cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

Milos_Jovovic
Milos_Jovovic inside General Management Topics 2 hours ago
views 1795 12

RAVPN Checkpoint securID authentication forwarding to RSA authentication manager

Hello Team,I was going through integration of securID RSA Auth. Manager with CheckPoint Cluster (2x5200 NGGW's with 77.30 Gaia on it).Made one object for checkpoint agent on RSA auth. manager console (with ip of CP cluster). What name i have to put here? There is written to put name of securID agent object in CheckPoint smart dashboard. What is that name (securID server object? or someting else?). I have configured External user profile with match-all-users option (is this correct? we need to forward all auth request to RSA Auth. manager. In CheckPoint endpoint security vpn client we have three fields (username, PIN and token)). We have one passphrase (PIN and token), for one user. Is this only one factor or two? I am confused here. I have configured this external user group to be part of new user group securid_user_grupa:I have put authentication sheme securid for this external user profile:I have put this user group in remote access community for RAVPN connections:I have put the same sdconf.rec file on both gw's in cluster (active and standby) on path /var/ace/Installed policy and authentication does not work, zero packets going from CP cluster to RSA auth. manager.In vpn debug log files there is error “Access denied - wrong user name or password”.It is like CP tries to authenticate users in internal user database in MGMT server.I off course put in GW>>>VPNClient>Auth.>>>auth sheme to securID (chose securID server object).Do I have to do cpstop/cpstart on gw's to make this work?Eny suggestion? Maybe I have to change in external user profile type to match by domain?Do i have to check this box omit domain name when auth. users?Thanks Everyone for help.Any help would be appreciated a lot.
emreturkmenler
emreturkmenler inside General Management Topics 5 hours ago
views 58 6

Traffic not accelerated by Secure XL

Hi,I have been dealing with the secure XL for a while and cannot have the traffic accelerated as you can see the output below.The problem is the cpus are going over %95 during day time and i think the reason is the secure XL not handling traffic as expected as everything is going through the slow path.I have been through many topics here and I will put the outputs you may ask.Just a brief information of the firewall, working with ClusterXL, 8 cpu (2 SND, 6 workers) , OPEN SERVER ( I'm not sure if this could be any issue) , This is an external firewall, having DMZ, vpn and internet traffic of users and servers and more as you can think.#fwaccel stats -sAccelerated conns/Total conns : 14/79668 (0%)Accelerated pkts/Total pkts   : 370720/214400236 (0%)F2Fed pkts/Total pkts   : 211158051/214400236 (98%)PXL pkts/Total pkts   : 2871465/214400236 (1%)QXL pkts/Total pkts   : 0/214400236 (0%) # fwaccel conns -sThere are 211889 connections in SecureXL connections table The template number is so low.# fwaccel templates -sThere are 48 templates in SecureXL templates table # fwaccel statAccelerator Status : onAccept Templates   : disabled by Firewall                     Layer CL-EXT Security disables template offloads from rule #xxx ( just above the last rule)                     Throughput acceleration still enabled.Drop Templates     : enabledNAT Templates      : disabled by Firewall                     Layer CL-EXT Security disables template offloads from rule xxx ( just above the last rule)                     Throughput acceleration still enabled.NMR Templates      : enabledNMT Templates      : enabled I downloaded the fwaccel conns table and when investigated we see that most of traffic is about these 4 sources with 1 destination address (exchange related F5 traffic) as nearly 1/3 of the whole table is this connection. SourceDestinationDPortPRFlags     C2Si/f S2Ci/f InstAX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40CX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40AX4436F..A...S......40/3232/40BX4436F..A...S......40/3232/40DX4436F..A...S......40/3232/40 My question is, how come this traffic isn't accelerated?  Thank you 
yishola
yishola inside General Management Topics 11 hours ago
views 136 6

R80.10 -> R80.20/30 Management upgrade issues

Hi There,I've tried various upgrade paths for my VM Management server (R80.10 take 462) to R80.20 or R80.30 without success. I've increased the disk space and extended existing space with lvm_manager - still no joys. Tried cli and cpuse and the errors are always about insufficient disk space. I seem to have a lot of space.Tried migrate export and space issue persists. Tried snapshot and though system says I need 9gb for snapshot (and I have 33gb free), snapshot is unsuccessful.What I am looking for is a process by which I can upgrade the server without CheckPoint snapshot or backup. I can use VM Snapshot as fallback in case I need to.LVM overview============                     Size(GB)     Used(GB)       Configurable    Descriptionlv_current  20                  9                    yes                     Check Point OS and productslv_log          20                15                   yes                     Logs volumeupgrade     22                N/A                 no                      Reserved for version upgradeswap           5                 N/A                 no                      Swap volume sizefree             33               N/A                 no                      Unused space------- ----total 100 N/A no Total size  
Tobias_Karsbo
Tobias_Karsbo inside General Management Topics 19 hours ago
views 36

Cast (chromecast and Apple AirPlay) from different networks

Hi.I am setting up one Apple TV and one Chromecast in one of our conference rooms.They will be connected to our "device network". People should then be able to cast and share screen from "Internal Networks" as well from "Guest Network" and "PDA/Phone Network" to these devices.I guess I somehow have to enable multicast forward and then create rules allowing unicast to those devices from the different networks?Anyone who has any experience and can share some tips how to do this?Running R80.30 HAThanks/Tobias 
Don_Paterson
Don_Paterson inside General Management Topics yesterday
views 14719 21 7

NAT Templates - SecureXL

Is it recommended to turn NAT Templates on?Why is it not on by default?[Expert@GW:0]# fwaccel statAccelerator Status : onAccept Templates : enabledDrop Templates : disabledNAT Templates : enabledNMR Templates : enabledNMT Templates : enabled
Moe_89
Moe_89 inside General Management Topics yesterday
views 3456 7

"Certificate revoked" error when trying to login to SmartConsole. Cause: Corruption caused by unpredictable circumstances ?

A customer was unable to login to smartconsole with error "certificate revoked". Followed sk113744 which resolved the issue. But the given cause of the issue is "Corruption caused by unpredictable circumstances". What does that even mean ? Does anyone know the actual reason for this issue ?
Larry_Birch
Larry_Birch inside General Management Topics yesterday
views 307 9 1

SonicWall Migration

Has anyone had any experience in migrating SonicWall policies into Check Point?  How do this as easily as possible, and lessons learned.  I understand that SmartMove will not work.  Thank you.
Kevin_Werner
Kevin_Werner inside General Management Topics Tuesday
views 2885 9 1

80.10 to 80.20 Pre-Upgrade Verifier

I'm attempting to run the 80.20 pre-upgrade verification script on my 80.10 management server, but nothing appears to be happening when I execute it.  I've run the tool in the past with no issues so I am assuming there is a problem with my syntax.   I'm running ./pre_upgrade_verifier -p $FWDIR -c R80 -t R80.20 and am not getting an output.  The help doesn't list 80.10 as a possibility for the currently installed version so I'm partially wondering if its not supported.where the Currently installed version is one of the following:NGX_R65 (aliases: 6.0.1.0)R70 (aliases: R70_R70, 6.0.1.6)R71 (aliases: R71_R71, 6.0.1.7)R75 (aliases: R75_R75, 6.0.2.0)R75.20 (aliases: R75.20_R75.20, 6.0.2.1)R75.40 (aliases: R75.40_R75.40, 6.0.2.5)R75.40VS (aliases: R75.40VS_R75.40VS, 6.0.3.0)R76 (aliases: R76_R76, 6.0.3.5)R77 (aliases: R77_R77, 6.0.4.0)R80 (aliases: R80_R80, 6.0.4.8)The file permissions for the entire upgrade pack are below-rw-r----- 1 admin root 19141755 Jan 22 10:00 Check_Point_R80.20_Gaia_SecurePlatform_Migration_Tools.tgz-rwxr-xr-x 1 105 80 893915 Dec 6 03:52 gtar-rwxr-xr-x 1 105 80 241318 Dec 6 03:52 gzip-rwxr-xr-x 1 105 80 9210256 Dec 6 03:52 ips_upgrade_tool-rwxr-xr-x 1 105 80 4636 Dec 6 03:52 mgmt_puv.sh-rwxr-xr-x 1 105 80 14529536 Dec 6 03:52 migrate-rw-r--r-- 1 105 80 70783 Dec 6 03:52 migrate.conf-rw-r--r-- 1 105 80 107 Dec 6 03:52 plugin_pack.conf-rwxr-xr-x 1 105 80 8388116 Dec 6 03:52 plugin_upgrade_matcher-rwxr--r-- 1 105 80 19175 Dec 6 03:52 ppidb.conf-rwxr-xr-x 1 105 80 20965372 Dec 6 03:52 pre_upgrade_verifier-rwxr-xr-x 1 105 80 1468920 Dec 6 03:52 puv_report_generator

VMTools not auto-starting on R80.30

Hi, May be this is not the case for you but for me after I upgraded our management server to R80.30 it stopped to auto start vmtoolsd on boot. That is because vmtoolsd was missing in the list of services as confirmed by 'chkconfig' command. If that is the case for you as well then the fix is to run 'chkconfig --add vmtoolsd' followed by 'chkconfig vmtoolsd on' R80.30 Ongoing Take 111
Daniel_Taney
Daniel_Taney inside General Management Topics Tuesday
views 234 12

Need To Perform Mass Modification Of All User Accounts Expiration Dates

It came to my attention today that I have a large number of user accounts expiring on 1/1/2020. Given the number, it would be best to update these en masse. I have seen a couple other posts where some folks were accomplishing this using a series of API requests / changes. However, I also came across this older sk article: sk522 Can anyone comment whether this is still a valid method on an R80.30 SMS? I'm not opposed to going the API route if necessary, but this method seems to accomplish the same thing in a single command. Thanks! Dan 

NAT Loopback configuration problem in R80.10

Hi I have problem to configure a hairpin NAT (NAT Loopback) on my system. I have a local Lan that is 192.168.0.0/24On the wan side I have xx.xx.xx.107 that is where all “normal” traffic is using without any problem. I have xx.xx.xx.122 where I NAT https to an internal server.I can access the https NAT server from an external IPWhen I try to access the https external IP from an internal IP on the Lan side (192.168.0.0/24) it is not possible to access the service. In the log file for the access control policy I get an entry that the client is going out to access the external ip. I do not get a log entry for denied or allowed for the access back to the https service. I have been reading the https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk110019But I do not it to work. The config I have in my NAT rules is according to the attached picture. What is it that I am missing?Is my NAT rules in the incorrect order?
Vladimir
Vladimir inside General Management Topics Monday
views 222 8

Identity awareness logging only logon and logoff events.

Now, this may sound funny to some of you that know me, but here it is: We are running Security Checkup in our environment and the 15400 all-in-one box that was configured to accept the traffic from the span port, blades enabled and IA configured. IA is working in terms of seeing AD objects when trying to define roles and we see the logon and logoff events in a SmartLog. AD query is working with adlog a dc and adlog a q ip returning proper values. There are, however no user or machine IDs int the rest of the logs. I am not involved in the hands-on aspects of this project due to rather dramatically expanded responsibilities in my current role, but would like to lend a hand to my guys that are involved with it. SE that Check Point assigned to the case stated that he has seen this behavior in one more Security Checkup he was running, but that the root cause was never determined. Another question is this: when running security checkup with all-in-one, does it make sense to have IA configured or is it better to have Identity Logging configured on the box. Is there a case where both should be configured?   Let me know if you have any suggestions. Thank you, Vladimir
Mod

Check Point Infinity Portal Admin Guide

Infinity Portal (https://portal.checkpoint.com) is Check Point's new cloud web management for its security services. Current services include CloudGuard SaaS, CloudGuard Connect and Endpoint Cloud Management. More services coming soon.   The new admin guide is available at https://sc1.checkpoint.com/documents/WebAdminGuides/EN/Infinity_Portal/Default.htm   Looking forward to get your feedback on Check Point's cloud solutions and cloud-based management!

SmartConsole update torture

Until what century am I going to see this message? 😄      
Rafael_Lima1
Rafael_Lima1 inside General Management Topics Saturday
views 1727 11

Problem after migration to R80.20 - ClusterXL

After migrating from version R80.10 to version R80.20, our cluster presents the following messages.Feb 25 16:40:45 2019 FWINTRA1 kernel: [fw4_1];CLUS-216400-2: Remote member 1 (state ACTIVE -> LOST) | Reason: Timeout Control Protocol packet expired member declared as DEADFeb 25 16:40:46 2019 FWINTRA1 kernel: [fw4_1];CLUS-214904-2: Remote member 1 (state LOST -> ACTIVE) | Reason: Reason for ACTIVE! alert has been resolvedFeb 26 06:55:33 2019 FWINTRA1 kernel: [fw4_1];CLUS-216400-2: Remote member 1 (state ACTIVE -> LOST) | Reason: Timeout Control Protocol packet expired member declared as DEADFeb 26 06:55:33 2019 FWINTRA1 kernel: [fw4_1];CLUS-214904-2: Remote member 1 (state LOST -> ACTIVE) | Reason: Reason for ACTIVE! alert has been resolvedFeb 26 13:49:52 2019 FWINTRA1 kernel: [fw4_1];CLUS-216400-2: Remote member 1 (state ACTIVE -> LOST) | Reason: Timeout Control Protocol packet expired member declared as DEADFeb 26 13:49:52 2019 FWINTRA1 kernel: [fw4_1];CLUS-214904-2: Remote member 1 (state LOST -> ACTIVE) | Reason: Reason for ACTIVE! alert has been resolvedIn this cluster the backup traffic passes, causing a high consumption, before the migration we had the same consumption, but did not occur messages / errors.Another thing, we are verifying a connectivity problem on our servers and the time is similar to that listed in the above messages. Can these messages identify traffic disruption? We have seen that it does not occur on all servers, but in the most sensitive the connection is interrupted, causing serious problems on servers that use NFS.Another detail, we are getting the following message when executing the "show cluster failover" command, but we did not run the cpstop on the gatewaysFWINTRA1> show cluster failoverLast cluster failover event:Transition to new ACTIVE: Member 1 -> Member 2Reason: FULLSYNC PNOTE - cpstopEvent time: Tue Feb 26 15:02:13 2019Cluster failover count:Failover counter: 4Time of counter reset: Mon Feb 11 21:30:31 2019 (reboot)Cluster failover history (last 20 failovers since reboot/reset on Mon Feb 11 21:30:31 2019):No. Time: Transition: CPU: Reason:- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 Tue Feb 26 15:02:13 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop2 Tue Feb 26 13:49:52 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop3 Tue Feb 26 06:55:33 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop4 Mon Feb 25 16:40:45 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop_______________________________________________________________________________________________FWINTRA2> show cluster failoverLast cluster failover event:Transition to new ACTIVE: Member 1 -> Member 2Reason: FULLSYNC PNOTE - cpstopEvent time: Tue Feb 26 15:02:13 2019Cluster failover count:Failover counter: 4Time of counter reset: Mon Feb 11 21:30:31 2019 (reboot)Cluster failover history (last 20 failovers since reboot/reset on Mon Feb 11 21:30:31 2019):No. Time: Transition: CPU: Reason:- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1 Tue Feb 26 15:02:13 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop2 Tue Feb 26 13:49:52 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop3 Tue Feb 26 06:55:33 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstop4 Mon Feb 25 16:40:45 2019 Member 1 -> Member 2 00 FULLSYNC PNOTE - cpstopEnvironment:Check Point's software version R80.20 - Build 255kernel: R80.20 - Build 014JHF Take: 17OpenServer - Dell PowerEdge R730