Showing results for 
Search instead for 
Did you mean: 
Post a Question
Daniel_Snyder inside CloudGuard IaaS Friday
views 959 18 1

Azure Scale Set Gateways Disappeared from Policy

We have deployed Azure Cloudguard Scale Set and have an interesting issue where our gateways are no longer present in the console. I looked at the auto-provision log and all I can see is the gateways are stuck in 'INITIALIZING' state. I know if I re-image them they will come back online but that also requires a slight rebuild of the gateway. Has anyone dealt with this and know how to reconnect the gateway to the manager without the redeploy?Failed scale set log entries during gateway sync:2019-01-24 21:22:36,179 MONITOR INFO {firewall #1}: INITIALIZING2019-01-24 21:22:36,203 MONITOR INFO {firewall #2}: INITIALIZINGOur working scale set looks like the following in the same log during gateway sync:2019-01-24 21:22:36,203 MONITOR INFO updating: {firewall #1} 2019-01-24 21:22:36,204 MONITOR INFO {firewall #1}: COMPLETE2019-01-24 21:22:36,204 MONITOR INFO {firewall #2} 2019-01-24 21:22:36,256 MONITOR INFO {firewall #2} : COMPLETENo issues with the auto-provision connectivity in general and no changes on our Azure side. These gateways were in my console at one point and then just disappeared and can't seem to find out why and a way to get them back in without a redeploy. Thanks in advance!** UPDATE **Looks like during a gateway sync the instances in the scale set could not be found (even though they existed and still do) and were deleted from the manager. However the firewalls still function but I am unable to manage them or push policy to them. Not sure how to get them back in to the policy without doing a re-image?
Cyprien_Leseurr inside CloudGuard IaaS Thursday
views 2169 22

Can we avoid the promiscuous mode for vSEC clustering ?

I work since few weeks on the virtualization of checkpoint security gateways. And to allow HA protocol (CCP) in order to create a clusterXL, I had to enabled the promiscuous mode on vmware.So I was wondering if there was not another solution.If not, is there some best pratices to avoid route causes on datacenters (packet loss for example) ?
Alejandro_Ferna inside CloudGuard IaaS Tuesday
views 350 6

Inspecting and detecting original source address of TCP NLB inbound traffic

Hello,I have a AWS TCP Network Load Balancer with proxy protocol v2 enabled. This LB routes the traffic to a logical server IP with a group of internal web servers. The ports it use are 30080 and 30443, configured as TCP service with HTTP/S protocol but it seems that IPS are not inspecting this traffic.Futhermore, I can see the real client IP address in the web server's log, so it seems proxy protocol are working, but in the Checkpoint log I only see the internal LB addresses so I can not differentiate between real traffic and LB health check traffic. I appreciate any kind of suggestion or hint.Thank you, regards!
inside CloudGuard IaaS a week ago
views 744 2

publishing routes to On-Prem via Express Route

Hi, I have a customer who is building a Hub-And-Spoke infrastructure in Azure. We added a Cluster-HA in his HUB vNet in order to route all the traffic from spokes vNets via the Custer to On-Prem and vice versa. The customer has an Express Route in the HUB spoke to access the On-Prem networks. The Azure Virtual GW publish to On-Prem the networks of the HUB vNet. This is more an Azure questions , How can I make the Express Route Virtual GW to publish the spokes vNets to On-Prem ? I added a UDR on the GatewaySubnet to route traffic to the spokes via the CG Cluster but that route doesn't propagate to On-Prem. Someone told me that the Express Route Virtual GW should also see the Peered vNets subnets and publish them but we don't see it. If anyone did something similar in other customers , please advise, Regards, Nir
Nicolas_Daems1 inside CloudGuard IaaS 2 weeks ago
views 880 3

Cloudgaard Azure and Remote Access

Hi, I'm trying to setup a Remote Access VPN (Check Point Mobile on Windows) on Azure.This Azure Gateway is connected to another Check Point Gateway with a Site-to-Site VPN. This communication is working fineThe Mobile VPN Client are able to connect but no traffic is reaching the Azure Firewall (tcpdump / fw monitor). The VPN setup is not configured to route all traffic to the gateway so only the remote access community shoud be reachable. I can see that the Endpoint receive the route correctly (route print) but when trying to reach the gateway no traffic is detected.I guess there is an issue with the UDR on Azure but I don't know how the VPN subnet needs to be defined:Do we need to define the VPN subnet on Azure Subnet ?If we need to define the subnet to Azure what route should we defined on this subnet ?Do we need to route the traffic to Frontend or Backend interfaceAny help will be appreciatedThank youNicolas
Martin_Valenta inside CloudGuard IaaS 2 weeks ago
views 1115 3

autoprovision on domain with already existing gateways

Trying to enable autoprovision on one domain, but this domain is having already some gateways in it. I've configured it and all is failing on API calls like this:File "/opt/CPsuite-R80.20/fw1/scripts/autoprovision/", line 1888, in __call__2019-05-24 07:27:14,130 MONITOR INFO raise Exception('failed API call: %s%s' % (command, msg))2019-05-24 07:27:14,131 MONITOR INFO Exception: failed API call: show-simple-gateway: Requested object [xxx] not found I didn't found any documentation, that this cannot be done..also waiting on TAC response.. @Javier_Hijas any insight on this?
Tiago_Sousa inside CloudGuard IaaS 2 weeks ago
views 873 2

AWS price increase

Any idea of why there was such price increases on aws:Thank you for subscribing to "CloudGuard IaaS R80.20 Security Gateway - NGTP PAYG".We are writing to notify you that Check Point Software Technologies, Inc. has increased the hourly pricing on the following instance types for "CloudGuard IaaS R80.20 Security Gateway - NGTP PAYG".c5.9xlarge - Previous: 1.89 / New: 6.0c5.large - Previous: 0.69 / New: 0.75c5.4xlarge - Previous: 1.39 / New: 2.8c5.18xlarge - Previous: 1.89 / New: 11.5c5.2xlarge - Previous: 1.08 / New: 1.4Thank you for subscribing to "CloudGuard IaaS Security Management".We are writing to notify you that Check Point Software Technologies, Inc. has increased the hourly pricing on the following instance types for "CloudGuard IaaS Security Management".m5.12xlarge - Previous: 0.49 / New: 1.4m5.4xlarge - Previous: 0.49 / New: 1.4m5.24xlarge - Previous: 0.49 / New: 1.4
Blason_R inside CloudGuard IaaS 2 weeks ago
views 2326 8

Site-Site Tunnel between Azure Gateway and On-prem CP Gateway

Hi Team, Curious to know if Azure GW can be managed trough On-prem Management server? I guess it should because eventually it would speak with gateway on CP Ports. As well as can we configure Tunnel between Azure & On-prem CP again managed with Onprem Management server? Or is it better to have Separate Mgmt server on Azure?
access2nitan inside CloudGuard IaaS 2 weeks ago
views 390

Check point cloud Guard Gateway and Management

Hi TeamGreetings!We are trying to setup checkpoint for 100 location for thousand users. So here is the initial setup 2 server under public subnet and 2 or private server.Two NLB one for incoming traffic and one for local task.So traffic will come on external Elb than gateway server and then linux web server.Just need your help to setup traffic from one ELB to Internal ELB. Thanks,
mohit7812tyagi inside CloudGuard IaaS a month ago
views 827 1

what is pre-request to implement checkpoint firewall to azure

Hi Team,I need to know is there any additional subscription is required to implement the checkpoint firewall and what is pre-request to implement checkpoint firewall to azure cloud, please referred me related document link,
Poh_Seng_Anthon inside CloudGuard IaaS a month ago
views 612 1

Trial license for IaaS Private Cloud openstack?

Hi All May i know where can i get a trial license for IaaS Private Cloud for OpenStack?? can i get the eval license from the portal? regardsAnthony
Atif_Saeed inside CloudGuard IaaS 2019-05-16
views 441 2 1

Looking for a Azure upgrade process for Security Management Server/Gateways

Looking for a Azure cloud upgrade process for Security Management Server/Gateway cluster from R77.30 to R80.20.
inside CloudGuard IaaS 2019-05-15
views 988 4 2

How does CloudGuard controller makes your life easier?

The first Check Point cloud controller connector was released around 2 years ago to transform the way we consume objects in security policies and opening a revolutionary new security model for designing and operating policies with an automated and zero-touch approach that helps security practitioners focusing on analyzing security events and improving security postures and designs instead of performing basic operational tasks. Since that first release a number of new features and connectors have been added so that almost any organization today can leverage this functionality (for free by the way). In the past months I have met a number of customers sharing with me different use cases enjoying this function in multiple ways to improve their day to day security challenges. I realized it could be very interesting for the community to share how each setup is leveraging CloudGuard Controller so I invite you to share your use case in this thread explaining how the organization you work with enjoys this function. I will start by sharing the policy I use as an example on how to leverage it: The example above protects a hybrid infrastructure with on-prem, azure and aws environments where each and every asset has been previously tagged according to the security needs. Any new application that is for instance ruled by PCI requirements only needs to be use the "PCI" tag in order to be automatically added with the right access and protection without modifying or reinstalling the policy above. What is your use case?
dantsec inside CloudGuard IaaS 2019-05-14
views 509 1

CheckMe Cloud Security Assessment

Has anyone ever used CheckMe for Cloud? Is it possible to check most vulnerabilities? Is the report clear and objective?Does anyone have a report that can be shared? Is there any laboratory environment for demonstration?
Dawei_Ye inside CloudGuard IaaS 2019-05-09
views 596 3

Have you guys deployed IPv6 gateways in AWS yet?

I am preparing to deploy GWs and SMS in AWS with IPv6 in China region. I used to use cloudformation to fulfilled this task with IPv4.But I didn't know if it work with IPv6. And are there any other tips or limitations in IPv6 in AWS? Regards,Dawei Ye