CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Search:

Type: Posts; User: mdjmcnally

Search: Search took 0.00 seconds.

  1. Re: Identity Awareness for Terminal Servers R77.30

    The TS Agent can only connect to 1 Check Point Gateway.

    Different TS Agents can however connect to different Check Point Gateway in your environment. You then can use the Identity Sharing to...
  2. Re: VPN Communities and routing between them

    Enable Hub Mode on the VPN Gateway. Founder under VPN Clients / Remote Access

    Configure VPN Routing on the Star Community with the Central and Satellite to Allow to Connect to Central, Satellites...
  3. Re: Identity Awareness for Terminal Servers R77.30

    https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk66761#Q1

    Identity Awareness Terminal Server FAQ.

    •Windows 2016 R2 is not supported. ...
  4. Replies
    10
    Views
    1,948

    Re: Security Management Server migration

    The process ( like most things when familiar with them ) isn't that bad

    The Management Server is unless you have a separate log server used also for Traffic logging so the gateways would start to...
  5. Replies
    8
    Views
    1,576

    Re: Antispoofing adding static route

    Because you need to tell the Check Point Software that is where traffic FROM that that Subnet will ARRRIVE at that interface.

    If you take a simple firewall

    eth1 - 40.40.40.40/24
    eth2 -...
  6. Replies
    2
    Views
    2,084

    Re: GAIA new vlan add

    Because Check Point solution is a Firewall Application on top of an OS.

    It isn't like ASA / Juniper / Fortinet etc where is a combined piece of single code.

    You add the interface in Gaia to...
  7. Replies
    8
    Views
    1,576

    Re: Antispoofing adding static route

    Anti-Spoofing is based on the Source IP of traffic

    So if you add 10.10.10.0/24 to eth10 then it inspects the Source IP of traffic arriving on eth10 and compares with what is in the Anti-Spoofing....
  8. Re: Virtual systems with different DNS servers

    I've never found one.

    You can set different DNS Servers for each VS where using Mobile Access Blade in that on each VS then use different DNS Servers for the Mobile Access but the general DNS is...
  9. Replies
    3
    Views
    778

    Re: DHCP Server in ClusterXL

    DHCP is configured within Gaia OS not via the Dashboard as is an OS feature as opposed to Check Point feature.

    You also need to ensure that the firewall policy allows the DHCP request traffic as...
  10. Re: Problem with ISP redundancy - sk25152 - Kindly advise

    Unfortunately you are falling foul of ICMP not being tcp. The ICMP is virtual session and the way that the Check Point handles is that see's the ICMP as the same session and so continues to NAT...
  11. Re: OSPF routing take precedence over ISP redundancy feature

    For ISP Redundancy to work correctly in a HA, ie Primary/Backup process then you configure the NextHop address under the ISP Redundancy in the Gateway Object on the Interfaces.

    Which ever is the...
  12. Replies
    1
    Views
    586

    Re: Questions for CheckPoint DR Recovery

    Export/Import Backup/Restore to work properly relies on the IP addressing being the same at the DR location as in Production.

    This is unrealistic to expect so yes you would be wrong in your...
  13. Re: Any recommendations for dual 10GBASE-T adapters?

    Generally speaking I tend to stick to Intel NIC's ( that are on the HCL ) unless using HP Servers as HP will only support HP NICs in there Servers, so now Check Point only do HP NIC in HP Servers as...
  14. Replies
    2
    Views
    887

    Re: User access role not working properly

    By Default a User Association will last for serveral hours, 720min is I think the default.

    Unless you have the "Assume that only one user is connected per computer" enabled then when the next user...
  15. Replies
    5
    Views
    1,407

    Re: 77.30 Update Install Hotfix 216 to 317 ?

    Would suggest that firstly do the Management, and check that everything still works

    Then do the Standby Member, failover and test

    Once Happy that the Standby Works then do the Second member.
    ...
  16. Replies
    5
    Views
    1,407

    Re: 77.30 Update Install Hotfix 216 to 317 ?

    When you install the new Jumbo then the first thing it does is uninstall the existing one first.

    No problem going to a GA Jumbo 317 from 216.

    Main thing will be if you have any point hotfixes...
  17. Replies
    5
    Views
    698

    Re: VPN Problem 10% of User

    Certainly that would agree with what get quite a bit from TAC advising to reboot semi-regularly. Depending upon how often deploy the GA Jumbo Hotfixes then likely to be getting reboots on a...
  18. Re: Migrate external Interface to bond interface on production environment

    Presumption made here: You don't connect to the Firewall via the External Interface.

    Connect to the Standby Firewall
    Remove Config for External Interface
    Create New Bond for External Interface...
  19. Replies
    1
    Views
    937

    Re: problems with terminal Server Agent

    Confirm if talking about installation on a Terminal Server as all Agents installed onto Terminal Server have been

    muhAgent.exe

    Not IdentityAgent.exe as per you information.

    Sounds as though...
  20. Thread: AWS CFT

    by mdjmcnally
    Replies
    1
    Views
    1,350

    Re: AWS CFT

    Probably better off approaching your Check Point SE or Check Point Partner about that as this is a User Group. Whilst there are some Check Point employee's on here that may be able to respond I...
  21. Replies
    4
    Views
    544

    Re: Second Public IP Range / Topology

    If your ISP is routing the new subnet to the Cluster Address of your existing Public IP Range then unless you are going to deploy Systems with an address in the new range ( and I mean actual boxes or...
Results 1 to 21 of 21