Skip navigation
All Places > About CheckMates > Blog
1 2 3 Previous Next

About CheckMates

108 posts

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates Hitting The Road for CPX

It's time to start the CPX 360 2019 gauntlet!

That means the CheckMates team will be heading to Bangkok, Las Vegas, and Vienna!

Join us for the CheckMates Club at CPX 360 and send in your questions now for Dr. Dorit Dot and her team! 

FlatMoti can't wait to see you

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

R80.20 has recommended status now! 

Have you upgraded yet? If you're waiting for the new Linux 3.10 kernel, see: R80.20 Security Gateway with new Gaia based on kernel 3.10 is GA for CloudGuard and HP Gen10 ! 

 

Simple API Web Interface for DEMO 

People keep asking for a web interface to create rules and the like. Here's an example created by Check Point SE Carlos Diaz

 

How to filter traffic log by using CLI ? 

Did you know you can look at gateway logs via the CLI?

 

R77.20.85 performance issue on centrally managed SMB 

If you're running into this issue, please open a TAC case right away!

 

R80.20 Identity Awareness API 

Not only does the API have to be enabled, it must be accessible from the correct interface.

 

Calling a Bash Script in Cron 

Old thread that has been updated with some sound advice.

 

EA invitation - new Gaia features (REST API and Dynamic CLI) 

The Gaia REST API is now GA! See: GAIA REST API 

 

Command "enabled_blades" on embedded Gaia 

It's not provided, but there is a way to get the information.

 

Low Disk Space on /pfrm2.0 

Not really a problem per-se.

 

Upcoming Events

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Tel Aviv

Valeri Loukine and I made our quarterly pilgrimage to Tel Aviv to plan for 2019 and get ready for the upcoming CPX conferences.

Val and I did a TechTalk also...in silly hats

Migrate to R80.20 TechTalk 

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

Endpoint Management as a Service Overview (EA Release) 

It's fair to say we'll see more "Management as a Service" offerings in the near future. 

 

Postman Collections (links to all available) and the basics 

Postman's a useful tool if you're learning how to use APIs. We have collections for all versions of our Management API.

 

Cisco or Check Point 

Asking this question on Check Point's community is, predictably, going to get you pro-Check Point answers.

 

How to create LegacyUserAtLocation object through the R80.x api? 

While these objects are legacy (and thus don't have a specific API to create them), you can use the "generic object" API to do it.

 

Can we install R80.10 on 4600 and 2200? 

If you have enough memory, yes you can.

 

R77.20.85 performance issue on centrally managed SMB 

Some conflicting reports on this. What's your experience?

 

R80.10: IPsec VPN - allow unencrypted pings between gateways 

While allowing encrypted pings with VPN clients. 

 

R80.20 Identity Tags and Updatable Objects  

You should be leveraging these in your Access Policies.

 

pfSense syslog parser 

Allows a Check Point log server to "parse" logs from pfSense.

 

CDT v1.6 is GA! 

Now with VSX support (and some other nifty features).

 

Upcoming Events

In addition to updating the tentative TechTalk schedule for 2019:

And, of course, CPX 360 2019!

If you’re joining us at CPX 360 this year, there’ll be lots of exciting goings-on for you to look forward to including the CheckMates Club!

 

The CheckMates Club is an exclusive event taking place in the Technology Innovation Lab at CPX 360. As a CheckMater, you are given the rare opportunity to meet and ask questions to Check Point VP of Products, Dr. Dorit Dor and her team.

 

Send us your questions in advance by completing this survey now!

 

Also, do not forget to visit The CheckMates Team at CPX 360 to register for this exclusive event.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Community Highlights

Here are the conversations worth watching in the community:

 

Changes Ahead in the CheckMates Community

I had originally posted this last week as part of This Week in CheckMates 31 December 2018 but decided I should break it out into it's own post to draw a little more attention to it.

 

Community Migration: Ranks, Points, and Badges 

More in my series of posts about Changes Ahead in the CheckMates Community. More are coming.

 

Announcing CheckMates Club at CPX 360 

If you're going to CPX, you definitely want into this exclusive club.

 

Coming Soon - "How To" Videos Competition! 

Get your videos ready, we're looking for the best "How To" videos and we're giving away prizes

 

R80.30 Early Availability Program is started! 

We recently released R80.20 and we're in the early phases of R80.30 testing. This is production EA with R&D assistance.

 

Early Availability Program for Network Security as a Service 

CloudGuard Network Security as a Service (NSaaS) is Check Point’s new product and architecture for cloud-delivered security.

 

[Announcement] R80.20 Gateway with new Linux kernel is GA in Azure & AWS 

The performance has noticeably improved in these releases.

 

Check Point Endpoint Security Client E80.89 for MAC is now available 

Includes support for SandBlast Agent features on the Mac

 

Parsing the output of "mgmt_cli" 

This is an oldie but goodie that I used to answer a question along with How often are hits counts updated in API ? to come up with an answer to how to get a list of objects via the API.

 

Ultimate collection of Check Point links 

Good for those of you getting started with Check Point.

 

Check Point Diagnostic Console (cdc)  

Been some updates to this tool.

 

Upcoming Events

And, of course, CPX 360 2019!

 

As I mentioned previously, we are changing the community platform from Jive to Lithium.

While many changes will naturally occur as a result from the underlying platform changing, we are also taking the opportunity to reexamine many things we've been doing and seeing where we can improve.

 

Ranks and Points

One area that will change is the concept of "ranking" within the community.

 

The way Jive handles this is based on points.
Each activity you performed in the community translated to a certain number of points.
Someone could also "gift" you points by giving you an award.
Once you achieved a certain number of points, your "level" increased.

We largely left the settings at their defaults, both the points awarded and the names of the levels themselves.
As such, everyone had boring titles like "Level 2."

 

In Lithium, ranks are determined through a formula based on various activities you undertake in the community, others giving your content kudos, and a few other criteria.

Ranks can also be role-based, meaning if you have a specific role in Lithium, you will be given a specific rank.
Likewise, you can be granted specific permissions once you've achieved a certain rank.

 

What does this mean? Your point totals in our Jive community will not migrate to Lithium.

However, many of the activities you performed in Jive will be migrated to Lithium.

This will result in a rank on the new community that might differ from your current "Level."

 

The rank names will not be called Level X, but will be based on precious stones and metals for active members.

Members who are "passive" (read but do not post) will have a separate ranking tier.

Employees may also have a separate ranking tier--still to be determined.

Admins and moderators, as well as a few others, will have a role-based rank.

 

Badges

One of the areas you can expect significant changes in the migration is badges.

 

Jive had a couple of types of badges:

  • Mission Badges (certain activities had to be completed in the community to achieve the badge)
  • Badges given from one person to another that included a gift of "points"

We largely left these settings at their default values in Jive.

However, Lithium has no default badges.

There is also no concept of "user-granted" badges.

 

Unfortunately, this means you will lose all your badges in the migration.

However, we have defined some shiny new ones and you will gain them based on your previous and future activities.

We do plan to add others as well over time.

Some significant changes are coming in the next several weeks!

 

When we launched this community site as Exchange Point a few years ago, it was built on the Jive platform. 

Jive has served us well, but for various reasons, we need to migrate to a different platform.

We have chosen to migrate to the Lithium platform, which is utilized by a number of other brands for their community sites!

 

In many ways, the Lithium platform should be a significant improvement over Jive.

The platform changes will enable us to provide additional functionality, features, and benefits to the community.

That said, it's a fairly substantial change and we are working to ensure the transition is as smooth as possible.

 

Here's what I can say right now:

  • The new community site will maintain the same URL: https://community.checkpoint.com
  • All content in the current community will be migrated, but will have a different URL.
  • For those of you who keep track of "points" for your community activities, Lithium handles this differently than Jive. For the most part, everyone's current activities in Jive will translate over to Lithium and you will be ranked similarly. More on this in an upcoming post.
  • The look and feel of the site will be significantly different.

 

More details will be provided in the coming days.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Changes Ahead in the CheckMates Community

This quiet time during the holidays seem like a good time to give a heads up that some significant changes are coming in the next several weeks!

 

When we launched this community site as Exchange Point a few years ago, it was built on the Jive platform. 

Jive has served us well, but for various reasons, we need to migrate to a different platform.

We have chosen to migrate to the Lithium platform, which is utilized by a number of other brands for their community sites!

 

In many ways, the Lithium platform should be a significant improvement over Jive.

The platform changes will enable us to provide additional functionality, features, and benefits to the community.

That said, it's a fairly substantial change and we are working to ensure the transition is as smooth as possible.

 

Here's what I can say right now:

  • The new community site will maintain the same URL: https://community.checkpoint.com
  • All content in the current community will be migrated, but will have a different URL.
  • For those of you who keep track of "points" for your community activities, Lithium handles this differently than Jive. For the most part, everyone's current activities in Jive will translate over to Lithium and you will be ranked similarly. More on this in an upcoming post.
  • The look and feel of the site will be significantly different. 

More details will be provided as we get closer to the launch of the new community site.

 

Community Highlights

Here are the conversations worth watching in the community:

 

Update SmartConsole to new HFA without uninstall 

Your best bet is to use the Portable SmartConsole. See also: R80.20 - Portable SmartConsole + Tips and Tricks

 

Seeing full 3-way handshake for connection that should be blocked 

Relevant for R80.x gateways and FTP.

 

SQUID proxy ICAP and SandBlast (TEX) 

Did you know you can use a SandBlast appliance as an ICAP Server with a Squid proxy? Yes, you can!

 

A simple and reliable way to make sure your management is up 

Prior to R80, you could just see if fwm was started. Now, it's a little more complicated and we provide a script that checks for you.

 

Announcing the Partner Space 

We launched a partner-specific space accessible only to Check Point Partners.

 

[Announcement] R80.20 Management support for CloudGuard on NSX-V 

A nice Christmas present from R&D

 

R80.20 install on Power-1 5070 

While not supported, one of our members is determined to make this work. 

 

White Paper - Protecting IoT (Internet of Things) implementations with R80.10 and later Unified Policy, Protocol Signature, and Segmentation 

One way to solve the IoT security challenge.

 

Upcoming Events

And, of course, CPX 360 2019!

If you’re joining us at CPX 360 this year, there’ll be lots of exciting goings-on for you to look forward to including the CheckMates Club!

 

The CheckMates Club will be an exclusive event taking place in the Technology Innovation Lab at CPX 360. As a CheckMater, you’ll be given the rare opportunity to meet and ask questions to Check Point VP of Products, Dr. Dorit Dor and her team.

 

Visit The CheckMates Team at CPX 360 to register for this exclusive event.

Prepare yourself for a new CheckMates challenge: "How To" Videos Competition on CheckMates

 

As part of our mission to share and discuss the best practices and expert tips on CheckMates, we are announcing "How To" Videos Competition. We are calling on all CheckMaters: customers, partners and Check Point employees, to create up to 10 minute long video explaining any technical aspect of Check Point Security systems.

 

What:

Chose a topic you want to share: best practices, configuration details or architectural solution for a specific product, software blade, or a feature.

 

How:

Make your video story or explanation with a white board or a live demo. Tape and edit your video to make it no longer than 15 minutes. Be creative.

Who:

Any CheckMates are welcome to participate.

Why:

To share your expertise, to help each other out, to have some fun and of course

to win prizes and awards!

When and where:

In February 2019, we will make an additional announcement regarding the criteria, hosting details, and awards.

 

Stay tuned and start recording your video!

We now have a new Partners space where only registered partners and Check Point Employees have access.

This is to enable discussion of Partner-specific tools and initiatives outside of the public view of the rest of the community.

 

Those of you whom are associated with partners should already have access to this space with no action required on your part.

If you don't have access to this space and feel you are entitled to do so, please contact me privately.

After I validate you are a partner in UserCenter, access can be granted.

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

Christmas with the CheckMates Team

Happy Holidays from the CheckMates team!

Niran Turgeman got us into the spirit by "elfing" us.

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

R80.20.M2 Now Available 

Just in time for Christmas!

 

R80.20 security checkup report does not export 

There's a fix for this issue.

 

Domain-Based VPN with Dynamic Routing 

Can you disable the VPN routes? Yes you can.

 

Mapping Rule numbers from R80.20 to fwaccel stat output 

You can look at the compiled rulebase, but it might be in the backward compatibility directories.

 

How to see what firewall rules match some traffic 

This is when you're not sure what rule will match traffic.

 

SecureXL Connections Table 

Did you know SecureXL maintains its own connections table? Now you do.

 

Does R80.10 Identity Collector work with Cisco ISE 2.4 

Wasn't QAed, but it should work.

 

Reports on 730 Appliances  

Reports related to applications only work if the Application Control blade is enabled.

 

Update 15400 r77.30 to r80.20 

Have you done this? What's your experience?

 

Site-to-site vpn Tunnel to a non Checkpoint Gateway 

Debugging tips

 

BEYOND - Customer Success Hub 

We're still working through some issues with the new support hub.

 

Upcoming Events

And, of course, CPX 360 2019!

 

 

Hi CheckMates!

If you haven’t yet registered for CPX 360, the top cybersecurity event of the year ever to exist, NOW is your chance!

Join us this year to meet, learn and laugh with your fellow CheckMaters, Check Point experts and top cybersecurity professionals. From CyberTalks, Breakout Sessions, Awards and the CheckMates Scavenger Hunt, you wouldn’t want to miss out!

Register for CPX 360 before Friday, January 4th, and you’ll be given exclusive access to the CPX CheckMates Lounge where you can meet top Check Point R&D specialists and you’ll be entered into a raffle to WIN an Apple Watch 4!

Register below before Friday, January 4th:

To redeem your rewards, email The CheckMates Team with your registration confirmation.

Don't miss out, see you there!

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

CheckMates in Belgium and Ireland

Valeri Loukine and I did the last CheckMates events for 2018 in Belgium and Ireland. A great time was had by all.

 

"I'm not ready yet, guys!"

 

 

He won the Kahoot!

 

 

CheckMates will be at all three CPX 360 2019 event in January and February. See you there?

 

Community Highlights

Here are the conversations worth watching in the community:

 

BEYOND - Customer Success Hub 

We launched our new online portal for TAC cases! Check the thread for more details and share your feedback.

Two ISP's with two appliances 4800 R80.10 

And related thread: CheckPoint Cluster Failover Query. Bottom line: Both ISPs need to be available/reachable from both gateways.

 

Deploying E80.88 Packages with MDT Build 8450 

Nice video showing how to deploy the Endpoint solution.

 

id, ID and OE inspection points in R80.20 GA? 

If you're using fw monitor in R80.20, you'll see some different "inspection points." This thread explains.

 

R80.20 SecureXL drop template support 

Yes, they're still supported even though one doc suggested they weren't.

 

Finding Mobile Access concurrent user license level 

We made this much easier in R80.x.

 

Missing header X-chkp-sid in login? 

Make sure you're calling the correct API endpoint.

 

How can we block Nmap and other Port scanners 

SmartEvent, anyone?

 

Why does the wrong flag show up for an IP address in GeoBlocking? 

Never seen that myself, but makes sense that it could.

 

Installation & Upgrade problems from R77.x to R80.x 

A collection of upgrades that went successfully...and not.

 

Prevent low confidence Anti bot protection 

Update the Threat Prevention profile to block it.

 

Upcoming Events

And, of course, CPX 360 2019!

 

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

CheckMates in the UK and Nashville

Valeri Loukine did some internal evangelizing of CheckMates with our UK colleagues:

 

 

Meanwhile I did the last US-based event for the year in Nashville:

 

 

Next week, Val and I are teaming up to do the last CheckMates events for 2018 in Europe. 

 

Community Highlights

Here are the conversations worth watching in the community:

 

R80.20 Security Gateway with new Gaia based on kernel 3.10 is GA for CloudGuard and HP Gen10 ! 

Not fully supported on Check Point appliances yet, but it's coming. And very soon: on Scalable Platforms (44k/64k)!

 

R80.20 Management Server in AWS 

Likewise, you can install R80.20 Management in AWS. Gateway? It's coming very soon.

 

EA invitation - new Gaia features (REST API and Dynamic CLI) 

Doesn't even require you to upgrade to R80.20

 

HPS Emulation 

Another name for CPU-Level Threat Prevention.

 

NAT Templates - SecureXL 

Why they weren't enabled by default until R80.20.

 

The flow time of the logs seems different

Session consolidation is the likely culprit.

 

R80.10 Smart Console - how to view NAT properties for objects within a group 

Where to find the Object Explorer in R80.x.

 

DNS Trap 

How does it work?

 

The specified item was not found. 

A little market research.

 

Anti-Virus not blocking malicious .zip, .doc files. 

Setting Resource Classification to Background mode can cause this.

 

Upcoming Events

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

CheckMates at Home

It's been a while since both Valeri Loukine and I were not on the road somewhere. 

Valeri took some well-deserved time off, I stuck around the homestead.

No pictures to share.

Ok, maybe one:

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

TechTalk: Dome9 Overview and Q&A 

If you missed our TechTalk on Dome9 and you're using Azure, AWS, or Google Cloud (or even thinking about it), watch the recording of this TechTalk!

 

R80.20.M1 SmartConsole coexisting with R80.20 

Portable SmartConsole to the rescue!

 

R80.20 - Portable SmartConsole + Tips and Tricks 

Speaking of portable SmartConsole...

 

Open Server to Appliance 

All the cool kids are moving the Check Point appliances from Open Server

 

Add new cores to gateway 

Speaking of Open Servers, if you add more licensed cores, this thread will be helpful.

 

ClusterXL maintenance 

Not cluster maintenance necessarily, but maintenance on the hardware around the cluster...

 

False Positive on logs (Sandblast Agent) on BANKING Sites 

Looks like a bug we fixed in an upcoming release.

 

New Tool: CPPCAP 

A new and improved "tcpdump" for Gaia OS.

 

No logging in Logging and Monitor tab 

If you have your management and log server separated, this thread is relevant.

 

New Appliance Sizing Tool. Do you like it? 

This thread is really only relevant to Partners who have access to the tool, which was recently updated.

 

Upcoming Events