Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

TOM_MORAN inside General Management Topics 2 hours ago
views 143 3

retrive logs from a firewall after Management station has been disconnected

Hi I have a log question. If the Management Station is disconnected from  the firewall due to  ISP outages, The firewall logs locally.When the Management station reconnects does it:1) download the local logs of the firewall automatically (I do not believe it does)2) do we have to download the logs manually ?    a) is there a procedure for this, noting obvious  Any help is appreciated    
amy567 inside General Management Topics 2 hours ago
views 10

Training certification

Hi,I Passed my Threat Prevention exam and got 2 Continuing Education Credits, what is the use of this credit
Rahul_Borah inside General Management Topics yesterday
views 100 2

Trend micro DDI Integration with checkpoint

Hi Expert,  My client wants to Integrate Trend micro DDI with the checkpoint.My concern, Is there any impact of performance in Checkpoint if Trend micro DDI Integrate with the checkpoint.Regards,Rahul

Gaia R77.30 standalone upgrade to Gaia R80.10 (clusters)

We are planning to upgrade Gaia R77.30 standalone to Gaia  R80.10 and they are in HA/Clusters. I need suggestions on best practices as there are not much information with regards to this situation. Regards
inside General Management Topics yesterday
views 1369 4 10

CDT v1.6 is GA!

Hi all,I am very happy to announce the release of version 1.6 of the CDT - Central Deployment Tool, which now also supports VSX.Version 1.6 introduces the following new features, as well as bug fixes and minor additions: VSX support – including gateways, HA clusters and VSLS clusters Customized RMA backup & restore - add additional files to the backup Resume mode – quickly resume after resolving issues with failed deployment plans CloudGuard support - Gateways and CloudGuard Controllers R80.10 and above Version 1.6 will also be included in version releases starting R80.30 on all Security Management and Multi-Domain Management machines. Please visit sk111158 for download and usage instructions.Any comments or suggestions for CDT will be appreciated!

Migration of Barracuda to Checkpoint R80.20

Hi all, we have to migrate a Barracuda Firewall with a hughe Rulebase / Object Database to Checkpoint.Has anyone done this before and has some hints / inputs for me? thx
JPYDX inside General Management Topics yesterday
views 83 6

VPN issues after migration 77.30 to 80.30

Hi, ive done a simple migrate export of a 77.30 management server, and imported on a clean 80.30 VM.. No hostname or IP changes. after initial migration, we had no issues. Over the weekend, VPN tunnels have now gone down. No policies have been pushed since migration. SIC was never reset as I believe you don’t need to. any pointers? gateways still on 77.30

How to import file (network object setting)

Hi,We use R77.30 Security Gateway. I'm looking for a way to set network objects in bulk. I discovered that SmartDashboard has a way to import ckp files. However, I don't know how to do it because I can't find the document. Could you give me some information on how to do this?Best,
mukai inside General Management Topics Sunday
views 257 6 1

migrate R75.40 to R80.30 Failed

migrate from R75.40 to R80.30Export succeeded with migrate toolImport to R80.30 failed and FWM process does not startContents of migrate log/opt/CPshrd-R80.30/log/migrate-xxxx・・[14 Oct 1:52:24] [ExecCommandGetOutput] Going to execute command: '/opt/CPsuite-R80.30/fw1/bin/upgrade_phase -d 41e821a0-3720-11e3-aa6e-0800200c9fde -s end'[14 Oct 2:10:51] [ExecCommandGetOutput] ERR: Command completed with error code 4[14 Oct 2:10:51] ..<-- ExecCommandGetOutput[14 Oct 2:10:51] [CommandRunner::exec] Command's output:-------------------------------------Failed to upgrade phase-------------------------------------[14 Oct 2:10:51] [CommandRunner::exec] ERR: Command execution had failed[14 Oct 2:10:51] .<-- CommandRunner::exec[14 Oct 2:10:51] <-- ConditionalExecutor::exec[14 Oct 2:10:51] [ActivitiesManager::exec] ERR: Activity 'ConditionalExecutor' failed[14 Oct 2:10:51] [ActivitiesManager::exec] WRN: Activities execution finished with errors[14 Oct 2:10:51] [ActivitiesManager::exec] WRN: Activities 'ConditionalExecutor' have failed[14 Oct 2:10:51] [ActivitiesManager::exec] Designated exit code is 1[14 Oct 2:10:51] --> CleanupManager::Instance[14 Oct 2:10:51] <-- CleanupManager::Instance[14 Oct 2:10:51] --> CleanupManager::DoCleanup[14 Oct 2:10:51] [CleanupManager::DoCleanup] Starting to perform cleanup[14 Oct 2:10:51] .--> DirCleaner::exec[14 Oct 2:10:51] [DirCleaner::exec] Going to remove directory '/opt/CPsuite-R80.30/fw1/tmp/migrate/'[14 Oct 2:10:51] .<-- DirCleaner::exec[14 Oct 2:10:51] .--> ImportFailureMarker::exec[14 Oct 2:10:51] [ImportFailureMarker::exec] Checking if cleaner is active[14 Oct 2:10:51] [ImportFailureMarker::exec] Cleaner is active, starting cleanup[14 Oct 2:10:51] [ImportFailureMarker::exec] Checking migrate's exit code[14 Oct 2:10:51] [ImportFailureMarker::exec] Migration had failed, creating a marker file[14 Oct 2:10:51] ..--> UpgradeMacroReplacer::Instance[14 Oct 2:10:51] ..<-- UpgradeMacroReplacer::Instance[14 Oct 2:10:51] [ImportFailureMarker::exec] Created a marker file[14 Oct 2:10:51] .<-- ImportFailureMarker::exec[14 Oct 2:10:51] [CleanupManager::DoCleanup] Completed the cleanup[14 Oct 2:10:51] <-- CleanupManager::DoCleanup end Please tell me the solution  
sir_impactor inside General Management Topics Saturday
views 193 1

VPN between Checkpoint and Mikrotik based on certificates

Greetings friends!I'm still new to the Checkpoint community. We just started integrating Checkpoint solution in our company. I have a question about VPN tunnels S2S.We have three offices (A, B, C). In each of the offices there is Internet and external static IPs. In offices A and B we use the Checkpoint Appliance 3100 with Gaia R80.10, and in office C we use Kerio Control gateway. VPN Site-2-Site are established between the three gateways (A, B, C) and this works "more or less", but this is not the case now.We have several small offices (D, E, F) (for example, warehouses and very small offices of 2-5 employees). These offices have an external dynamic IP address (DAIP). It’s expensive to buy Checkpoint solutions for these offices, but VPN is needed there.We decided to install other gateways in these offices - Mikrotik. And now we are trying to establish VPN between office B and D.As far as I know, if the remote gateway has an external dynamic IP address (DAIP), then VPN tunnel can only be established on the basis of certificates (Pre-shared secret does not work in this case).I found article on how to do this HowTo Set Up Certificate Based VPNs with Check Point Appliances  But this article describes how to do this if both gateways are Checkpoint.Using the information from this article and the "trial and error" method and a lot of a lot of Google, we almost managed to do it.In the IPSec settings for checkpoint, you need to specify for the second side (Mikrotik) only which certification authority issued the certificate and string with DN.However, in Mikrotik, to establish VPN tunnel, you need to specify both certificates, Mikrotik and remote gateway (Checkpoint). But I don’t understand how I can do export certificate from the Checkpoint gateway so that we can transfer it to Mikrotik.Can you tell me how to do this? Or maybe we chose the wrong path?Thanks in advance for your help.P.S. Sorry for my english.
ascent72 inside General Management Topics Saturday
views 167 4

Can't install Checkpoint R80.20 smartconsole on Windows 8.1 computer

 I am having issues installing smartconsole 80.20 on my computer(windows 81.). Downloaded the console exe(smartconsole.exe) from our management server.Installer(smartconsole.exe) keeps saying it is already installed on this machine. Please remove it and try again.When I try  to uninstall Checkpoint R80.20 smartconsole (Control Panel-Add/remove programs) installer says, 'it is not installed'. I can't repair it either How can I resolve this issue?  rebooted my computer couple of times(didn't help), no regedit entry either. However, it still seen in control panel  
MattDunn inside General Management Topics Friday
views 127 2

Management HA & Reporting

Hi everyone.  I'm looking for some advice and guidance please regarding Management HA and Event/Reporting.My customer currently has 2 sites.  The FW cluster is split across these sites, one member in each, and there is full replication of all other server at both sites - mostly VMware.  My SMS is running on VMware at Site 1.  The idea has always been that if there's a problem at Site 1, they can just spin that server up over at Site 2 and carry on.  Last week they had a problem affecting the VMware platform itself, so they lost the SMS (for a while) and also couldn't spin it up elsewhere.  So now they want to explore their options.Ordinarily I'd suggest Management HA, with the HA SMS running at Site 2.The thing that I can't figure out is what happens with Event & Reporting  (Currently in use on SMS 1)?Is it as easy as spinning up a HA SMS at site 2, ticking the Event & Reporting boxes and having the cluster log to both SMS's?Or in the case of Management HA is there a better way of handling Event/Reporting?  Because ultimately the customer will expect Event/Reporting HA too.Interested in your thoughts 😀Thanks,Matt

PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Can anybody shed some light on "PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement." as stated in the sk153152.

supporting SMB appliances

Will R80 support the SMB appliances such as the 1100 series?
Daniel_Taney inside General Management Topics Thursday
views 6449 17 3

Add Interfaces To VSX Bond Group?

Good Afternoon,I plan to add additional 10GB interfaces to an existing bond group in a VSX VSLS cluster. Is there any trick to doing this that may not be obvious? I planned on gracefully migrating all the VS's to a single cluster member using vsx_util vsls via the management server. Once failed over, I was going to issue a cpstop to the vacated Gateway to shut everything down.  Then, in CLISH run:add bonding group 0 interface eth1-03add bonding group 0 interface eth1-04add bonding group 0 interface eth2-03add bonding group 0 interface eth2-04After that, I was planning on rebooting the Gateway given its long uptime. Once it came back up, I was going to verify the cluster integrity with the new interfaces with cphaprob -a if.Then, rinse and repeat with the other cluster member.Is there anything else I need to do to make sure this goes as smoothly as possible?Thanks!Dan