cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Hawkeye_Parker
Hawkeye_Parker inside Endpoint Security Products 16 hours ago
views 442 1

Any way to check process debug is still running ?

Hi Chekmates,Have a query on Process Debug. Do we have any way to check if the process debug is enables or not ( Just to know if its stopped ) ?For example , We ran debug on FWD process using "fw debug fwd on TDERROR_ALL_ALL=5". Any particular command to know if its running ? Understand it would write up logs on fwd.elg file. Apart from that any particular command to know if its still running ?

Zero Phishing

Hi there,I am facing problem while creating a report for blade:"Zero Phishing". I filtered for password reused but SmartView shows no data found. However, I can see there are some events within R80.20.You help will be appreciated. Thanks
Vladimir
Vladimir inside Endpoint Security Products yesterday
views 1373 16

Wildcards in custom Apps

I am attempting to whitelist a long list of domains used by the user awareness training campaign. And am seeing this: Can we get some clarity on why this is not working and how to get around this issue. The lab is 80.30EA, but the client is running 80.20. Thank you, Vladimir

Endpoint client and Windows 10 1903

Hi everyone,has anyone tried to upgrade windows 10 to the 1903 version and install the endpoint client? in the release notes of ver 80.94 and 80.96 I see that it is not mentioned and does not seem to be supported yet. does anyone have feedback?

Database Migration in VSX environment

Hi All, We have following two checkpoint serversMGMT-SERVER-1:OS: Gaia R80.20VSX Environment (On 2 HA appliances)Managing 6 Virtual Systems.Each VS-Gateway policy package having around 200 policies.MGMT-SERVER-2:OS: Gaia R80.10Only two firewall in HA Mode.2000 + Polices into single Policy package. Now we are planning to merge the database of both these management servers using Python toll“Python tool for exporting/importing a policy package or parts of it “ I need your help for following queries:Can we run this python tool into VSX environment?As OS version are different (R80.10 and R80.20). So is possible to export policy package from R80.10 management server and then import it directly to R80.20 OSAs we need to merge the policy package which having 2000+ policies, so is there any limitation on the basis of policy package size or number of policies.
Tony_Seely
Tony_Seely inside Endpoint Security Products Saturday
views 376 1

Secure Domain Logon Altering Windows Logon

Client: 80.87 / OS: Windows 7 EnterpriseWhen Secure Domain Logon (SDL) is enabled it alters the Windows logon screen with an additional button to launch the VPN. This works as intended. However if SDL is disabled on a device it was previously enabled on the Windows logon screen remains altered. The logon screen will no longer remember the last user automatically and instead presents the logon window with a button for the last user, a button for other user, and also a button for the Smart Card if the device has that capability.We'd like to disable the way SDL is altering the Windows logon screen when SDL is also disabled to return to our previous logon experience. I currently cannot find what registry keys are being altered by enabling SDL beyond "HKLM\SOFTWARE\Wow6432Node\CheckPoint\TRAC\IsInEncDomain" and "HKLM\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SDLEnabled".I appreciate any suggestions you can provide.

Sandblast Browser on top?

Dear Community,I got a general question for the SA Webbrowser extension:I assumed, that the browser extension would be installed on top of a normal Sandblast agent.But sk108695 states, it's not recommended for other browsers then Chrome.Does anyone of you gathered experience/best practices with this?Is a browser download, phishing attempt etc. intercepted even if the browser extension is not installed, but the Sanblast Agent?Looking forward to your reply.Best RegardsJohannes

VSX Failover

Hi Team , Can someone suggest me how to switch my VSX firewall without any downtime .I am planning to Hot fix installation on primary firewall before this I need to make my secondary firewall make active so not impact on my BusinessSomeone suggest me if I Use ClusterXL admin down command not use in VSX mode .I am use R80.10 version in checkpoint firewall .Thanks in advance for replay my query .

Endpoint Security client cannot register to the server.The security ID of this machine was not found

Hi Team,Endpoint Server: OPENOS: R80.20 Hotfix: Take_47Client Package: E80.96 and E81.00Host Machine OS: Windows 7 Pro (64 bit) , Windows 10 Pro (64 bit), Windows 8 Pro (64 bit)On Windows 8 Pro: No issue working fine with E80.96 package.Issue: We face the issue with Windows10 and 7.We try both client package E80.96 and E81.00 and after installed showing error "Endpoint Security client cannot register to the server. The security ID of this machine was not found"Could someone address what is the exact issue?We removed the Third Party Antivirus from Windows 10 and also 7 but still struggling we unable to communicate with Endpoint Server.Also, what are those dependencies that need to care before installing SBA?Pls help to resolved this issue. @CHINMAYA_NAIK
Pliops12
Pliops12 inside Endpoint Security Products Thursday
views 951 3

VPN Access

Hi, Im looking for solution for my company.Currently we have remote access to the office via VPN Client and everything working fine.I want to allow to a specific user access via VPN but to another subnet and not to the "Office Mode Network" subnet that every employee connecting to by default.Or when this user connecting through VPN he allow to access only to DMZ Network and block his traffic to office by Access Policy. Thanks!

R77.30 version gateway writes logs on fwd.elg files eventhough Debug is disabled.

Hi All ,Need your advise on reason for why below logs are filling up fwd.elg file.Usually contents should be written to the .elg file if any debug is enabled.But seeing these weird logs written up frequently. RemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_del
paul
paul inside Endpoint Security Products a week ago
views 1078 7

SandBlast Agent stuck "Loading"

I'm trying to install the Check Point SandBlast Agent for Browsers on Windows Server 2008 R2. I'm unable to get it to work properly.(MSI) Installation went fine and when I open the "Manage Add-ons" dialog in IE11 I see both "CheckPoint.SandBlast" (version 990.58.12.0) and "Check Point SandBlast" (version 990.058.012.0), both enabled, both 32-bit and loaded.When I click the "Check Point SandBlast" button (or "Tools|Check Point SandBlast"), a pop-up dialog is displayed showing "HTML"-code. When I disable ESC (Enhanced Security Configuration) the pop-up dialog is displayed correctly, only it is stuck "Loading".Enhanced Protected Mode is not enabled (Internet Options Advanced Tab) and Internet Zone Security-Level is set to "Medium-High" (Default).I'm trying to implement SandBlast as a POC.
Nilesh_Sonkusa1
Nilesh_Sonkusa1 inside Endpoint Security Products a week ago
views 1020 2

configure Proxy Arp on VSX cluster firewall

Hi Team ,Can someone explain me how to configure Proxy Arp for Static NAT Public IP on R80.10 VSX Cluster firewall .My Cluster is active passive mode .I am go through SK30197 but not understand .
Nilesh_Sonkusa1
Nilesh_Sonkusa1 inside Endpoint Security Products a week ago
views 3202 16

How to install Hotfix on R80.10 VSX

Hi Team ,Is any document for Video available for how to install hotfix on R80.10 VSX mode .
Juan_Concepcion
Juan_Concepcion inside Endpoint Security Products a week ago
views 7890 21 6

EndPoint Security URL Filtering

URL Filtering for Endpoint Security. Presently this is how it's accomplished which is daunting and unmanageable when is this slated to be fixed:Note: This procedure needs to be repeated after every URL filtering policy change.Configuring URL Filtering - One-computer deploymentTo prepare to deploy the URL Filtering blade as part of Endpoint Security clients:Install an R75.40 Security Gateway (R75.40 only). Can be a Virtual Machine.Connect with SmartDashboard to the Security Management Server.Open the R75.40 Security Gateway object properties.Enable the URL Filtering blade - click on OK.Go to the Application & URL Filtering tab - in the left tree, click on Policy - define the relevant rules.Install the security policy on the R75.40 Security Gateway.Connect to the command line on the Security Management Server.Log in to the Expert mode.Run one of these commands to fetch the URL Filtering into the Endpoint policy:[Expert@HostName:0]# eps_policy_fetcher fetchlocal -g <Name of Security Gateway object>For example, eps_policy_fetcher fetchlocal -g GW1[Expert@HostName:0]# eps_policy_fetcher fetchlocal -d $FWDIR/state/<Name of Security Gateway object>/FW1For example, eps_policy_fetcher fetchlocal -d $FWDIR/state/GW1/FW1/Connect with SmartEndpoint GUI to the Endpoint Security Server.Go to the Policy tab.In the URL Filtering rule, make sure that there is an indication that the Security Gateway policy is available for endpoints.Example: Configuring URL Filtering - Distributed deploymentTo prepare to deploy the URL Filtering blade as part of Endpoint Security clients:Connect with SmartDashboard to the Security Management Server.Open the R75.40 Security Gateway object properties.Note: Install an R75.40 Security Gateway (R75.40 only). Can be a Virtual Machine.Enable the URL Filtering blade - click on OK.Go to the Application & URL Filtering tab - in the left tree, click on Policy - define the relevant rules.Install the security policy on the R75.40 Security Gateway.Copy all the files from the $FWDIR/state/<Name of Security Gateway object>/FW1/ directory on the Security Management Server to the $FWDIR/state/__tmp/FW1/directory on the Endpoint Security Management Server.Important Note: If you copy these files via a Windows-based computer, then after transferring them to the Endpoint Security Management Server, it is necessary to run the following command:dos2unix $FWDIR/state/__tmp/FW1/*Connect to the command line on the Endpoint Management Server.Log in to the Expert mode.Run the following command to fetch the URL Filtering into the Endpoint policy:[Expert@HostName:0]# eps_policy_fetcher fetchlocal -d $FWDIR/state/__tmp/FW1Connect with SmartEndpoint GUI to the Endpoint Security Server.Go to the Policy tab.In the URL Filtering rule, make sure that there is an indication that the Security Gateway policy is available for endpoints.