Skip navigation
All Places > About CheckMates > Blog
1 2 3 Previous Next

About CheckMates

86 posts

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

CheckMates Champions in Israel

We brought CheckMates Members and Contributors of the Year winners to our headquarters in Tel Aviv to collaborate, meet with Check Point R&D, and of course show them the beautiful county of Israel! 

 

It was a pleasure to host you Heiko Ankenbrand, Timothy Hall, Vladimir Yakovlev, and Danny Jung!

 

 

And yes, this included a meeting with Gil and Dorit, who autographed a couple of items for Danny and Heiko!

 

 

Heiko Ankenbrand even made a little video about the experience: Thanks for Checkmates Winners Event  

 

Community Highlights

Meanwhile, conversations continued, despite an issue that prevented some of you from logging in during the week.

Here are the highlights:

 

Properly defining the Internet within a security policy 

This is definitely much easier in R80.10+ gateways where you can use the "Internet" object.

 

SmartConsole AD authentication  

Not natively supported, but it is possible to get working via RADIUS.

 

Article of the Week - Check Point Packet Injector 

Did you know we've had this tool for more than a year now?

 

R80.10 VRRP cluster: To hide or not to hide members ip? 

That...is the question.

 

Threat Prevention Meta Data 

Defines how severity, performance and confidence levels are assigned to new protections across various threat prevention blades.

 

R80.x Security Gateway Architecture (Acceleration Card Offloading) 

One of the sessions we had this week in Tel Aviv was the new acceleration architecture in R80.20, primarily in place to support the upcoming Falcon Accelerator cards (among other things).

 

Check Point For Beginners Lectures Series. Part 1 - The Architecture 

Basics on the Infinity Architecture.

 

Replacing a member in an Azure Cluster 

Works a bit different i public clouds, but it can be done.

 

R80.20 SecureXL + new chain modules + fw monitor 

You'll see a few new things when you start looking around in fw monitor and SecureXL.

 

Using Postman API development tool to experience SandBlast API 

Postman is a great tool for learning how to use the API, and now you can use it with the SandBlast API!

 

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

CheckMates in Paris

Valeri Loukine did an event in our Paris office this week.

Here's a brief video he recorded prior to the start of the event.

 

 

Community Highlights

Meanwhile we've had a lot of discussions  the past week.

Here's some of the highlights:

 

R80.20 Discussions

Highlighting the threads where R80.20 topics are being discussed.

 

Check Point for Beginners

For those who haven't been around quite as long as Valeri Loukine and I have, we have a brief history lesson: Brief History of Check Point Firewalls . There are also several videos on the subject as well:

More content will be posted here in the coming days/weeks!

 

IPS Analyzer Tool - How to analyze IPS performance efficiently 

Lets you see the performance impact of various IPS protections.

 

High Performance Gateways and Tuning 

Nice followup discussion to TechTalk: Security Gateway Performance Optimization with Tim Hall. See also: Show me yours 

 

Searching zero hits rules in R80.10 

You have to use the API to do it.

 

R77.30 to R80.10 upgrade/migration to new Smart-1?    

Migrate export/import is your friend.

 

ckpSSL ssl lib error 

This can happen when you're attempting to manage unsupported versions of Security Gateway.

 

Enhanced Threat Prevention System Query: Set a Column Profile to Match Your Log Query 

How to more easily see when Threat Prevention signatures get updated.

 

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

Community Highlights

Here are the top threads of the past week or so:

 

Check Point R80.20 is now GA

A few threads related to R80.20, which was released in the last week.

 

TechTalk: Security Gateway Performance Optimization with Tim Hall 

The "Super Seven" commands in all their glory. Discussion about and many questions answered!

 

Remote Access VPN in a Load-sharing Cluster Environment 

Here's a thread on getting it all working together.

 

Automatic Configuration of Appliance on boot 

There's a couple ways to do it, depending on if it's a physical appliance or a virtual one.

 

SMS lost connection to all 

SIC got out of sync and needed to be reset.

 

Security Gateway Inventory  

Script has been updated to capture MAC addresses of Security Gateways as well.

 

Install database process 

There is Install Policy and there is Install Database.

 

Mobile Access client options - general questions 

There are several options for Remote Access.

 

Maintenance actions that should be performed by admins 

Are you doing these things on your Security Gateways?

 

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

 

CheckMates Comes to Texas

One of the events I did this week was in our newly expanded office space in our Dallas TAC, which is still under construction:

 

I also had to say hi to Jason Tugwell and Toni Ponder in our Training and Certification team:

 

And, of course, it's new iPhone time.

Had to check out CheckMates on the Xs Max!

Looks great, as expected!

 

Community Highlights

Here are the top threads of the past week or so:

 

Vote for R77.30 support extension 

This unofficial poll has generated a lot of discussion. Even Product Management has chimed in!

 

Troubleshooting policy installation 

Some pointed questions (and answers) about how to do this.

 

multidomain and mgmt_cli 

If you're using Multi-Domain Management and using the CLI, make sure you're either logged into the domain or the domain is specified as part of the CLI command.

 

Create objects for Azure Data-Center IP ranges - Python script 

And the companion for R77.30 and earlier: Create/Update Azure Network/Group Objects for Public IP Space (77.30-below) 

 

Max Power (max) - Fix me beautiful 

This Bash script analyzes your Check Point system and provides advanced security, health and performance optimization tips.

 

Speed up your Snapshot creation and revert time 

Links to a couple SKs on the topic.

 

Cipher Configuration Tool (CCT) 

Simpler way to control what ciphers are permitted by various parts of the product.

 

Maintenance actions that should be performed by admins 

See also: Maintenance actions that should be performed by admins 

 

iOS12 Siri Shortcuts and MGMT API 

Speak to your phone and get the status of your firewalls.

 

 

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

 

New CheckMates Swag

Yes, I ordered some new stickers:

 

 

I also have some other stuff on order, some of which I will be giving away at CheckMates events in the near future.

What, exactly? You'll have to wait and see.

 

Community Highlights

Here are the top threads of the past week or so:

 

Call For Papers CPX 360 2019

After a very successful CheckMates track during 2018, we're putting out a Call For Papers for our upcoming global CPX 360 events for 2019!

 

Security Gateway Inventory  

A useful script when you've got a lot of gateways in a Multi-Domain Environment.

 

SmartConsole R80.10 (GA Build 073) now available 

SmartConsole R80.10 has gotten an update with some bugfixes.

 

R77.30 - Support until May 2019 

If you haven't upgraded to R80.x, there's no time like the present. Also some hints about R80.20 GA in this thread from a reliable source

 

Making Skype work properly with HTTPS inspection enabled featuring To Probe Bypass or Not To Probe Bypass 

This issue has come up a few times on CheckMates, and John Fenoughty seems to have come up with a way to make it play nice.

 

AW keeps deleting Dameware Service 

Exclusions have to be configured properly.

 

Emerging Technologies Training and Certification Materials 

Be sure to take advantage of this complimentary training for CheckMates members, if you haven't already!

 

 

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

 

CheckMates in the OC

Niran Turgeman and I were at the CPX in Southern California this week!

We, of course, had a booth:

 

 

And presented in a breakout session: 

 

I also had a lot of people come up to me to thank me for all the work I had done both in Ye Olden Days with the old FireWall-1 FAQ and the work we're currently doing with CheckMates.

It's always nice to be reminded of why I'm doing what I'm doing: helping others solve their problems.

 

CPX360 2019 is Coming!

We are looking ahead to our global CPX360 events in 2019 and want to make them better than ever!
You can help us do so by answering this short survey, which will also enter you in a drawing for Apple AirPods!

 

Community Highlights

Here are the top threads of the past week or so:

 

R80.20 EA for Gateway with Linux 3.10 Kernel Coming Soon 

We added some details about the benefits of the newer kernel to this thread and are looking for more Production EA customers!

 

GDPR and Check Point 

GDPR is a hot topic, not just for Europe, but pretty much every business that deals with Europe. This video gives some basics on the topic and how Check Point can help with this 

 

Cyber Attack View formal release for R80.10 & R80.20 

As promised a few months ago in a TechTalk...

 

Optimizing an IPS profile for SMB 

With added discussion about other blades in the comments.

 

RX-OVR drops and 10 gb hardware buffer 

Switching from multiple 1GB NICs to 10GB NICs definitely increases your throughput.

 

IPS exception for pre R80 gateways with R80 SMS 

IPS exceptions are managed differently for R80.x gateways versus pre-R80.x gateways.

 

How to change the SSL-VPN port on a locally managed SMB Appliance 

Pretty simple task, really, only made simpler when you can see how it's done with a video.

 

Emerging Technologies Training and Certification Materials 

This technology is key in stopping Gen V Cyber Threats and we're giving training on it away to CheckMates members for a limited time!

 

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

 

CheckMates in Norway

While I had a week off the road for a change, Valeri Loukine and Lillie Miller were in Norway for their local CPX!

 

 

 

Next week, Niran Turgeman and I will be at the CPX in Orange County, CA!

 

Community Highlights

Here are the top threads of the past week or so:

 

Getting Started on Check Point CheckMates - How To & FAQ 

Valeri Loukine and I (but mostly Valeri) updated our "Getting Started" page, which should be helpful for people who are new to CheckMates. 

 

A Primer on Anti-Spoofing 

I dusted off an old FAQ I wrote on Anti-Spoofing a couple decades ago and updated for current releases. And, of course, it prompted some questions

 

Threat Prevention policies after R77.30 to R80.10 migration. Is it correct? 

An oldie but goodie that comes up from time to time about the IPS Policy Layer when you're managing R77.x gateways from R80.x.

 

One Time Scripts on Gaia Embedded 

Can't be done via SmartConsole, but can be done on the CLI via cprid. 

 

Changing the Standalone Remote Access Client flavor 

Apparently one does not need to reinstall the Remote Access client to change the "flavor"

 

How to add a 30 day evaluation license to a SMB appliance 

More or less the same process for regular appliances as well. 

 

Check Point Active-Response Add-on for Splunk 

Our integration with Splunk has improved!

 

Tufin integration with Check Point R80.docx 

Speaking of partner integrations, here's how you integrate Check Point R80.x with Tufin!

 

IPS Core protection - I need help to better understand 

Another oldie but goodie: why did we move some of what were previously IPS protections to Inspection Settings.

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

 

CheckMates Live, Midwest Edition

This past week, I did three live events in Omaha, Des Moines, and Kansas City!

 

Of the three, the Fishtech office in Kansas City was the most impressive facility, complete with an AV crew:

 

 

And classic cars!

 

 

Community Highlights

 

Switch or Cable between ClusterXL members for the sync network? 

A nice "best practices" question. There's reasons to do both. See also the following thread: Check Point Clustering Query 

 

NAT Rules and fw tab 

Nice little command to print the NAT rules currently installed on the Security Gateway.

 

CCSA/CCSE certification study material at CP community

We don't have this yet, but would love to see this develop!

 

[tool] - https://tcpdump101.com 

First noticed on CheckMates in Retenir les commandes FW MonitorSean Murray-Ford posted about the tool in English and has already received a lot of great feedback.

 

R80.10 Security Management Performance Tuning Guide 

This long-overdue guide is now available! Hope we'll see one for R80.20.Mx soon.

 

VM specifications for the R80.20.M1  

We haven't published official specs for this yet, but there is some guidance in this thread.

 

Firewall priority queues setting 

More performance tuning education by Timothy Hall. Yes, we are planning a TechTalk on this. Stay tuned!

 

Activate bashUser via script on a Embedded Gaia device? 

Can be generalized to run any command on an Embedded Gaia (SMB) appliance using cprid.

 

R80.10 - Apps do not run on all services 

Pro-tip as you're moving your gateways to R80.10.

 

Check Point Diagnostic Console (cdc)  

A fork of Danny Jung's Common Check Point Commands (ccc) script.

 

Management API Changelog is now available 

Will be included in future releases as part of the on-device documentation as well.

 

New to Check Point Scripting - Where to start from? 

There are many ways to "script" in Check Point. 

 

MOTD after C2S VPN established 

You can run a post-connection script on the client to show a message.

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

 

CheckMates in the OH!

Moti Sagey, #FlatMoti, and I did an event in Cleveland:

 

Moti then went to St. Louis for a local CPX event:

 

Meanwhile, I drove down to Columbus and did another CheckMates event:

 

Community Highlights

Meanwhile, the  portion of the community continues to roll along!

Here are the top threads and content for the past week:

 

IPS Ease of Use in R80.20 TechTalk 

Want to get a sneak peak of how we're improving IPS in R80.20? Check this TechTalk out! You can also watch recordings of our past TechTalks as well!

 

R80.20 – Integrating Google Cloud Account 

Another "How To..... " Videos by Yair Herling showing you how to integrate with Google Cloud Platform.

 

Security Gateway Packet Flow and Acceleration - with Diagrams 

Different visual takes on how traffic is processed by the Security Gateway, depending on what features are used.

 

postman_collection R80.20.M1 

Postman is a way to see how our API works, and we now have an updated Postman Collection for R80.20.M1 (which does have some API changes).

 

IPS Geo-Policy Whitelist by Domain Name 

Not currently supported, but it's coming and there's a workaround in the meantime.

 

How to use Identity Awareness Tags in R80.20.M1 

Requires R80.10 and above gateways.

 

SIC issue 

Tricky issue the community was able to isolate and fix

 

IPS Bypass 

How does this work? This thread explains it.

 

Eventia Log Parsing & R80.20 (M1) 

If you're ingesting syslogs into your SmartEvent, the following (updated) parser might be useful.

 

Check Point Security gateway freezes, crashes, or reboots randomly, core dump files are not created 

Someone's annotated experience with troubleshooting these issues with sk31511

 

How are you using the SandBlast API? 

Did you realize we have an API for SandBlast? How are you using it? 

 

fw ctl zdebug - yea or nay? 

Do you use fw ctl zdebug? Chime in!

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language? Sure!

Do not forget that while most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

Community Highlights

While Dameon and flatmoti enjoy their vacation, 

we are having a very busy week here at checkmates:

 

R80.x Security Gateway Architecture (Logical Packet Flow) 

Heiko Ankenbrand endlessly continues perfecting his popular article.

There is also a spin-out discussion:

 

How does the Medium Path (PXL) and Content Inspection work with R80 

were we deepen our understanding of Medium Path and related technological solutions. The newest painting by Heiko Ankenbrand definitely helps:

 

 

Security Gateway Packet Flow and Acceleration - with Diagrams 

That is yet another attempt to put packet flows on a chart or two. This one is based on official Check Point GW architecture diagrams. FW path, Medium and Accelerated Paths are presented separately, for better clarity.

 

 How to use Identity Awareness Tags in R80.20.M1 

Tomer Sole explains the new Identity tagging feature available with R80.20.M1 release

 

R80.10 Upgrade Guide and Best Practices - Slideshow 

This is another Tomer's hit (members only, sorry folks, you need to register to get here)

 

Block specific File extention 

we learn that R80.10 is needed for that.

 

Build Azure CloudGuard using Terraform

the title says it all

 

Checkpoint r77.30 cluster migration from hardware to VM 

We are discussing the most gracious ways to move a cluster into new environment.

 

Check Point Lightboard Series - SandBlast Mobile Architecture 

Must seen video about SandBlast Mobile

 

Oldie but goldie:

Danny Jung's document  is almost one year old yet still steering interesting discussion in the comments: Common Check Point Commands (ccc) 

Another classic diagram R80.x Ports Used for Communication by Various Check Point Modules is still getting lots of hits

 

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in local language!

 

Community Highlights

Here's some threads to have a look at from the last week or so:

 

My Top 3 Check Point CLI commands 

This thread is more than a year old at this point and it is by far our most viewed and contributed to thread on CheckMates to date!

 

Lightboard Series - Understanding the Shared Responsibility Model 

Another "How To..... " Videos from Yair Herling about 

 

NATs Issue 

Some basics on Network Address Translation covered in this thread.

 

Legacy DHCP 

If you're upgrading to R80.10 and using Legacy DHCP services, check this thread.

 

Questions around API and Monitoring 

The answer is a run-script API call, but you have to read the output. Or use SNMP.

 

 

Packet Mode, a new way of searching through your security policy in R80.10 

It's available via the API but it works a little differently than through SmartConsole.

 

Restart SMB WebUI process (HTTPD) 

More specifically this is about restarting the UserCheck portal, which works the same as it does on a regular Security Gateway.

 

CloudGuard SaaS GA, prerequisites and minimum quantities

CloudGuard SaaS is launching soon and now has it's own space on CheckMates!

 

ICMP-Proto added to Anonymizer 

This issues has been resolved in the latest App Control signatures. Make sure you update and install policy!

 

cpug.org or CheckMates? 

A bit of history of the two sites here.

Upcoming Events

@

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Vancouver and Jackson

Valeri Loukine and I hit the road this week and did events in Vancouver, BC and Jackson, MS!

 

 

 

Community Highlights

Here's some threads to have a look at from the last week or so:

 

How-to Videos:

Last week, Yair Herling created a video about the High Availability Architecture with R80.10. You asked for one with a focus on multi-domain, Yair delivers! R80.10 High Availability in Multi Domain Environments 

We also have videos on Combining AD identity with AWS tags in Check Point CloudGuard Policy  and Step by Step deployment of automated, multi hub Transit VPC from Jonathan Lebowitsch!

 

SandBlast Mobile 3.0

This past week, we released SandBlast Mobile 3.0, which adds quite a lot of new features and functionality. We've got descriptions of the functionality and how to enable it on CheckMates:

 

Want to join R80.20 EA activities? 

We are actively looking for customers to join the R80.20 Early Availability program, specifically the private EA. Check the details here!

 

Emerging Technologies Training and Certification Materials 

Yes, we offer free training on our emerging technologies!

 

OPSEC LEA  pull from a SIEM on R80.10 Smart-1 Log Server 

If you have restricted access between the management and log server and want to pull logs from the log server using LEA, this thread might be helpful.

 

R80.10 IPS packet capture...how does it work? 

If you're curious...

 

Check Point Firewall Admin Tasks 

Did we miss any essential tasks here?

 

Will (Smart)Workflow come back? 

This topic keeps coming up, both  and offline. Here's the definitive thread.

 

R80.x Security Gateway Architecture (Logical Packet Flow) 

Another great community diagram from Heiko Ankenbrand!

 

Tools and referenced SKs for R77.30 appliance to VM migration

For backups, testing upgrades, or actually doing the upgrades...

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Community Highlights

Here's some threads to have a look at from the last week or so:

 

How-To Videos

We've had a few "How To..... " Videos added this week:

 

Introduction to SecureKnowledge Weekly 

Valeri Loukine is starting to do a series of articles about SecureKnowledge, Check Point's official Knowledge Base. We also created a specific SecureKnowledge space for discussions related to SecureKnowledge. 

 

Check Point R80.20 Demo TechTalk and Q&A 

In addition to the actual demo (and recording thereof), there were a lot of questions around R80.20 that we answered in the comments.

 

SmartView: Accessing Check Point Logs from Web 

One thing that was improved in R80.20.M1 was SmartView. Some details in this thread.

 

Threat Prevention Policy Layers 

Discussion about how policy layers work for Threat Prevention and when logs are generated.

 

Content Awareness Log with file name 

Curious why sometimes Content Awareness doesn't log file names? Here's why.

 

Is there a way to get a file using the API? 

Not directly, at least currently, but...

 

Check Point Firewall Admin Tasks 

More "best practices" being added to this thread...

 

Is it possible to get gateways config without Manager ? 

This is why you need to do regular backups of your management.

 

R80.x Ports Used for Communication by Various Check Point Modules 

Heiko Ankenbrand keeps updating this fabulous document. 

 

Management API - internal structure 

There's a couple of different API servers: one that serves the REST API, and another one specifically for SmartConsole.

 

Emerging Technologies Web-Based Training Materials 

We offer free training on some of our emerging technologies, as described at the link above!

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

 

Shenanigans in Tel Aviv

I was in Tel Aviv this week along with Valeri Loukine and... stuff happened.

I talked with new hires about CheckMates:

 

I was a teleprompter for Moti (so was Valeri Loukine) while we were recording part of the Mid-Year Report - Top Wanted Malware of 2018 (so far):

 

And we recorded the live Q&A:

 

Community Highlights

Meanwhile, on the CheckMates community site, several discussions went on.

Here's a sample:

 

Check Point Firewall Admin Tasks 

More suggestions are showing up in this thread. What are your "suggested" task for a new Check Point admin (either totally new to Check Point or just a "new-to-you" Check Point environment)?

 

Forward tracker logs 

"Log Forwarding" only works to other Check Point log/management servers. To send them to syslog, use Log Exporter

 

Basic script for importing IP Address objects from feed (here office365)  

I'm sure, with some hacking, this script could be useful in other contexts!

 

R77.30 VSX appliance upgrade to R80.10 

An old thread that helped at least one person do the upgrade successfully. If you're planning to do this sort of upgrade soon, check it out!

 

VPN Troubleshooting Commands   

A nice list if you're troubleshooting issues with VPN on Check Point.

 

Log export to excel CSV 

Easiest way? Use SmartView!

 

Migrate policy and object to another smartmanagement 

There are many options, especially with R80.x!

 

Show bgp peers across VSX in CLI 

Nice little script

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

We also have a podcast now!

 

Community Highlights

Aside from Valeri Loukine joining the team, here's what else happened on CheckMates this past week:

 

More on R80.20.M1

A few new threads highlighting features of R80.20.M1:

 

Export Migration Tools 

What you need will depend on where you're starting from (OS) and where you're going to (version).

 

Identity Awareness issue 

Some issues with the MUH agent on a terminal server that were ultimately addressed by upgrading to the latest Jumbo Hotfix on R77.30.

 

Sam Rule and "sam: Failed to enforce inhibit rules" 

This is related to using the R80.x APIs to enforce SAM rules.

 

How to deploy Check Point AWS Quick Start  

A new "How To..... " Video showing how easy it is to deploy Check Point CloudGuard in AWS.

 

Application blocked but where is the application? 

Application Control and URL Filtering are treated similarly, which might cause a policy issue or two if you don't account for it.

 

Reading logs in the Management API ?  

There isn't an "API" for this, but you can use Log Exporter. Or ye olde fw log.

 

Script to Automate GAIA Configuration backup  

This captures the Gaia OS configuration (with some caveats).

 

R80.10 SmartConsole Linking Custom Sub-Views 

Tip of the week right here!

 

Check Point Firewall Admin Tasks 

If you're new to Check Point and taking over the administration of gateways, this thread has a few things you should do.

 

Upcoming Events