Hello, We are running CheckPoint R80.10 and have enabled IPS, Anti-Virus, Anti-Bot threat prevention blades. There is a requirement to block TLS1.0 traffic passing through the gateway. Just wondering how we can achieve this using our Threat Prevention blades. Thanks, Chandru
Challenge description: our user general internet access is limited to proxy only or very specific "whitelisted" IPs could be accessed directly bypassing proxy, i.e O365. Up until October we were able to script simple network group with all O365 IPv4 addresses based on XML information from MS. That has been streamedlined now and many services have… Show more
Greetings, There are usually valid arguments to be made when you would chose a fresh install vs an in place upgrade via CPUSE from one version to another, depending on the environment, amount of customization made, etc. As far as I've read, gateway appliances do not take advantage of the new 3.10 kernel yet, which would be a Pro for a fresh… Show more
Bob, Are they aware of the changes or is it kind of an Überraschungsei? If the gateways are clustered, maybe tear apart the nodes, take a backup of the whole machine, update one with a fresh install. Now you can try to elaborate, what changes are still needed and go for some tests. Personally i‘d prefer a fresh install on gateways too, if…
Currently, I had two IPSec VPNs, using ISP A and B to go out, respectively on a third-party firewall. The peers were third-party firewalls too. Assuming I wanted to migrate to Check Point firewall platform. Does Check Point firewall R80.10 support this kind of setup? If yes, where should I configure under IPSec VPN -> Link Selection subsection,… Show more
Is there a simple command to see the same info as a cisco show xlate and show conn? Objective is to quickly see original and xlate address/es without the fwaccel conns and fw tab ....... -f commands or using fw monitor (want to avoid those but quickly see relevant info.
Hopefully self-promotion isn't frowned upon but I was suggested to post here. Over the past few years, I've been working on a tool to help people capture packets by allowing users to have a web-based interface to create the commands for them. Today, I've launched the latest version into production which supports "fw monitor" as well as "fw ctl… Show more
Hey Sven Glock and everyone else. I've pushed the latest update to http://dev.tcpdump101.com with some new items/features that I'd love to hear your feedback on. I've put the additional "Save to File" options back in since I forgot them earlier as well as an updated note in the (?) Help bubble for the tcpdump interface stating that you can use…
Hi, I am running into problems when migrating a R77.30 SmartCenter to a R80.10 Domain Server on Multi Domain. Pre-upgrade Verifier is not reporting any problems, so this should work. But is does not. Strange thing is: a migration from R77.30 SmartCenter to R80.10 SmartCenter is working fine. So I want to migrate this R80.10 SmartCenter… Show more
I am really just looking to know, which certificate from my Exchange server should I be importing into the MTA configuration for TLS decryption/encryption? I was going to use a .cer certificate I exported for use in another area in my Checkpoint console for sending emails, but it looks like the MTA configuration wants a p12 cert. Screenshot… Show more
I would like to know if anyone knows how is the integration between CloudGuard with Vcloud Director. Anyone knows the SK/Documentation that shows the integration procedure? Thanks!
When you perform automatic NAT on an object, you have two options. You can select a single firewall/cluster or All. Is there any way you can select two or something like Policy targets using automatic? The only way I can find is by doing manual NAT rules. It looks like it will let you do Policy Targets.
I have my primary and backup data center clusters in the same policy package. Basically, I am trying to find the easiest and simplest way to NAT to just these clusters in case we fail-over to our backup data center. You could clone your object and create the Auto-NAT for your secondary policy installation target there.Won't the first rule top…
Hello community, Some month ago we migrated our Security Management Servers and the dedicated Log Server from two R77.30 VMs to two R80.10 Smart-1s 3150, defining the second Smart-1 as Secondary-Standby Security Management Server & Primary Log Server. Only now, we noted that actually the Primary Active is defined as Check Point Host Object,… Show more
Hi, Another tricky one to explain In Azure i use UDR to route traffic out of the cloudguard. I then have an LoadBalancer forwarding the traffic for its extrnal IP to the Cloudguard and then onto the internal zone on a VM. When i try to connect to the loadbalancer external IP the cloudguard is blocking the connection due to Local interface… Show more
Load more items