Danny Jung
I'm looking for Bash command to show the number of permitted (licensed) cores of any Check Point GAiA system, even when CoreXL is not enabled.   Thanks in advance!
Jozko Mrkvicka
Hello guys,   Is there any way how to monitor anti-spoofing traffic in R77.30 ? I know that I can choose Alert, Log or None in spoofing properties for specific interface. But does someone know how to send for example syslog event in case gateway recognize spoofing traffic ? Or send mail ... Searching all logs to found "spoofing" word in… (Show more)
Hi~ All. Our customer wants to know how to check interfaces operation failure(down) log with GUI. Most of firewalls(Palo Alto, Fortigate, SECUI...etc) can check operation failure(down) log with GUI. But check point can't do it...   Am I missing something?   Is there anyone knows how to check interfaces operation failure(down) log with GUI.… (Show more)
Javier Gurfinkiel
Hello, I'm trying to come up with the proper syntax to filter a specific IP which is encapsulated within a GRE tunnel. Googling around this seems to be a unique topic, and this the closest I could find: No valid hosts found - the blog about openstack: How to filter IP addresses inside GRE in tcpdump    ...but I'm having trouble on GAIA: the… (Show more)
Hi Team. I have a question about OSPF work in HA pair (R80.10). Do I need configure graceful restart or other special settings for seamless failover? I tested failover scenario and after I disable current active member with clusterxl admin down new active member stopped forwarding traffic because of lack of routing information
Heiko Ankenbrand
Introduction   This drawing should give you an overview of the used R80 and R77 ports respectively communication flows. It should give you an overview of how different Check Point modules communicate with each other. Furthermore, services that are used for firewall operation are also considered. These firewall services are also partially mapped…
Julie  Paul
Can we manually configure what the inverted MAC Address will be in R80.10.  Has anyone done this or seen it work for R80.10?  Do you have the procedure?   it is the “inverted back source MAC Address” that appears in the switch ARP table   If one was to run a ‘fw ctl zdebug –m cluster + select’ you would see in the logs something like this:  … (Show more)
Amir Arama
Hi, i want to understand further the mechanism of loadsharing unicast with Vmac. for example, how a pivot member forward packet to a non pivot member? i thought that the Pivot change the destination mac of the packet to the physical mac of the non pivot and send the packet out from the same interface the packet was originally received. is it true?… (Show more)
Ankur Datta
Hi,   Can we add 2 default route on checkpoint firewall pointing to two different ISP.   for example: ---> ISP A0.0.0.0/0 ---> ISP B   I am trying to do load balancing between 2 ISP through ISP redundancy ( weight 50% for both ISP)   But due to default route pointing to ISP A. All traffic leaves through ISP A and ISP B is never… (Show more)
