Skip navigation
All Places > About CheckMates > Blog > 2018 > June
2018

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates Cyber Security Podcast

Yes, we have a podcast called Check Point CheckMates Cyber Security Podcast

We are taking our regular TechTalks and making the audio available in podcast form.

 

Other, unique content may be added in the future.

 

You should be able to find it in your podcast directory of choice by searching on the podcast name.

For "simple people" like Moti Sagey who use Apple's podcast app: Check Point CheckMates Cyber Security Podcast by Check Point CheckMates on Apple Podcasts 

The RSS feed that should work in any podcast player: https://community.checkpoint.com/podcastfeed 

 

CheckMates in the DMV (DC / Maryland / Virginia)

Peter Dietrich has been running a Check Point user group for a few years now, predating CheckMates.

I came out to talk about the R80.20.M1 release, launched this week!

 

Michael Butterfield did a brief presentation on Content Awareness in R80.10, which also included a discussion about policy layers in R80.10!

 

 

Community Highlights

Here's what happened on CheckMates this past week:

 

Check Point R80.20.M1 Release

The big "Check Point" news this week was the release or R80.20.M1 (Management-only) release. Here are a few threads on CheckMates related to this:

 

TechTalks

We had two TechTalks this week:

The next one is on R80.20 on July 11th!

Want to be a part of it? Sign up here: TechTalk: R80.20 Demo

 

How to change DMS(CMA) name 

When you import a domain/CMA into R80.10, there's an additional step that didn't exist in earlier releases.

 

Application blocked but where is the application? 

Things can get blocked by a URL Filtering category also (which may be different from the App Control category).

 

Context-Aware Architecture 

Explains a bit about our inspection architecture and how it compares to others.

 

IPv6 to TunnelBroker in R80? 

Yes it can be done. Sample config here.

 

Increasing Fifo Buffers on Firewall Interface 

Some disagreement as to if and when this is necessary. What do you think?

 

IPS protection set to detect from prevent after update 

If you're using staging mode, this is important to keep in mind!

 

Best Practices Guide for upgrading endpoint clients 

The process is discussed in this thread.

 

Increasing Fifo Buffers on Firewall Interface

There seems to be some debate on this. What's your take?

 

Upcoming Events

Moti Sagey

Get a $25 Amazon gift card!

Posted by Moti Sagey Moderator Jun 24, 2018

As a valued Check Point customer, your opinion matters to us greatly — and to your peers, too.

  • We invite you to review your Check Point experience on Gartner Peer Insights.
  • Watch this short video on how to review Check Pointon Gartner Peer Insights.
  • Your review (A ~5 mins process) gets you a $25 Amazon gift card and you will be entered into a raffle to win a drone Just send us the confirmation.

 

 How Does it Work? 

Ready to submit your review? Click here to submit today. 

After several days, you will get the confirmation from Gartner. Just send it to  checkmates@checkpoint.com and the Amazon gift card is yours!

 

What is Gartner Peer Insights?

  • Peer Insights is an online platform of ratings and reviews of IT software and services.
  • The reviews are written and read by IT professionals and technology decision-makers like you.
  • The goal is to help IT leaders make more insightful purchase decisions and help technology providers improve their products by receiving objective unbiased feedback from their customers.
  • Reviews take approximately 10 minutes to complete and are anonymous.
  • Take a look at this video how to quickly submit a review

 

If you have any questions about Gartner Peer Insights, please email us: checkmates@checkpoint.com

We are happy to answer any questions that you have.

Thank you for your help!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

Community Highlights

Here are the top threads from the past week:

 

"fw ctl zdebug" Helpful Command Combinations 

Did you know fw ctl zdebug had so many useful combinations?

 

SmartConsole: Multiple ReadWrite sessions for same administrator 

This will be in R80.20. You can play with the Early Availability version now: Check Point R80.20 Production and Public EA

 

Grouping network objects in R80.10 

This feature does exist in R80.10 but had a bug, fixed in SmartConsole R80.10 build 42.

 

R80.10 API Demo Using R80.10 Demo Mode 

If you want to experiment with the R80.x Management API without firing up a local VM, here's how you can use R80.x Demo Mode to do it!

 

SMB 770 default route not via WAN interface 

While not officially supported, you can do it with the following workaround.

 

Major rule-base performance improvements in latest R80.10 Jumbo Hotfix 

Good reason to upgrade to JHF113 or later

 

How can I test SMTP connection in SmartEvent 

Another good reason to upgrade to the latest jumbo hotfix.

 

Is there a command line batch change a large list of IPS protections to prevent? 

Using the R80.x Management API, yes you can. This wasn't possible on R77.x and earlier.

 

IPv6 NAT Support 

NAT64: something that didn't make the cut in R80.10 that is coming back to R80.20. Also looks like NAT46 is coming as well!

 

HTTPS Categorization ... a drama 

If you're troubleshooting why a site isn't categorizing properly (when it did previously), flushing the cache might not be a bad idea. 

 

How to create a TRUSTED ROOT CA? 

May be useful in contexts beyond UserCheck portals for SandBlast.

 

Upcoming Events

It's that time of the month, where we recognize great contributors to the CheckMates community. 

Put your virtual hands together for the Member of the Month for June 2018: Kaspars Zibarts

Had no idea that Kaspars was a fellow Nokian like I was.

Then again, Nokia is a much larger company than Check Point  

He also worked with IP Appliances...in a different capacity than many of us did, though. 

 

 

Kaspars, tell us a little about yourself & what you do?

I have fairly colourful life when comes to geography and politics. I grew up in Soviet Union, graduated University in already independent Latvia, and then started working for Nokia at it’s heyday (mobile networks though, not firewalls). That moved me around quite a bit – living eight years in London, eight years in Sydney whilst delivering projects in Russia, Poland, Finland, Philippines, China, India, Iran (probably should not mention that!). Sometime, in middle of that, I switched to Check Point and finally in 2013 moved to Sweden, which seems to be the final stop. I work at the truck manufacturer Scania right now with number of enterprise security products, with Check Point being my strongest subject.

 

Tell us a little about your experience with Check Point

It was a little random switch back in 2006. I was working with Nokia mobile network SGSN/GGSNs running IPSO when one day I was given ultimatum: if I was to stay with the project in Sydney, I would have to take over and manage the firewall team. Somehow, management thought that my knowledge of IPSO would be enough even though I hadn't the slightest clue back then how a firewall worked. So I joined the Check Point train fairly “late” compare to the other CheckMates – just 12 years ago with R54 release and went through all sorts of HW – Nokia IP boxes, Crossbeam C and X series and then the Checkpoint appliances from 2000 series to chassis.

 

Do you have a unique deployment of a Check Point product?

I guess it’s not that unique as it has been mentioned by others – but we have replicated all Scania appliances worldwide in a single ESX server which makes life so much easier especially when it comes to upgrades and troubleshooting. I literally lived in the lab for 2 months when we upgraded old core VSX 11000 platform to 41000. Was very proud at the end as we didn’t use Check Point Professional Services. We designed the whole upgrade process ourselves and the “outage” was just couple of ping drops during cutover. Not a single incident was raised, even days after upgrade.

 

What do you use the CheckMates platform for?

I was really skeptical at the beginning, but after resolving some of major issues with the help of CheckMates, this is now my first stop for all my troubleshooting if I run out of ideas and SKs. Helping others is both fun and also good for learning new stuff. Lastly, I use it a lot for my coding help and ideas. I've been recommending it to all my colleagues as a great source of Check Point info for quite a while now.

 

What do you like to do for fun?

My passion is surfing, which I did a lot when we lived in Sydney. It’s rather limited here in Sweden, so I’m still searching for something new. I enjoy fixing and building stuff around the house – my wife and kids are always full of new ideas so I’m “Bob the builder” in that process.

 

If you could create any new technology right now, what would it be?

I might be getting old but I think there’s way too much technology around us that sometimes we forget how to live without it.. Maybe it could be technology that disconnects us from the technology.


On a more serious note – some sort of teleportation to travel around world. We went on a holiday last month to re-visit friends and places in Australia and the 30 hour flight from Europe is really boring and a total waste of time in my opinion. We need a new and even faster Concorde!

 

Anything else you'd like to let other CheckMates members know about?

It’s been a driver for most of my career: If I have a repetitive task given that would take, for example, 1hr every day for five days, then I’d rather spend 5hrs on Monday coding a tool that would execute it for me and enjoy coffee Tuesday to Friday. Even though the final effort is the same 5hrs, writing tools / scripts has always been my preference. As so many of us here, I like “digging.” It almost turns into a personal challenge when you suddenly face a problem in the network. Instead of calling up support directly, I will exhaust every avenue possible myself before giving up, admitting defeat and picking up the phone.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates Goes to Foxborough, MA!

Plenty of CheckMates members in New England!

We discussed Migrating to R80.10 and had a little fun afterwords at Splitsville!

 

 

Community Highlights

Here are the top threads from the past week:

 

Index Files option for R80.10 

Even though there isn't a GUI option for this in R80.10 as in past releases, it appears you can add a file that has the appropriate settings in it.

 

What is the Usage of "export" command 

If you're trying to export the configuration of a gateway, it works a little different on Check Point than it does with some other vendors.

 

Is R80.10 Publish same as R77 Save? 

Not exactly, and it's not a bad thing.

 

"fw ctl zdebug" Helpful Command Combinations 

We have fw ctl zdebug commands documented in various Advanced Technical Resource Guides, but this is an attempt to consolidate the useful ones into one place.

 

Enabling Identity Awareness Globally 

Unfortunately this is not currently possible.

 

Increasing Fifo Buffers on Firewall Interface 

You might want to check a few other things first before doing this.

 

Management HA upgrade to R80.10 

Clean install the secondary, then sync.

 

Will (Smart)Workflow come back? 

Functionality wise? Yes. Will be something separate? No.

 

Upcoming Events

 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates Birthday Award Winners

I'd like to take a moment to give a shout-out to our Members/Contributors of the Year Award Winners:

CheckMates wouldn't be the great community it is without your awesome contributions!

Well done and thank you on behalf of the community!

 

Community Highlights

Here are the top threads from the past week:

 

CheckMates First Birthday: Ask Us Anything 

While we got in a few of the questions you asked on video as part of the CheckMates First Birthday Celebration!, we couldn't answer them all in a few minutes! We answered a representative sample of the other questions in this document.


Extract "migrate export" and "clish config" from backup 

Did you know you can add a migrate export to the backups taken in Gaia?

 

cpwd_admin list overview (SMS) 

Helpful tool for monitoring the state of your Security Management!

 

Export a rulebase as a CSV file 

An old script back from the days when this site was called Exchange Point, but it's still relevant (and referenced in a newer thread): Management API - Rulebase export as .csv

 

FWM Command in bash script 

If you're going to call any Check Point CLI commands in a shell script, the tip here is important!

 

Exclude Windows updates from Threat Emulation 

In case Windows Updates get caught by Threat Emulation, here's how to make sure they are excluded from emulation.

 

Check Point Packet Inject tool partnered with zdebug drop to see drops on the fly. 

Useful troubleshooting script!

 

Upcoming Events

Here's what's coming up in the next few weeks:

 

 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts:

 

CheckMates at CPX National Harbor

Check Point is doing a number of "Check Point Experience" (CPX) events around the US and Europe.

Check the Check Point Events page for the current schedule.

Meanwhile, CheckMates made an appearance at the event we held in National Harbor!

 

 

Community Highlights

Here are the top threads from the past week:

 

How to increase VPN timeout limits?

Can even be done per user group also.

 

How to configure Check Point as WAF? 

While Check Point is not a WAF per-se, it does perform many functions of a WAF.

 

R80.10 SmartConsole - GA build 042 now available 

Go get it!

 

Threat Emulation VM Access 

Want to see Threat Emulation in action? Here's how...

 

Export Logs to another Log Server 

The key is forwarding logs from one server to the other

 

Dynamic revisions in R80.x SmartConsole 

Good explanation of how this works, which is different from R77.x releases.

 

Upcoming Events

Here's what's coming up in the next few weeks: