Dell R730's are getting hard to come by and there is a new R740 in it's place. Anyone running GAIA on a R740 yet? Any gotcha's other than not being on the HCL? Anyone know when and if the R740 will be added to the HCL.
"fw ctl zdebug" is a powertool that is not exhausted from being used with "fw ctl zdebug drop". There is not much to be found in Check Point KB or in the documentation. Here are some good examples for debugging: fw ctl zdebug + packet fw ctl zdebug + packet | grep -B 1 TCP |grep -B 1 "(SYN)" <<< change SYN-ACK,ACK,FIN,... and/or…
Guys, I've a little problem with my checkpoint apppliance, I using in cluster HA when the primary is set as Active I receive a lot of CRC message in the interface, when I use the command " clusterXL_admin down" and my firewall converge to other appliance, this erros about crc is gone. I followed sk61922.
Hello, i have some problems with my firewall 1200R checkpoint. I have two firewall 1200R in HA with ClusterXL. Visibly, it's work. And i have too configure two interfaces to get internet. The interfaces WAN and DMZ. I configure them in mode high-avaiblitiy for internet connection and in HA with ClusterXL between the two firewall. Moreover,…(Show moreShow less)
This drawing should give you an overview of the used R80 and R77 ports respectively communication flows. You can download the drawing below as PDF. + v1.4a bug fix, update port 1701 udp L2TP 09.04.2018 + v1.4b bug fix 15.04.2018 + v1.4c CPUSE update 17.04.2018 + v1.4d legend fixed 17.04.2018 + v1.4e add SmartLog and SmartView on…
Does anyone see the value to having a VSX instance of Checkpoint for URL filtering/Application control and one instance for traditional Edge Firewall activities? Since the Edge firewall have few changes and URL filtering could have multiple changes within a week or day? Has anyone done anything similar or have thought to configure it this…(Show moreShow less)
I probably would stick with one. It would be more efficient CPU resource wise. It didn't make much difference if you push policy once a week or once day as long as platform is not seriously underpowered. Just need to plan CoreXL adequately
If I am reading this right, it should be possible: MACP01> show asset network Number of line cards: 3 Line card 1 type: 4 ports 10GbE SFP+ Rev 1.0 Line card 2 type: 8 ports 1GbE RJ45 Rev 2.0 Line card 3 type: 2 ports 10GbE SFP+ Rev 2.0 MACP01> expert Enter expert password: Warning! All configurations should be done through clish You…(Show moreShow less)
How to export rulebase to CSV file (R65) ? The sale representative recommended sk64501 .The SK clearly mentioned the solution only works for R77.X but sales eng insist the SK will work with r55 r65 . Please advise . Best Regards, Javad
There is a tool we used to give our customers access to their rulebase in a webbased server called CPrules and it is still available for download, it is clickable and you should be able use a screen text grabbing util to move the output into excel.
We are about to launch an EA program for R80.20 based gateway with a new Linux kernel (3.10, or 3.10.0-862 to be precise). This will allow all those customers looking at newer Open Servers with new CPUs to actually try them out with Gaia and R80.20 gateway code. There will be certain limitations, which will be listed in the official EA invitation.…(Show moreShow less)
We are trying to do ECMP with static routing and have configured 2 default routes. The "show route" command shows two default next hops, however, "netstat -r" shows only one default next hop. We currently use 2 next hops and the ping feature to determine next hop status which seems to work well. Does anyone know if this is achievable to load…(Show moreShow less)
Sundeep, I do see both static default routes when running "ip r" So it does seem like a bug with "netstat -r" output. We have an open case with TAC who is also checking with R&D. Thanks again. fw> show route static S 0.0.0.0/0 via x.x.x.230, eth3-01, cost 0, age 514897 via x.x.x.231,…