errror.

    Any help Appreciated.
  51. Re: how can we check total time of SA beween 2 tunnels

    Can you give one example so will get better idea.
  52. Re: How can we check which traffic is moving across different CPU

    Any Comments on this ?
  53. Re: how can we check total time of SA beween 2 tunnels

    Can we check tunnel uptime through CLi ?
  54. Re: how can we check total time of SA beween 2 tunnels

    no command to check through cli ?
  55. how can we check total time of SA beween 2 tunnels

    how do we check total time of SA association between 2 tunnels on CP

    Like in cisco we use command show cryto isakmp sa detail
  56. Re: How can we check which traffic is moving across different CPU

    we have nearly 100 tunnels on this firewall with ISP speed of 200 mb
  57. Re: How can we check which traffic is moving across different CPU

    we have interface affinity set to default .
    I think most of connections that r utilized by one cpu are vpn is there any way we can split vpn connections across cpu ?
    can we check which...
  58. Re: How can we check which traffic is moving across different CPU

    Model is Power - 1

    fw ctl multik stat
    ID | Active | CPU | Connections | Peak
    -------------------------------------------
    0 | Yes | 7 | 21315 | 21887
    1 | Yes | 6 | ...
  59. Re: How can we check which traffic is moving across different CPU

    and how can we check if we have enabled that through cpconfig ?

    as i can see it is enabled but not sure how ?
  60. Re: How can we check which traffic is moving across different CPU

    I disabled secure XL using command fwaccel off

    But issue is now still traffic moves across one core/CPU only.
  61. How can we check which traffic is moving across different CPU

    We have many CPU but looks like much of work is done by one CPU

    we have SecureXl turned off .

    Thanks for help
  62. Replies
    0
    Views
    2,060

    Common checkpoint troubleshooting commands

    Common checkpoint troubleshooting commands
  63. Replies
    1
    Views
    1,246

    Monitor Particular user traffic

    how can we check traffice for particular user /IP
Results 1 to 63 of 63