Skip navigation
All Places > About CheckMates > Blog > 2017 > September
2017

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, we post relevant threads to our social media accounts:

 

Administrivia

Somehow, I managed to publish the "This Week in CheckMates" post for last week without actually finishing it.

I guess that's an occupational hazard of traveling, as I was in London and Ireland last week for CheckMates events  

If you care, I've updated it with good content from last week: This Week in CheckMates: Week of 18th September 2017

Also, I'm now naming these posts with the date that they intend to be published, so you know to what point they cover.

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

All About Bashware: Overview and Demonstration

Earlier this week our researchers did a deep dive on Bashware, a method that exploits the Windows Subsystem for Linux that's now available for Windows 10, to "hide" from threat prevention products. There's an eye-popping demo you don't want to miss!

 

What is your favorite hidden feature in R80.10? 

R80.10 has a lot of new features, some of them were widely publicized, some where not. What's your favorite?

 

Layers and the Cleanup Rule 

Speaking of new features in R80, we made some improvements in SmartConsole to remind you about the Cleanup Rule and give you some hints about best practices.

 

Does R80.10 support OPSEC? 

Of course it does, but there are a few caveats highlighted in this post.

 

Network object definition based on FQDN 

We've had Domain Objects for quite some time. In R80.10, we improved them substantially.

 

Did You Know...

There is a mobile app available for CheckMates?

While the CheckMates Community site is fairly mobile-friendly, some prefer a native mobile app that can provide push notifications on responses to posts.

You can download the Jive Daily app for iOS or Android as follows:

When prompted, enter community.checkpoint.com as the community and sign in with your User Center credentials.

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, follow our Twitter account where threads are highlighted regularly: @CPCheckMates!

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

I am Dorit Dor, VP of Products for Check Point, Ask Me Anything!

We had a lot of great questions asked as part of this event! If you want to see where we're taking the Check Point Infinity vision next, you definitely want to read through this post along with the comments. Follow questions to things mentioned here should be posted on CheckMates in the appropriate space. 

 

Filter option in R80.10 show-access-rulebase API 

This particular API call is case-sensitive. Action != action, it turns out.

 

How to monitor bandwidth limit for application control 

Seems reasonable to want to see how close you are to the limit you've configured for a specific rule, right? Here's how to do that.

 

What is the impact (performance wise and other aspects) of setting Check Point as an MTA so as to utilize Threat Extraction?

Threat Extraction doesn't add much. That said, it depends on the configuration...

 

Managing r80.10 AWS vSEC from On-Prem SMS via existing VPN 

Short answer: you don't manage over a VPN. There's good reasons for not doing this, which are described in the thread.

 

Did You Know...

We are starting up a number of local CheckMates chapters?

We've got a list of areas where groups are forming.

Simply find your local area and ask to join.

There isn't a local one to you? Then ask for one to be created!

 

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, follow our Twitter account where threads are highlighted regularly: @CPCheckMates!

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

I am Dorit Dor, VP of Products for Check Point, Ask Me Anything!

We've seen a lot of great questions asked so far of Dr. Dorit Dor, answers for which will be revealed on Monday. Have you got your question in yet?

 

Bulk Add Network Objects

The R80 Management API makes this much easier to do than it was in R77.x with dbedit. 

 

Central Script to run command on multiple gateways

You can leverage the R80 Management API and the cprid_util to remotely execute commands on all your Check Point gateways.

 

Proxy Arp's for subnet not on firewall

How do "arp" for a translated address that's not on your local subnet, particularly when you don't have control over the upstream router? You do something similar to what's described in this thread.

 

Upgrade from R77.20 to R80.10, and failed to verify policy

One thing the Pre-Upgrade Verifier does not do is check the validity of your rules. Which, due to a validation bug in R77.20, caused a problem when upgrading to R80.10.

Sandboxing http/https traffics with third party web proxy in place

In some releases, it is possible to enable ICAP Server support. This will allow you to use a third party web proxy to send traffic to Check Point Threat Emulation.

 

 

Did You Know...

We are starting up a number of local CheckMates chapters?

We've got a list of areas where groups are forming.

Simply find your local area and ask to join.

There isn't a local one to you? Then ask for one to be created!

 

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Each month, we plan to highlight a specific member of the community. For September, that person is Valeri Loukine!

 

The September Check Mates Member of the Month is Valeri Loukine, Sr Security Consulting Architect with Dimension data. Valeri has been one of the strongest contributors to the community providing advice to fellow members and actively engaging in technical conversations to learn more and stay on the cutting edge of (Check Point) security. Many thanks To Valeri for his contributions and participation to help make Check Mates an educational, informative and engaging place to visit!

 

At his day job at Dimension Data Valeri is a “Swiss army knife” for all things security. On any given day he can be found educating potential customers on security, designing customer’s security strategies, or implementing products for customers.

 

Deeply familiar with Check Point products, Valeri has been working with them for more than 15 years. AS part of his on-going commitment to customer success, he is actively engaged in dialog with Check Point via the Check Point user Group (CPUG) and now Check Mates.  While CPUG  has  been  a  great  resource, Check  Mates has  enabled  him to get answers  to  his   technical inquiries  faster through more   direct access   to  Checkpoint  experts.

 

In his spare time Valeri enjoys spending time with his granddaughter in Israel, writing poetry and riding his Harley Davidson through the breath-taking Swiss Alps.

 

On behalf of CheckMates, we thank Valeri for sharing his valuable knowledge with us!

 

Our interview questions and answers are below:

 

Tell us a little about yourself & what you do

These days you can consider me a Swiss Army Knife for Check Point security. I do all of it: technical presales, design, architecture, implementations, migrations, upgrades and support. I also do other security vendors, although on a lesser scale. I train people, write and deliver technical security courses. I consult on security, both on technical and conceptual topics.

 

Tell us a little about your experience with Check Point

I touched Check Point FW first time in 1999. Then it went up hill dramatically after joining Israeli Check Point office in 2000. Since then, I am a Check Point expert. Moving through the ranks, changing positions from VPN QA specialist at the beginning to Check Point Profession Services Consultant at the end of my work at CP Israel would do that to anybody else.

 

After joining Dimension Data in Switzerland in 2008, I commenced participating in CPUG (cpug.org) activities and eventually became CPUG ambassador in Europe. It also happened that I was the first person in Switzerland to achieve CCMA certification. I am most probably the last one to have it still active, at least here

 

You may also mention my CCMA blog: http://checkpoint-master-architect.blogspot.ch/

 

Do you have a unique deployment of a Check Point product?

 

Every single project I do with Check Point is unique. It is really hard to distinguish just one. I have been to places and seen things. Do not even get me started, otherwise I will not stop talking for a week

 

What do you use the CheckMates platform for?

CheckMates is a great tool to share experience, learn things and get in touch with experts. Being a CPUG.org member for over a decade, I have seen multiple Check Point attempts to create something similar. I am happy you have finally found a nice way to do so.

 

What do you like to do for fun? (Hobbies)

Work is fun, most of the time, but I guess the question is not about it. In my spare time, I enjoy spending time with my granddaughter in Israel, writing poetry and riding my Harley. Some hiking in Swiss mountains and touring interesting places are also in the list.

 

 

If you could create any new technology right now, what would it be?

Why should it be technology? One of my distant dreams is to write a book about history of Check Point. Not about technology, although this topic is also fascinating, but about people in and around the company. There are many interesting, dramatic, funny, happy, and sometimes tragic stories there. I have stumbled on some while doing research for a “Short History of Check Point Firewalls” chapter of CPUG papers project: https://www.cpug.org/forums/showthread.php/21868-Paper-1-Brief-History-Of-Check-Point-Firewalls

 

That is a very deep well to drink from, I promise you.

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, follow our Twitter account where threads are highlighted regularly: @CPCheckMates!

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

Automating IPS

You can leverage the tags feature in IPS profiles in R80+ to make it easier to keep just the right IPS protections active.

 

HowTo - Creating an scpuser account on Gaia Clish

Short and sweet article, which could easily be turned into an Ansible playbook for automation purposes!

 

R77.30 VSX appliance upgrade to R80.10 

If you're planning to upgrade your VSX gateway appliance to R80.10, have a look at this thread. Have you upgraded your VSX to R80.10 yet to leverage 64bit virtual systems, among other things?

 

Activating NGTX (Cloud SandBox) on your gateway 

If you've purchased NGTX with your latest Check Point Appliance package, but haven't activated it yet, here's how to activate it for maximum protection.

 

Check Point Support Resources - Top 10

If you're looking from help from Check Point, here's a list of resources (aside from CheckMates, of course) where you can turn to in order to get help.

 

 

Did You Know...

 

We have a lot of spaces on CheckMates where you can ask for help?

The spaces are organized by topics and product lines.

This is done to make it easier to find relevant content and allows the relevant people inside Check Point to monitor and respond accordingly.

Refer to the following document for a list of products and what spaces they map to: All Products and Where To Post About Them

 

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, follow our Twitter account where threads are highlighted regularly: @CPCheckMates!

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

Bandwidth Monitoring of Specific Interface? 

A new user moving from a different vendor's solution asks about how to monitor the bandwidth used by a specific interface. This thread explains how to do that using SmartView Monitor.

How to revert a Policy or discard changes? 

The way you revert a policy to a previous version in R80+ has changed from R77.30 and earlier. This thread details those changes.

 

Log cleaning rule

Nicolas Boisse created a script to query all your gateways, determine their broadcast address, and create a rule that will drop broadcasts from those networks.

 

Check Point configuration mistakes - Top 10

Danny Jung shares his Top 10 configuration mistakes he sees people make. The good news is that in R80.10, we've made it easier to do the right thing. 

 

Updated Scripts from Check Point 

The Kobi Eisenkraft updated several of the scripts previously published to Developers (Code Hub) and published the source to Github:

 

Did You Know...

There is a mobile app available for CheckMates?

While the CheckMates Community site is fairly mobile-friendly, some prefer a native mobile app that can provide push notifications on responses to posts.

You can download the Jive Daily app for iOS or Android as follows:

When prompted, enter community.checkpoint.com as the community and sign in with your User Center credentials.

 

Upcoming Events

Our upcoming events in September include:

  • Cloud Security Best Practices with Amit Schnitzer on September 6th
  • Ask Me Anything with Dorit Dor and her team on September 18th

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us: