Recent Posts

Chandhrasekar Saravanan
Hello,   We are running CheckPoint R80.10 and have enabled IPS, Anti-Virus, Anti-Bot threat prevention blades. There is a requirement to block TLS1.0 traffic passing through the gateway. Just wondering how we can achieve this using our Threat Prevention blades.   Thanks, Chandru
in Threat Prevention
Kaspars Zibarts
Challenge description: our user general internet access is limited to proxy only or very specific "whitelisted" IPs could be accessed directly bypassing proxy, i.e O365. Up until October we were able to script simple network group with all O365 IPv4 addresses based on XML information from MS. That has been streamedlined now and many services have… (Show more)
in Policy Management
Bob Delinsky
Greetings, There are usually valid arguments to be made when you would chose a fresh install vs an in place upgrade via CPUSE from one version to another, depending on the environment, amount of customization made, etc. As far as I've read, gateway appliances do not take advantage of the new 3.10 kernel yet, which would be a Pro for a fresh… (Show more)
Jason Tan
Currently, I had two IPSec VPNs, using ISP A and B to go out, respectively on a third-party firewall. The peers were third-party firewalls too.   Assuming I wanted to migrate to Check Point firewall platform. Does Check Point firewall R80.10 support this kind of setup? If yes, where should I configure under IPSec VPN -> Link Selection subsection,… (Show more)
in General Product Topics
Donald Paterson
Is there a simple command to see the same info as a cisco show xlate and show conn?   Objective is to quickly see original and xlate address/es without the fwaccel conns and fw tab ....... -f commands or using fw monitor (want to avoid those but quickly see relevant info.
in General Product Topics
Sean Murray-Ford
Click to view contentHopefully self-promotion isn't frowned upon but I was suggested to post here. Over the past few years, I've been working on a tool to help people capture packets by allowing users to have a web-based interface to create the commands for them. Today, I've launched the latest version into production which supports "fw monitor" as well as "fw ctl… (Show more)
in General Product Topics
Martijn van der Graaf
Hi,   I am running into problems when migrating a R77.30 SmartCenter to a R80.10 Domain Server on Multi Domain. Pre-upgrade Verifier is not reporting any problems, so this should work. But is does not.   Strange thing is: a migration from R77.30 SmartCenter to R80.10 SmartCenter is working fine.   So I want to migrate this R80.10 SmartCenter… (Show more)
Tim McColgan
I am really just looking to know, which certificate from my Exchange server should I be importing into the MTA configuration for TLS decryption/encryption? I was going to use a .cer certificate I exported for use in another area in my Checkpoint console for sending emails, but it looks like the MTA configuration wants a p12 cert. Screenshot… (Show more)
in Threat Prevention
Henrique Sauer Silva
I would like to know if anyone knows how is the integration between CloudGuard with Vcloud Director. Anyone knows the SK/Documentation that shows the integration procedure?   Thanks!
in CloudGuard IaaS
Kevin Orrison
When you perform automatic NAT on an object, you have two options. You can select a single firewall/cluster or All. Is there any way you can select two or something like Policy targets using automatic? The only way I can find is by doing manual NAT rules. It looks like it will let you do Policy Targets.
in Policy Management
Dario Ferroni
Hello community, Some month ago we migrated our Security Management Servers and the dedicated Log Server from two R77.30 VMs to two R80.10 Smart-1s 3150, defining the second Smart-1 as Secondary-Standby Security Management Server & Primary Log Server. Only now, we noted that actually the Primary Active is defined as Check Point Host Object,… (Show more)
in Management
Hi,  Another tricky one to explain   In Azure i use UDR to route traffic out of the cloudguard.  I then have an LoadBalancer forwarding the traffic for its extrnal IP to the Cloudguard and then onto the internal zone on a VM. When i try to connect to the loadbalancer external IP the cloudguard is blocking the connection due to Local interface… (Show more)
in CloudGuard IaaS
Evgeniy Olkov
Click to view contentHi there. Today I saw the new version of Appliance Sizing Tool:   I was very surprised. I think this is really bad update. Now I can not specify the amount of users and bandwidth at the same time. And the worst thing - now I can not see the actual load of recommended gateways.   What do you think?
in General Product Topics
Load more items