Skip navigation
All Places > About CheckMates > Blog
1 2 3 4 Previous Next

About CheckMates

50 posts

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates Events in Canada

This week, I was in the Great White North doing the "Migrate to R80.10" talk, which has been very popular!

Peter Stack claimed he could have filled more than a couple rooms in Toronto--may have to take him up on that in the future

 

 

Someone even brought me an old Check Point CD to autograph. I had signed it before, too!

 

 

Meanwhile, we did a smaller, more intimate event in Calgary:

 

 

Next week, I'll be in Atlanta! 

If you haven't already signed up for the event: Atlanta: Check Point R80 API and Bring Your Own Malware 

 

Community Highlights

Meanwhile, here are the top threads from the past week:

 

CPAPI - Web API Tool 

A sample web portal that leverages the R80.x APIs to create objects and rules.

 

Upgrade 1470 to 1490 

Yes, you can do this!

 

How to check the access list in Check Point via CLI 

Covers both R77.30 and R80.10

 

Best Practice: Skype for Business (Lync) with(out) QoS 

Do you use Skype for Business with or without QoS? Weigh in!

 

Management Server Internet Facing 

Should you or should you not expose your management server to the Internet?

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

Community Highlights

Here are the top threads from the past week:

 

R80+ Change Control: A Visual Guide 

Building on the work of others and previous CheckMates articles, Tim Hall has put together a nice visual guide!

 

R80.10 upgrade from JHF 70 to JHF 91 failed 

Upgrading between JHF releases might fail if you also have private fixes installed that were not integrated into the Jumbo Hotfix.

 

VSX: Add Many Routes At Once? 

Yes, it's possible to do.

 

Understanding Threat Emulation logs 

This article digs into what you might find in the Threat Emulation logs.

 

What do you use for monitoring Gateways/Management? 

Some suggested tools you can use to monitor your network (including Check Point gateways).

 

Properly defining the Internet within a security policy 

An older thread that has cropped up with some new suggestions.

 

Did you know? Add Snort Protections with R80.10 API 

Snort is the language you can use to add custom signatures to our IPS. Those signatures can be loaded through the API.

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

Community Highlights

Here are the top threads from the past week:

 

Threat Prevention Cyber-attacks dashboard 

As promised in the Security Visibility Best Practices with SmartEvent TechTalk, Oren Koren has made available the "Cyber Kill Chain" SmartEvent report for R80.10.

 

R80.10 log server question 

A thread on setting up a separate log server in R80.10, which you might want to do in larger environments.

 

Overview of ISOmorphic and Blink 

To tide you over until our TechTalk on CDT and Blink, we provide a video overview of ISOmorphic and Blink.

 

GAIA R80.20 Release Date And New Features?   

People are definitely interested in R80.20. This is the list of features in an EA release and may not be final.

 

Management Public IP redundancy 

$FWDIR/conf/masters is still a thing

 

Security Gateway Inventory  

Useful script that queries the various gateways that are managed to get a complete inventory of what's running what.

 

How to deal with DNS over HTTPS, DNS over TLS, QUIC and PSOM? 

A "best practices" and "what's possible" discussion (not entirely Check Point specific, but useful none the less).

 

Editing Policy from no layers to 2 layers 

Explanation of a concept that might look confusing when you start adding policy layers. 

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

It's that time of the month, where we recognize great contributors to the CheckMates community. 

Put your virtual hands together for Member of the Month: H. A.

Heiko was an easy choice thanks to his fantastic work on mapping the various TCP/UDP ports used by Check Point products visually: Ports Used for Communication by Various Check Point Modules (and updating based on feedback).

That and a number of other threads!

 

Heiko, tell us a little about yourself & what you do

Born in Germany, I have been working as an IT Security Consultant for AXIANS IT Security GmbH with Check Point and other security products for about 10 years. My experience with Check Point products goes back to the year 1997 (FireWall-1 version 3.0b). Privately, I like to relax with my family or do sports--mountain biking or ice hockey. It helps to forget the IT issues

Tell us a little about your experience with Check Point

I see Check Point as a technology leader since 1997. That is why I have worked hard to earn my CCSM and work on all Check Point products from SMB Appliances to 61K Appliances. I like to optimize the performance of Check Point Firewalls and Software Blades. Furthermore, I find the debugging of the Blades very interesting. It's helpful to our customers here.

 

Do you have a unique deployment of a Check Point product?

I have a VMWare Lab zoo and a couple of Appliances in our LAB. Feels like a million systems!

 

What do you use the CheckMates platform for?

I think the exchange of information in CheckMates is great. I like it and I think the participation is great. Well done!

 

What do you like to do for fun?

When I not working. Have a lot of fun with my kids and my family.

 

If you could create any new technology right now, what would it be?

Fully automated houses secured by Check Point. Alternatively without Internet connection

 

Anything else you'd like to let other CheckMates members know about?

Keep up the good work. It's a great forum with great users. A thank you to everyone who wrote great articles and answers here.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates Live in Denver (x2) and Omaha

This past week, I was at CheckMates Live events in the Denver area (Centennial and Westminster) that were well attended!

 

 

 

 

Also, the local team in Nebraska put on an event in Omaha!

 

 

Community Highlights

Here are the top threads from the past week:

 

Bash script to show IP ranges for Countries from GeoProtection (ip2country.csv) 

Perhaps this could be extended to automatically create objects based on this?

 

Fortigate Firewall ICAP and Sandblast (TEX) 

Did you know that you can even leverage the power of Check Point SandBlast if your perimeter gateway is Fortinet? Yes you can, if you integrate using ICAP.

 

MTA on R80.10 VSX 

Pointers to the documentation on how to do it as well as a member explaining how to do it.

 

Can I do R80.10 downgrade to R77.30?  

The only way to downgrade is by restoring a backup.

 

Best way to handle locked session (locked but not available on session panel) 

This shouldn't happen, but if it does...

 

Delete Rules with a Zero Hit Count 

Very useful R80.x script.

 

R80.10 Tip Of The Day: Separate the Install Policy Permission 

Customers with strict change control might appreciate this tip.

 

Natting to an IP range not directly connected 

Had to dig into the phoneboy.com archives for the answer to this one

 

Log Exporter guide 

Some nice FAQs from one of the developers who worked on our new Log Exporter tool

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

There are a few CheckMates Live events happening this week in different parts of the US:

 

 

If you're in the area, please join your fellow Check Point users for some information sharing, food, drinks, and fun!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates in Denver and DC

 

This past week, I was in Denver and DC doing CheckMates Live events.

In Denver, we were in the Fan Cave at Mile High Stadium:

 

In Washington DC, we were at The Board Room!

 

 

Community Highlights

Here are the top threads from the past week:

 

Share your custom SmartView views & reports at CheckMates 

Following our Security Visibility Best Practices with SmartEvent TechTalk, people started asking for SmartEvent Reports and Views from the community. Here's a place where you can share yours!

 

R80.10 Syslog Exporter 

We finally released what had been referred to as LogOut, an enhanced ability to export Check Point logs via syslog.

 

Migrate R77.30 standalone system to R80.10 Distributed system 

Some good advice here if you're looking to upgrade and expand your Check Point environment.

 

Restricting Remote Access by IPv4 Address 

If you want to only allow remote access from specific IPv4 addresses, here's how to do it.

 

High latency after Check Point firewall from R77.30 to R80.10 

Every situation is different. Some good troubleshooting tips here.

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

 

We are also looking at doing at events in the following locations in the next several weeks:

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

Community Highlights

Here are the top threads from the past week:

 

Security Visibility Best Practices with SmartEvent TechTalk 

In case you missed it, we did a TechTalk on SmartEvent discussing best practices. There was also a lot of questions we could not get to during the session that we are still going through, so check back! 

 

CheckMates Member of the Month for March 2018: Guenther Albrecht 

Missed doing one of these in February 

 

Ports Used for Communication by Various Check Point Modules 

This is continuing to be updated by the community and now includes the various ports used by R80.10, which add a few additional ports compared to R77.30 and earlier.

 

Check Point Inspection points-iIoO 

If you've ever used fw monitor before and wondered what the iIoO refers to, this thread will help!

 

How to release lock from objects in R80.10 

In case your objects or rules by a lock you can't find in SmartConsole, here's how to solve that.

 

Multiple Policy installation 

Currently not supported directly, but you can workaround it with some scripting and the API.

 

Campfire Stories 

Another thread for those of us who have been using, deploying, supporting, or working with/for Check Point for a long time to share some stories about how we used to push our firewalls to school uphill both ways (and we liked it!)

 

IPCALC on CLI 

Didn't know this tool was included in Gaia. Useful tool to help you figure out IP/netmask related information!

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

 

We are also looking at doing at events in the following locations in April!

Check Point is proud to name its CheckMates Member of the Month for March 2018: Guenther Albrecht! 

 

 

Guenther, tell us a little about yourself & what you do

Born in Vienna, Austria, I have started my business life in Tech Support at a Software and Hardware Distribution company for the DTP revolution. The other part of my brain is the musician and composer, and I have created CD-ROM and DVD productions. I am working in Check Point Support for Check Point Certified Service Partner Arrow ECS Internet Security AG since 2009.

 

Tell us a little about your experience with Check Point

I see Check Point more from the bird's eye view, as I am not at a customer site or have to deploy and configure an installation. This gives me time to read manuals, release notes and SKs as well as perform tests for specific problems ;-)

 

Do you have a unique deployment of a Check Point product?

I have a Vmware Lab zoo and a couple of SMB units on my desk.

 

What do you use the CheckMates platform for?

Giving and getting information.

 

What do you like to do for fun?

When not reading dusty books, listening to strange music or looking art videos, I at least try to sort my vast collection of media.

 

If you could create any new technology right now, what would it be?

A thinking trainer for the human brain that really works - it seems that less and less people are able to do that well

 

Anything else you'd like to let other CheckMates members know about?

My homepage - soundhome.mur.at - but just for the hard.boiled ;-)

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Unfortunately, with the CPX events, I haven't been consistently producing these "weekly" posts.

Now that CPX is over, and all the content is posted, I should be able to get back to a regular cadence.

Community Highlights

Here are the top threads from the past week or two:

 

TechTalk Wednesday Schedule 

We've updated our monthly TechTalk schedule with some additional talks that we're planning over the next several months.

Which one are you looking forward to?

 

Best way to Upgrade MDM & VSX Cluster from R77.30 to R80.10 

Summary of some best practices for doing this here.

 

PBRs and ISP redundancy on SMB appliances 

Yes, unlike on non-SMB appliances, this is supported.

 

Python tool for exporting/importing a policy package or parts of it 

Robert Decker has done a great job improving this tool based on your feedback. Keep it coming!

 

Overview of ISOmorphic and Blink 

To tide you over until we do our TechTalk on CDT and Blink, Bob Bent has created a video on ISOmorphic and Blink.

 

SMB devices SK´s 

A nice list of SecureKnowledge articles about SMB Appliances.

 

IPS packet capture, where are they? 

This is an older thread that someone posted the correct answer to recently. It's never too late for a correct answer

 

Basic Ports and Module Communication 

While this is covered in an SK, it's the first time I've seen it portrayed graphically.

 

SMB units SMS files for VPN fine-tuning 

If you need to make manual changes to certain VPN configurations and you're using a self-managed SMB appliance, here's where to find the necessary files to modify and how to make them take effect.

 

Upcoming Events

And yes, now that all the CPX events are over with, I can get back to doing local user groups again!

Here's what's coming up in the next few weeks:

 

 

We are also looking at doing at events in the following locations in April!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

And yes, if you want to find out about CheckMates Pro: Announcing CheckMates Pro! 

 

Community Highlights

 

What is the practical example to use Bridged Mode?  

Some good discussion about potential use cases for this feature. How are you using it?

 

Bandwidth limit per app /category 

How to confirm the limits you've set are working?

 

RAD kernel errors 

If you're having issues with URL Filtering, this is something to check.

 

Viewing Fan Status on non-Checkpoint Appliance 

For those of you using Open Servers...

 

Creating reports with tracking "per connection" 

Most of the reports in SmartEvent R80.10 are created "per session" instead of "per connection"...by design.

 

Can't connect to management server via smart dashboard 

This is a known issue that impacts fresh installation of R77.30 that occurred after January 24th. Details in this article.

 

Events tab in R80.10 removed? 

Some of the pre-built views in R77.30/NGSE SmartEvent aren't there, but they are easy enough to build or customize.

 

Supporting more Complex Passwords without using a RADIUS/TACACS+ Server 

One of those "bright ideas" I had that I decided to try out and write up

 

fw_runfilter_ex(ctx id 0): function does not exist -1 

If you are pushing a policy to more than one gateway at a time and these gateways have different Inspection Settings...you may run into this issue.

 

Running Management API commands from the R80 SmartConsole GUI - tips and tricks 

A few useful tips and tricks to keep in mind.

 

Upcoming Events

If you're coming to CPX360in Bangkok, CheckMates will be there

 

Meanwhile, our upcoming TechTalks include:

We will update this post with pictures and the like from CPX360 Asia in Bangkok!

 

Past events:

 

CheckMates will have a booth on the Expo floor and will run several breakout sessions as follows:

 

Wednesday 28th February 2018:

  • 13:30 - 14:00: Best of CheckMates: My Top Check Point CLI Commands - Moti SageyDameon Welch Abernathy
  • 14:00 - 14:30: vSEC on AWS cloud use case and best practices - Aaron Mckeown - Head of Security Engineering & Architecture Xero
  • 15:00 - 15:30: Adaptive Security Framework for Internet of Drones - Rohan Patil - Head of Operations, VISTA InfoSec
  • 15:30 - 16:00: Artificial Intelligence in Managed Incident Response - Ramandeep Singh- CEO, QOS Technology

 

Thursday 1 March 2018:

  • 13:30 - 14:00: Industrial Control Systems Use Cases - Mati Epstein - Check Point 
  • 14:00 - 14:30: Check Point R80.X Workflow, API and Automation Use Cases - Ekta Siwani - Senior Software Engineer QOS Technology
  • 15:00 - 15:30: Wait, Wait, Don’t Click That! Minimizing the User Factor as a Security Risk - Joshua Behar, CEO, Ericom
  • 15:30 - 16:00: L’Oréal vSEC Case Study - Jay Togarrati Infrastructure Manager, L’Oréal 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Community Highlights

Last week, the CheckMates team was in Las Vegas.

This week was mostly spent recovering.

However, the community is continuing to grow and expand!

 

How to get all the information about a deleted rule 

Another example of the power of the R80.10 API.

 

Inline layer question 

A good discussion of how packets are processed with inline layers in R80.10.

 

Inspection of Inter-Subnet traffic in AWS VPC using CloudGuard 

Some great stuff here on protecting resources within your VPC on different subnets with CloudGuard (vSEC) gateways!

 

Combining all interfaces in one bond, how bad is this practice? 

Vigorous debate in this thread. There's reasons to do it (and not).

 

Protecting AWS S3 Buckets with SandBlast 

Demoed at CPX360 Las Vegas, you can now protect your S3 buckets with SandBlast!

 

Docker Container Service Objects 

Integrate Docker Containers with the Check Point Security Policy via the API!

 

IP List Enforcement using Identity API  

Another way to block IPs without doing a policy installation, this time using the Identity Awareness API!

 

R80.10 IPS Best Practices Guide 

Finally published and will help you get the most out of IPS in R80.10!

 

Cloud Guard: Automated firewall Cluster Deployment with auto-scaling option 

Even if you're not using Azure, these scripts may help with the creation of cluster objects via scripting (as it's not something that can be done via the R80.x API yet).

 

Blink, anyone ? 

Have you used Blink to install a gateway in 5-7 minutes with jumbo hotfixes? Share your experiences! If you haven't, try today!

 

Great Series of Articles on SMB Devices

Günther W. Albrecht has produced a series of informative documents related to SMB devices that are worth having a look at:

 

Upcoming Events

If you're coming to CPX360in Bangkok, CheckMates will be there

 

Meanwhile, our upcoming TechTalks include:

At CPX360 Las Vegas, we made a big CheckMates-related announcement: CheckMates Pro!

 

The purpose of the CheckMates Pro program is to reward our most active community members.

This is tracked through the use of points that are awarded for taking actions consistent with being an active community member.

This includes, but is not limited to:

  • Originating content on CheckMates that people participate in (either like, comment, vote on, mark as helpful, etc)
    • You are given points for both originating the content and activity that occurs on it.
  • Tag content
  • Mark replies as helpful or correct
  • Follow a space or person
  • Share content
  • Being given badges/awards by other users

 

If you accumulate at least 250 points in a calendar year (tracked from the date you joined CheckMates), you can claim the following benefits:

 

  • A one year evaluation license where you can learn about the power of Check Point Infinity first-hand in your lab
    • This is an extended version of the "All-in-one" Eval you can request through UserCenter today, enabling the ability to use most Security Gateway and Management products.
  • A quarterly meeting with Check Point R&D on a topic area of your choosing

 

Terms and Conditions:

  • Must have earned at least 250 points per calendar year of membership on CheckMates.
  • Must reapply for benefit each year.
  • We reserve the right to modify the terms/conditions at any time.

 

If you qualify and wish to redeem this benefit, please email us at checkmates@checkpoint.com. Please include the User Center account # you wish to apply the benefit to. Requests can be submitted until April 1st

 

CheckMates was out in full force at CPX360 Las Vegas!

Many folks visited our booth:

 

 

And, of course, I was there:

 

 

Moti Sagey was also there presenting to our employees and partners:

 

 

CheckMates proper even made it to a general session, as did this guy FlatMoti:

 

 

That was a backstage shot, but FlatMoti even got on the general stage, thanks to Neatsun Ziv

 

 

We also had breakout tracks that we streamed live (schedule below)

 

Wednesday, 7 February 2018 in the Delfino Ballroom

  • 13:30 - 14:30
    • Best of CheckMates: My Top Check Point CLI Commands - Tim Hall
    • An Infinity Case Study: The Mississippi Secretary of State Experience - Russell Walker - Chief Technology Officer Mississippi Secretary of State 
    • Securing the Education Sector - Terry Hect - AT&T
  • 15:00 - 14:00
    • Deploying Check Point SandBlast Agent from Proof of Concept to Production - Joe Sullivan - Information Security Professional RCB Bank
    • Enterprise Security in the Cloud – The Benefits of Infrastructure as Code - DJ Schleen, Michael Trofi - 1US Holocaust Memorial Museum 

Thursday, 8 February 2018 in the Delfino Ballroom

  • 13:30 - 14:30
    • Cyber Race: Hacking The Giants - Oded Vanunu, Head of Products Vulnerability Research Check Point 
    • Security Infrastructure as Code - Kellman Meghu - Global Security Manager, Sycomp
  • 15:00-16:00
    • Artificial Intelligence in Managed Incident Response - Ramandeep Singh- CEO, QOS Technology 
    • Building your very own Check Point “playground" - Eric Anderson - Chief Technology Officer Netanium 
    • More Security is Less Security Or How HTTPS Blinds Security Architectures - Eric Crutchlow Security Engineer Check Point

 

Here's my makeshift streaming rig:

 

 

And let's not forget the biggest announcement: Announcing CheckMates Pro!

 

While not CheckMates related, strictly speaking, I couldn't resist sharing that Check Point ads will be showing up in airports near you soon!

 

 

 

It was fun, Las Vegas!

Next up for the CheckMates team: Bangkok!