News | CheckMates

Mahab Rashid in Management (R80.10)11 hours ago (Show more)

Limiting duration for a service/application

I know you can create an AppCtrl rule to limit application traffic by specifying the hours or time period in which the rule is active (Next Generation Security Gateway R80.10 Guide). However, I don't see an option to limit the duration of the traffic by number of hours, minutes etc., i.e. how long a particular application should/can be allowed… (Show more)

1 replyShow more activity

Dameon Welch Abernathy

(to Mahab Rashid) 8 hours ago (Show more Show less)

This is not a feature we have in the current mainstream product. That said, it is something we've provided through customer-specific patches (built against specific code release/hotfix levels). I recommend engaging with your Check Point SE for further details.

Actions

Dalit Ben Izhak in General Product Topics19 hours ago (Show more)

outlook 365 traffic is getting dropped with R80.10

We have R80.10 with jumbo take 70, and we use outlook with office365. We added all the relevant FQDNs and IP addresses from Microsoft, but still, when trying to open new profile in outlook, we are getting blocked. Many block messages appear, we are not sure which is relevant. I can see drops of - for several addresses of microsoft - dropped… (Show more)

2 repliesShow more activity

Maarten Sjouw (to Dalit Ben Izhak) 10 hours ago (Show more Show less)

Instead of adding all those urls/IP lists Microsoft issues, just use the predefined Application to allow Office365.

Actions

H. A. in SandBlast Network3 weeks ago (Show more)

Symantec (Bluecoat) SG ICAP and Sandblast (old)

A newer version of the document can be found under the following link: Symantec (Bluecoat) SG ICAP and Sandblast (TEX) Because of a technical problem in the Checkmates Portal I start with a new account. If you want to follow me, please click "Follow me" in the new account.

4 commentsShow more activity

Will Wells marked Christian Wagenmueller's comment as helpful

Keld Norman in CloudGuard (Formerly vSEC)3 weeks ago (Show more)

Invalid license: VE license is required

I have a Virtual Check Point v. 80.10 running on ESXi and everything works fine ( running on a 1 year trial licence) But I see alot of this error message in the "dmesg" log (when running the command dmesg after ssh to the firewall and switching to expert mode) : "Invalid license: VE license is required" If i create a trial licence "Check… (Show more)

3 repliesShow more activity

Maarten Sjouw (to Keld Norman) 17 hours ago (Show more Show less)

how did you attach the license to the gateway? Did you use the VSEC licensing Util?

Actions

Dmitriy Chazov in Installation, Maintenance, and Upgrades3 days ago (Show more)

Clean installation R80.10 and error "The connection with the server was lost. Any unsaved changes are preserved "

Good day to all. I started to test the solution CheckPoint R80.10 take 462. Faced an incomprehensible situation for me. After applying the policy, I get the error "The connection with the server was lost. Any unsaved changes are preserved ", after which I can not connect using both SmartConsole and SSH and WebGUI. What I'm doing. I spread out CP… (Show more)

5 repliesShow more activity

Dmitriy Chazov (to Dameon Welch Abernathy) 20 hours ago (Show more Show less)

Thank you again, that's right, I did not look at which routes are going to the control interface and it's logical that anti-spoofing thinks it's wrong.

Actions

WAI KIT LAO in General Product Topics5 months ago (Show more)

Is there any workaround for SNI HTTPS traffic when enabled the HTTPS probe bypass?

Hello everyone, Customer now uses HTTPS inspection with probe bypass. He found that he could not access some website. After checked, those website site works only in browsers with SNI support. I found the sk104717 point that the limitation of HTTPS Inspection Bypass Mechanism with enabled Probe Bypass is HTTPS Inspection will not work for sites… (Show more)

9 repliesShow more activity

Amos Reiss

(to Norbert Bohusch) 21 hours ago (Show more Show less)

We are going to move the rulebase decision to a later point in the connection when we are able to send the SNI and then cache would be including “verified” SNI. This should allow us to work with SNI in a secure manner.

Actions

Luciano Miguel in CloudGuard (Formerly vSEC)2 weeks ago (Show more)

AWS CloudGuard Monitoring - CloudWatch

Hello Guys These is one idea for monitoring your "VPC Security" deployed with CloudGuard devices, use "AWS CloudWatch". Its very simply. cloudguard vsec aws

4 commentsShow more activity

Voted on by Dr. Chris Murphy • 22 hours ago

Siva Vignesh in Management (R80.10)2 days ago (Show more)

Application Filtering WorkFlow ?

I have allowed my internal subnet towards internet (ANY) in network policies and I am Blocking some of the Applications (instance : facebook). Now if i am accessing facebook, how the traffic will flow and logs will be displayed on Smartview Tracker.

1 replyShow more activity

Dameon Welch Abernathy

(to Siva Vignesh) 23 hours ago (Show more Show less)

It depends on the version you're running and your exact configuration. In R77.30, for instance, the traffic would have to pass a firewall rule before App Control even applies. As such, you'd see two different entries in the logs. In R80.10, it depends on what your rulebase looks like and how you're using layers in your policy, but you…

Actions

alexa2f878495-07e0-48b1-99f4-0c0740ddee67 in General Product Topics2 weeks ago (Show more)

Custom Application by destination address / port combination?

Hi - R77.30 Using custom applications, I don't see a way to identify an application by destination address and port combination. Is this not currently supported in R77.30 / App control signature tool? I see there are various other ways to define but none that fit this particular case.

7 repliesShow more activity

Dameon Welch Abernathy

(to alexa2f878495-07e0-48b1-99f4-0c0740ddee67) 23 hours ago (Show more Show less)

The "Services" column is hidden in the R77.30 App Control rulebase but can be shown by right-clicking on the section headings in the rule and selecting Service. Now you can restrict the ports for any App Control rule, if you desire.

Actions

Moti Sagey

in SandBlast Network11 months ago (Show more)

Upvote if you want WebUI for Sandblast Agent

Upvote if you want WebUI for Sandblast Agent Nicolas McKerrall Dameon Welch AbernathyDaniel Colwell

7 commentsShow more activity

Voted on by Milos Jovovic • 1 day ago

Charles Hurst in Management (R80.10)4 days ago (Show more)

Management Server Internet Facing

Hey all, Purely theoretical unless someone has encountered this... Is it likely that a companies IT policies would prevent or at least not be too forthcoming with having their SMS internet facing? I know a lot of companies that would have a management subnet that is not internet facing therefore would not be able to manage remote gateways… (Show more)

3 repliesShow more activity

Xavier Bensemhoun marked Vladimir Yakovlev's reply as helpful

Tom Coussement in Management (R80.10)5 months ago (Show more)

vpn issue since R80.10 - Check Point to Fortigate (behind NAT router)

We are having problems with some vpn tunnels since we upgraded our firewall gateway to R80.10 (previous R77.30) More specifically between our Check Point R80.10 gateway and Fortigate gateways that are behind a NAT router. Behaviour: On both firewalls tunnel status is shown as up. When sending traffic from LAN behind Check Point to LAN… (Show more)

9 repliesShow more activity

German Cruz marked Vladimir Yakovlev's reply as helpful

Vato Chantladze in Installation, Maintenance, and Upgrades2 months ago (Show more)

GAIA R80.20 Release Date And New Features?

Hi there, The question I still have from latest CPX2018 is the exact date when R80.20 will be officially released or at list EA? We are waiting for some great features from R80.20 Including: - Gaia OS will be based on RHEL 7.x distribution what should give countless benefits and features. - R80.20 will support new ASIC's for 5000, 15000,… (Show more)

9 repliesShow more activity

Jeffrey Engel

(to Hugo van der Kooij) 1 day ago (Show more Show less)

Please note that the Public EA is intended for lab use. Using it in production is not recommended as there may not be official support to get up to GA code.

Actions