News | CheckMates

Di Junior in General Product Topics4 days ago (Show more)

Cannot disable IPSec blade on the gatewa

Dear Mates I need your urgent help. I have enabled IPSec blade on one of our clusters, and I now need to disable it because it mays be causing some issues with another IPSec that we use from a vendor within our network. When I try to disbale IPSec, itshows the message on the image bellow: When I check where used, it shows all the… (Show more)

10 replies1 new updateShow more activity

Di Junior (to Timothy Hall) 9 minutes ago (Show more Show less)

Hi again Tim, I finally got it up and running. Your contribution helped me alot. I had to enable Sticky Forwarding Function because our Cluster is in Load sharing mode. Then everything worked just fine. Thank you

Actions

Stuart Green in Logging, Monitoring, Reporting, and Event Analysis3 months ago (Show more)

MUH Identity Awareness Agent on Citrix randomly disconnects

Hi, Has anyone encountered this issue with the MUH Identity Awareness Agent running on Citrix servers? Initial connection works just fine but then after a few days it just disconnects and stops forwarding identities. Event log on the server says that it is connected but the agent doesn't report that. Screenshot is attached. There doesn't… (Show more)

8 repliesShow more activity

Sajid Abbas (to Stuart Green) 1 hour ago (Show more Show less)

Hi Stuart, The agent installed is R80.102.0000 We have AD and TS enabled. For Identity agents, did you just enable it with default setting or modified them. I've also noticed that for any TS agents that are connected, no username information is seen on logs. Seems like the whole solution is not working. Sajid

Actions

Christian Benitez in Policy Management3 years ago (Show more)

How do you rollback an old policy?

In previous versions, one could open the current policy, make 50 changes and then save it with a different name (usually, firewall.name.date). If there was an unforeseen issue (or management decision), one could rollback easily the old policy by installing the old version where everything was working as expected. How do you handle this situation… (Show more)

9 repliesShow more activity

Tomer Sole

(to Sebastien Rho) 2 hours ago (Show more Show less)

Hi Sebastien, We continue to recommend to run the Gateway-level revert by clicking "install previous revision" from the "Policy Installation History". This makes the Security Management Server silently log into that previous Management revision, collect all the data from it - including rules, objects, gateway settings, topology etc., and…

Actions

Daniel Taney in Logging, Monitoring, Reporting, and Event Analysis8 hours ago (Show more)

See How Far Back SmartLog Indexes Go In R80+?

This may be a dumb question, but I couldn't find any other relevant posts that existed before asking it... Is there a way to see how far back your SmartLog Indexes go in R80.10? Back in the R77.30 days, it used to just show up at the bottom of the SmartLog app. I don't see anywhere in the GUI to display that anymore? Thanks! Dan

Moved by Tomer Sole to Logging, Monitoring, Reporting, and Event Analysis • 3 hours ago

Myo Min Zaw in Management7 hours ago (Show more)

Upgrade Splat R77.30 in Smart1-5 to Gaia R88.10 in Smart1-410

Hi Expert, I am doing for one project Upgrade from Splat R77.30 in Smart1-5 production appliance to Gaia R88.10 in new Smart1-410. Please kindly advice it how to better way to upgrade for this above scenario. I am not able to find for the correct image at CP user center of Upgrade wizard guide. From my approach is as per below: 1. … (Show more)

1 replyShow more activity

Vato Chantladze (to Myo Min Zaw) 3 hours ago (Show more Show less)

Hi Myo! You mean Gaia version R80.10, is not? BR

Actions

Gerard van Leeuwen in Logging, Monitoring, Reporting, and Event Analysis5 months ago (Show more)

viewing LOG - filter on NAT rule #

Hi, I'm using the Logs & Monitor of Domain Management Server ( R80.10 ) on a VS ( R77.30 ). I'm looking for the field name of "Xlate (NAT) Source IP" to use in the query in Logs & Monitor. (Already tried filtering using the "Copy Rule UID" of the NAT rule and using it with fieldname rule_uid. ) The drop down list of "other fields" I hope… (Show more)

15 repliesShow more activity

Raj Khatri (to Raj Khatri) 3 hours ago (Show more Show less)

So after working with TAC, it appears that the NAT Rule Numbers are not indexed. The only workaround is to open an individual log file and use the following query - nat_rulenum: 123 An RFE has been submitted for this request.

Actions

Jon Dyke in Policy Management7 hours ago (Show more)

Bulk rename of host objects

I have a few hundred host objects that I need to rename. The hosts are called site2_xxx_xxx but need to be site3_xxx_xxx. What would be the best way of doing this? I am assuming the API is an option given I am on 80.10. Thanks Jon

1 replyShow more activity

Maik Dummer (to Jon Dyke) 4 hours ago (Show more Show less)

Hey, Just add the necessary information to a csv file, set up the csv like this: name, new-name site2_xxx_xxx, site3_xxx_xxx site2_xxx_yyy site3_xxx_yyy site2_xxx_zzz, site3_xxx_zzz and so on... (Use quotation marks if the object names contain spaces) Afterwards place the csv file on your SMS (or the management PC, which is used to…

Actions

kingdavid akubuine in General Product Topics4 hours ago (Show more)

Not getting enough information from the Web Visualization Tool

Hi Checkmates. I recently explored the option of exporting our checkpoint firewall security policies using the Web Visualization Tool as recommended by checkpoint. I was able to convert the outputs to readable formats However, it seems to not give us enough information, i.e. I cannot see the IP address objects, or node objects. From the… (Show more)

Sharon Simsa

in General Product Topics5 days ago (Show more)

Usability Testing - join us!

Dear CheckMates, My name is Sharon, and I run the usability testing in Check Point’s R&D. Our goal is to validate the quality of the User Experience of our products. We do that in one-to-one Zoom sessions with our customers and partners. A typical session lasts up to a 1 hour. In these sessions, our R&D experts share upcoming features, and… (Show more)

3 repliesShow more activity

Norbert Bohusch (to Sharon Simsa) 4 hours ago (Show more Show less)

Same here :-)

Actions

kingdavid akubuine in General Product Topics5 days ago (Show more)

NAT Issues

Dear Checkmates, I did static NAT and the required policy to reach a web server in my Network but i still cant reach the webserver. I ran a zedebug command and the following popped up: "dropped by fwpslglue_chain Reason: PSL Reject: aspii_mt" Please How can i fix this?

3 repliesShow more activity

kingdavid akubuine (to Heiko Ankenbrand) 4 hours ago (Show more Show less)

Hello Heiko, The issue has been resolved. Thank you so much.

Actions

Brian Deutmeyer in Management1 month ago (Show more)

Delete or Hide Tasks from SmartConsole

I'd like to change all my LOM passwords using ipmitool via the API using run script. The issue I'm facing is the new password will be visible in SmartConsole when looking at tasks that have been run. Is there a way to delete or hide certain tasks so we can keep certain data safe (like passwords)?

1 replyShow more activity

Norbert Bohusch marked Uri Bialik's reply as helpful

Nischit Aryal in General Product Topics3 days ago (Show more)

fw_full process consumes 100% CPU

Hi, Sometimes, the fw_full process seems to be on 100%. Please refer the attached screenshot. I found the SK regarding this issue but still I thought of asking in this Community. Has anyone faced this issue? If yes, please help me resolve this issue. Thanks in advance. Sincerely, Nischit A.

7 repliesShow more activity

Nischit Aryal (to Dameon Welch-Abernathy) 6 hours ago (Show more Show less)

Hi Dameon, I will check if the symptoms matches any of the SK and follow SK based on the symptoms. I will share it if the issue gets resolved. Thanks for your help Dameon!

Actions

Stephen Henihan in Installation, Maintenance, and Upgrades10 hours ago (Show more)

Migrate Standalone to Distributed - Failed to Open File configuration2

My goal is to convert a standalone R77.30 4400 appliance into a gateway for a Distributed license Security Manager Hyper-V VM that'll do management, reporting, logs, etc. We only have the one 4400 in place at the moment so downtime is an issue. As I understand it, I should migrate the standalone configuration to distributed first (using the… (Show more)

5 repliesShow more activity

Stephen Henihan (to Günther W. Albrecht) 6 hours ago (Show more Show less)

These were the some of the articles that I used to begin the migration. There are so many disparate but possibly related articles that I came across alternating solutions that confused the issue (they probably referred to different versions). SK61681 - The main issue here was that it seems to require modifying the existing (sole) gateway device…

Actions