Skip navigation
All Places > SecureKnowledge > Blog
1 2 3 Previous Next


33 posts

This week we feature yet another Advanced Technical Reference Guide - Gaia Embedded Appliances


The article references all appliance product pages, describes troubleshooting and monitoring techniques, and lists other SecureKnowledge articles that might be useful when working with SMB appliances.  

CPUSE - Check Point Upgrade Service Engineis an advanced and intuitive mechanism
for software deployment on Gaia OS, which supports deployments of single Hotfixes (HF), Hotfix Accumulators (HFA), and Major Versions.


SecureKnowledge article sk92449 describes CPUSE architecture, principles, collection of "how-to" tips and troubleshooting techniques.


It is worth having it included in your bookmarks, just in case.

Whether you are already using Check Point Scalable Platforms Appliances in your data center or just consider them as a next step, this Advanced Technical Reference Guide will be extremely useful.


It describes principles of architecture, best practices, tuning recommendations and also has links to further SecureKnowledge articles and documentation for the matter.

Looking to extend your automation and orchestration and include day to day routines of managing OS and product settings of your Security Gateways? We now have the perfect tool for you. 


GAIA REST API was released last week and it is generally available for all R80.x flavors, gateway or management alike.


For more information click here.

If you are tired of jumping between CLISH and Expert shell when configuring and tuning your Gaia based security devices, take a look at Dynamic CLI: Dynamic CLI: Enhancing CLISH with new Expert mode commands  


Also, if you are attending one of CPX360 events, come to Valeri Loukine's sessions to see some demos.

Provisioning can be a challenge, especially if you need to deploy multiple Security Gateways remotely. If this is one of your tasks, you may want to learn how to perform it with Check Point Zero Touch Cloud Service for Gaia OS and Gaia Embedded SMB appliances 

Working with Application Control Software Blade can be challenging sometimes. How to build an effective AC policy rules? What categories should be blocked unconditionally? How to deal with unknown applications? What about HTTPs inspection, is that required or not?



These and many other questions are answered in Best Practices - Application Control  SecureKnowledge article.

Check Point Multi-Domain Security Management (MDSM) is a centralized management solution for large-scale, distributed environments with many discrete network segments, each with different security requirements. This solution lets administrators create Domains based on geography, business units or security functions to strengthen security and simplify management.



Each Domain has its own Security Policies, network objects and other configuration settings. You use the Global Domain for common security Policies that apply to all or to specified Domains. The Global Domain also includes network objects and other configuration settings that are common to all or to specified Domains.



MDSM is a complex environment and it can be overwhelming sometimes, especially if one has a limited understanding of its structure, dependencies and troubleshooting techniques.


To help you out, there is ATRG: Multi-Domain Security Management R80.x document describing the architecture, data flow and structure, inter-process communication, synchronization, and troubleshooting tools.

Are you still running standard Linux tcpdump on your Firewalls? Did you know it can cause high CPU utilization?


For better results, use CPPCAP - Check Point specialized traffic capture utility. For more information, read this SecureKnowledge Article: sk141412

Have you ever dreamed about having all the useful tools at the same place? 


Here is your ultimate collection of support tools and more: Support Debug Tools 

Did you know that there is a way to connect one of your Security Gateways to a switch mirror (span) port on a switch to run security inspection of the traffic without interfering?


This type of deployment is called Monitor Mode.


Monitor Mode on Check Point Security Gateway interface is usually configured to monitor and analyze network traffic without affecting the production environment.


You can use mirror ports in the following scenarios:

  • As a permanent part of your deployment, to monitor the use of applications in your organization.
  • As an evaluation tool for the capabilities of the Application Control and Threat Prevention blades before you decide to purchase them.


Benefits of a mirror port include:

  • There is no risk to your production environment.
  • It requires minimal set-up configuration.
  • It does not require TAP equipment, which is much more expensive.


Read the following article for more information: Monitor Mode on Gaia OS and SecurePlatform OS.

In case you missed the November SET Newsletter we released last week, here it is again:
Security Expert Technical Newsletter (SET November2018) .

Arguably, the most popular tool to troubleshoot traffic crossing a Security Gateway is fw monitor. However, not all security engineers and administrators are familiar with the full potential of fw monitor.


The tool is extremely powerful, flexible and versatile.


To unleash its full potential, please look into the article of the week: What is FW Monitor? 

One of the classic yet not so commonly used features of ClusterXL is the ability to configure cluster IP addresses in a manner where physical IP addresses and VIPs are on different network subnets.



 The advantage of this is that it:

  • Enables a multi-machine cluster to replace a single-machine gateway in a pre-configured network, without the need to allocate new addresses to the cluster members.
  • Makes it possible to use one routable address only, for the ClusterXL Gateway Cluster.


Article sk32073 explains the configuration, implications and limitations of this feature. 

The Threat Emulation RESTful API is available on any Check Point appliance with enabled Threat Emulation blade. It allows you to:

  • Query for emulation results
  • Download reports
  • Upload files for emulation/extraction


For more details and usage examples, look into the following SK article: Threat Prevention API for Security Gateway