Skip navigation
All Places > About CheckMates > Blog > 2017 > December
2017

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Community Highlights

 

"How To..... " Videos 

In a recent survey we did of new users, one of the top requests for more "How To" content. We created a section dedicated to this content on CheckMates! 

 

R80.10 Upgrade 

If you're going to do this with migrate export/import, make sure you're using the right version of the tools to both export and import!

 

Gateway Cluster Hardware Upgrade 

Upgrading software on an existing cluster is one thing, but upgrading the hardware your existing cluster is using is a different story. Some hints and tips in this thread.

 

lvm_manager successor on R80.10 

Even though SKs state this tool isn't supported, it still seems to work, particularly if you bring the appliance into maintenance mode first.

 

What different for Content Awareness and Data Loss Prevention blade 

This thread shows you the differences. Also: Content Awareness is free, whereas DLP is not. 

 

 

Upcoming Events

We are scheduling CheckMates Live events for 2018...we'll share here once we have some confirmed dates and locations.

Meanwhile, our upcoming TechTalks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Community Highlights

 

R80.10 gateway cpu requirements 

Expecting a performance hit by upgrading your gateways to R80.10? In some cases, your performance may be better. It shouldn't be worse, though.

 

Upgrading from SMB to 5k appliance 

Issues with swapping hardware aside, how do you move the policy? It's not that difficult.

 

E80.71 Antimalware client blocking Skype traffic 

There's a new version of the Endpoint client (E80.71 HF1) that should resolve this and similar issues with HTTPS traffic being blocked.

 

R80 Identity awareness Client side logic/server side logic 

Good discussion about Identity Awareness in larger/managed server environments.

 

How to fw unloadlocal in Azure? 

Good tip on getting out of a jam with your vSEC gateways in Microsoft Azure.

 

Upcoming Events

We're planning more CheckMates Live events for 2018, but nothing to announce yet.

Stay tuned!

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Community Highlights

Between the three live events Moti Sagey and I were part of this past week along with the TechTalk on Wednesday, it's been quite the week! Here's the highlights:

 

Migrating to R80.10, a CheckMates Live Event! 

If you're curious what a CheckMates event is and/or haven't been able to attend one in your area, here's a sample we recorded in Philadelphia! 

 

Any easy way to roll back to R77.30 from R80.10 

The short answer is no, but there is some other useful information in this thread about the resources you will need to upgrade to R80.10 before you do so. 

 

fw monitor inspection point e or E 

fw monitor in R80.10 has new indicators for when it is displaying pre-encrypted (VPN) and post-encrypted traffic. 

 

TechTalk: Advanced Threat Prevention Best Practices 

If you haven't yet implemented advanced threat prevention in your environment, you don't want to miss this TechTalk given by Nicolas McKerrall!

 

R80.10 Logs and Monitor Pane – Hide Identities within Reports, Views and Logs.

Another how-to on using the logging and reporting features in R80.10.

 

Technical Audit of 4200 Appliance   

If you're auditing a Check Point appliance, what do you look for? Chime in here!

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Check Point is proud to name its CheckMates Member of the Month for December 2017: Hugo van der Kooij

 

An IT support engineer for 20 years, he’s seen versions of FireWall-1 from 3.0b on a variety of platforms to current releases. He still has to do the occasional midnight upgrade and has been known to come up with wild ideas that solve customer problems.

 

I’ve known Hugo for many years as he moderated my FireWall-1 Gurus mailing list during the 2000s. I’m personally grateful for both his past contributions and present contributions to CheckMates!

 

Hugo, tell us a little about yourself & what you do

I work for Qsight IT as support engineer for 20 years now. In that capacity, my first responsibility is to solve problems. But I also do the occasional midnight upgrades as we share those among our team of engineers.

 

Tell us a little about your experience with Check Point

I started off with Check Point version 3.0b on Solaris, mainly because I had been using Linux, Solaris, and various other flavors Unix at that time. I liked iPSO as well as it was a nice mix of hands-on Unix and a reasonably well-designed web interface to do most common tasks. I still like GAIA for that as it will allow people with lesser skills to manage most aspects through the web interface, yet still allow me to dig into whatever I need to find on the system with CLISH or BASH. Over time I have installed Check Point on just about every platform it was supported on. I admit installing it on Windows was only done at gun point ;-)

 

Do you have a unique deployment of a Check Point product? 

Actually, the best trick so far was doing some inspect code with PhoneBoy to speed up email delivery. In the old days, email servers were probing over TCP/113 (IDENT). Until that session was timed-out would hold of the SMTP connection. We added some code to allow IDENT from server to client for 60 seconds whenever an SMTP or FTP connection was allowed. I still like to tinker with stuff like that.

 

What do you use the CheckMates platform for? 

I like CheckMates as a forum to learn of problems others are solving as well as the ability to contribute a wild idea and see what others think of it. Sharing code for tricks and getting feedback is also very useful.

 

What do you like to do for fun?

In my spare time, I like the occasional evening on the couch with my wife. These days, I am also involved in local politics so those moment are treasured. I also happen to hack in the kitchen. Just see what is around and manage to prepare a meal with it. The occasional Apple Pie I make is always appreciated by those I share it with.

 

If you could create any new technology right now, what would it be? 

Actually, I am a bit skeptical if any new technology will actually benefit us. But on the other hand, if I see someone create a technology to use CO to create building materials with far less energy than traditional concrete, I say we could use more of those.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

If you can't wait for the weekly update, we also post relevant threads to our social media accounts:

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

Check Point Endpoint Security E80.71 is now GA! 

This release provides support for the latest Windows 10 updates and a number of other enhancements.

 

When will we get Central Device Management full capabilities? 

Some features did not make the jump from R77.30 to R80.10. One of these is the SmartProvisioning-type features, which are currently planned in R80.20 (and available as an Early Availability release).

 

VPN issue since R80.10 - Check Point to Fortigate (behind NAT router) 

This thread make help if you've recently upgraded your Check Point gateways to R80.10 and you have a VPN established with a Fortigate.

 

IPS Non Compliant HTTP 

What is this protection and how does this protection interact with other protections? 

 

Extract Policy Target Details across an MDS 

How do you extract a list of Domains, Packages and their installation targets for use within a script? This thread gives you an example!

 

Check Point R80.10 Logs and Monitor Pane – Reporting Functionality 

A short video showing how to use the reporting functionality in R80.10. 

 

Infinity R80.10 "Cool Feature of the Day" - Show changes since last policy installation 

We occasionally post "Cool Feature of the Day" posts such as this to help you discover some of the "cool" features we added to R80.10

 

 

Did You Know...

We do a series of monthly TechTalks?

Every month or so we do a TechTalk on a different topic.

This month's talk, to be given on December 6th, will be on Threat Prevention Best Practices by Nicolas McKerrall where he will show you how to implement Threat Prevention in your environment!

More information about this event is available here: Advanced Threat Prevention Best Practices

You can see the upcoming schedule here: TechTalk Schedule

 

Upcoming Events

Our upcoming events in the next few weeks include:

 

Feedback

We would be delighted to hear your feedback! Here are a few ways you can share it with us: