Is a 600 Appliance with an expired license still usable as a basic firewall/router? I have one where the license expired in February. It's only being used as an access point to segregate Public Wi-Fi usage at a library. It was rebooted about 10 days ago and the Wi-Fi and routing are still working, but SNMP is now getting blocked and any edits… Show more
Jumbo Hotfix Accumulator for R80.10 (R80_10_jumbo_hf) For those contemplating upgrade to Take_91: I've just borked my SMS by going from Take_70 to Take_91. No WebUI, ssh behaves weirdly and clish CPUSE uninstall is not working. I am not implying that it is not a one-off issue, but keep it in mind and snapshot before JHFAs installations.…
Just to add some semi-official commentary We have not yet officially pulled R80.10 JHF 91 yet as it is listed as the current GA take in sk116380. There is a known issue in JHF 91 that is fixed in JHF 103. Even though the CPUSE identifier is posted above, you are encouraged to open a TAC case and report your findings: Contact Support | Check…
Hello we installed identity collector.and then i controlled to the users source.and i saw that firewall took users information both AD query and identity collector. Should ad query be closed? Thanks
Sorry to hijack this thread but just wanted to mention that SmartConsole isn't very stable here. From time to time it hangs like that: The program SmartConsole.exe version 188.8.131.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance… Show more
While testing a site-to-site VPN tunnel between CP80.10 and Cisco ASA, I noticed that right after I had configured the IPSec peer on CP80.10, I was no longer able to ssh to 10.0.14.101 (ASA outside IP) to manage the device. Then I looked into the logs on CP and found out that CP80.10 is trying to encrypt packets destined to ASA outside IP address… Show more
I always thought of having a simple Bash script that would allow me to run common Check Point CLI tasks without having to crawl for command cheat sheets, bookmarks, google, manuals, knowledge base etc. Moti Sagey's Top 3 Check Point CLI commands thread inspired me to start this project, allowing everyone to suggest new enhancements,…
Hi, Geo Protect question. Running R77.30 geo protect block log identifies hosts in 184.108.40.206/24 as Russian. RIPE has it registered as a UK range. How does that work? where does Checkpoint get its country list from? Many Thanks Rick Hellawell
Hi, I am trying to upgrade our R77.30 management server to R80.10 using CPUSE. The OS upgrades fine and then when importing the database, it fails with "Failed during import process". I have tired this fix sk118795 but still no help. I have attached the log file which was generated after the update failure. In the log file I can see the… Show more
Hello guys, I have a client that needs to perform all the Access Control, App Control and URL Filtering only with Access Role. I need to know your experience about the limitations of doing all the police with Access Role. Especially for Source of the rule. Thank you.
I’m in doubt about applying VSX cluster and Virtual Systems (VSs) in case of internet access over two ISP providers. I have two internet links from two different ISP providers and two Public DMZs subnets from every provider. The picture below shows connections between equipment and two providers. I have a plan to change two firewalls (FW01 and… Show more
SecureXL is enabled, but the traffic is not accelerated. i restarted securexl.but the result not changed. corexl and ht are active. and we have performance problems. [Expert@fw1:0]# fwaccel stats -s Accelerated conns/Total conns : 519/114126 (0%) Accelerated pkts/Total pkts : 1306379/17442674 (7%) F2Fed pkts/Total pkts :… Show more
What is the best practice for managing multiple clusters from one manager? Do all database changes show up across all policies even if they aren't referenced in the policy? Thank you.
Load more items
Hi there, The question I still have from latest CPX2018 is the exact date when R80.20 will be officially released or at list EA? We are waiting for some great features from R80.20 Including: - Gaia OS will be based on RHEL 7.x distribution what should give countless benefits and features. - R80.20 will support new ASIC's for 5000, 15000,… Show more