I know that inline layers are not supported for pre-R80 gateways, but can I even create them (for testing purposes) in R80 SmartConsole? It seems that only ordered layers are supported now?
Hello all, Looking for a suggestion on the following. Requirement: DLP policy enforcement for outbound SMTP Traffic to G Suite mail relay located on internet. Setup: R80.10 Distributed setup HTTPS inspection not enabled. Description: The Mail Relay is located at mail-relay.google.com as customer has a G Suite setup. We have enabled… Show more
DLP for SMTP definitely requires a relay of some sort. In fact, the recommended configuration is to have an internal mail server and a separate relay in the DMZ The relay can be internal, but this is not recommended. Both configurations are discussed here: Data Loss Prevention R80.10 (Part of Check Point Infinity)
As mentioned in the article Revisions Management in R80.x, I do have an informal writeup I use when teaching CCSA R80.10 that helps summarize how R80+ Change Control and Revisions are handled for the inevitable questions that arise in class. This document is a sprucing up of those notes complete with some new screenshots. Absolutely no way…
Hi, I am looking for official documentation on using MDS and A/S Cluster together. Is this available ? thanks
Can anyone explain clear about NTP server in checkpoint, how it's getting synchronization with other server time?. Also Share the steps to proceed in GUI and command which used in CLI for clear understanding.
We have a custom site that we've created an access rule for all users to be able to access. However the page only partially loads. Looking into the logs show that the images used by the website fail to load, as they are being blocked because they are hosted on an external site (*.cloudfront.net) that isnt explicitly allowed. I'd like to be able… Show more
Hi, I upgraded SMS (virtual) and gateways from R77.20 to R80.10. In SMS i did a clean install with migrate import. The only doubt is about licensing. I didnt touch anything about licenses in R80 after upgrade was done, so i dont know if i should install/attach the licenses in R80.10 for SMS or GWs. So how can i know if the nodes are working… Show more
I have been trying to get my MDS upgraded from R77.30 to R80.10. We run through the upgrade in a VmWare environment to test the upgrade prior to upgrading production, so this is still in my test environment. My configuration is: R77.30 T286, 4 CMA’s – 1 of which contains a VSX cluster. Global policy is assigned to two CMA’s, and has only 1… Show more
Under R80.30 it is possible to encrypt CCP traffic. This is very useful to protect the cluster from manipulated CCP packets. Therefore new commands have been implemented on the CLI for this purpose. The following description shows you how to enable CCP encryption. All settings you make on the CLI are permanently stored in the following file…
Hi, we have some CloudGuard gateways running in Azure and some Asian sites have issues reaching them...or the other way around. We can ping from appliances such as 730 models to servers in the encryption domain of the vSEC gateways but not the other way around. And then suddenly it works, and then not anymore. We tried permanent tunnels but it… Show more
The thing with MSS and MTU is that it does not make sense to lower the interface your VPN runs on as that would lower the actual MSS even further. MSS = MTU - (40bytes IP/TCP header + IPSEC header size) So lowering the MTU further, it would make the MSS even lower, unless the Azure gateway does not really care about the setting of the MTU, but…
Hi All, I have configured two Checkpoint Gateways using GAIA R80.20 and added both security gateways in the Full HA cluster. After configuring the sync interface when I have check the High Availability state using "cphaprob state" command both gateways are appearing as "Active". It is not displaying secondary gateway as "Stand by" gateway. Is… Show more
Load more items
Hi Checkmates!, please your help with the following question: Sandblast (somewhere in the emulation process) can analyze links that comes within a .doc, .pdf, .xls files arriving through email attachment files (MTA) to detect if they lead to malicious sites or zero-day malware files?