Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

Andreas_Aust inside General Management Topics an hour ago
views 194 6 1

When will LSMcli support 1500 Appliance

Hi, is there a roadmap when LSMcli will support 1500 Appliance ?
Tbgaz inside General Management Topics 5 hours ago
views 44 1

Changing ISP - With/Without Topology

Hi,We are changing our backup ISP and we have got the process in place but just wanted to triple check that on the cluster object we select 'get interfaces without topology' after the IP change instead of 'with topology'. It's just a simple interface IP/NAT/ARP rule change. Having looked on here, it seems that 'with topology' isn't the way to go!
libin inside General Management Topics 9 hours ago
views 126 2

Mobile Access Role for Local users

Hi all,Regarding Unified Policy for Mobile Access, if I create access role with the local users. why should I integrate identity awareness in the gateway for the access role to work since here I am calling only the local users.Is it mandatory that the gateway should always connect to the AD for the access role which has local users or only for the first time identity awareness is required?
kb1 inside General Management Topics yesterday
views 38 2

Is there a way for me to find the application and associated ports being used by the firewalls?

so we have a bunch of firewall and since we dont have any records of the applications that arebeing used, im being tasked along with my colleague to find the port numbers associated with the applications used in the firewalls? we do use firemon here and i did generate a report for one of the firewalls here but i dont think it shows the ports for the applications, does firemon have that functionality if not how do i accomplish this task? i mean there are a 1000 applications or more being used and need to figure that out for each application so it definitely is a very tedious process.
David_Spencer inside General Management Topics yesterday
views 278 9 2

in.emaild.mta high cpu usage

I'm seeing extremely high CPU usage form the in.emaild.mta that past 2 days. No significant changes have been made. Currently it's consuming %120 of cpu (5400, dual core). I've tried rebooting and failing over.  I'm not seeing much in the queue when running >tecli show emulator queue, but there are 4 items that are stack in there (we are using cloud), cloud queue is rolling through fast as well. I'm a little lost as to why the cpu usage has shot up. looking at the logs we're not seeing any significant increase in mail traffic.   fw ctl multik stat ID | Active | CPU | Connections | Peak ---------------------------------------------- 0 | Yes | 1 | 4738 | 9502 1 | Yes | 0 | 4738 | 9609     
Tom_Cripps inside General Management Topics yesterday
views 199 8

Upgrading to R80.30 has caused one fw_worker to be stuck at 100%

Hi,Since our upgrade to 80.30, our standby member in our cluster has had a fw_worker stuck at 100% cpu, it isn't a particular fw_worker it can change, when one drops another one takes it place essentially. We're also now seeing that when we attempt policy installations we lose "GAiA" in essence as is presented with the raw Bash shell as you would see if booted in maintenance mode.Anything obvious stick out to anyone?Tom

Ansible task failing

Hello! I am trying to add an rule to the checkpoint management server (in AWS) through Ansible.If I use the module "cp_mgmt_access_rule" it gives me the error "Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center." I already installed the latest update, how can I solve this problem? Manager Node Environment: Centos 8, Ansible 2.9.2, Python 3.6.8 (Not using 2.7.9+ because of EOL)
inside General Management Topics yesterday
views 70 1

sic status issue

Hi Everyone,      Now found one issue that the SIC status is not normal sometimes. It shows "secure internal communication is not operational with "fwi2n". Verify that SIC is initailized or was not reset".  See below picture . And recovered automatically after a few minutes. The gateway and SMC both are R80.10 version. During the issue period, can't push policy to this gateway.  I tried to rest the SIC, still face same issue.     

CPM fail start

Someone could guide me through this problem.When I couldn't access the smartconsole, I checked the processes by running a cpwd_admin list and found that the cpm process is terminated. So I stopped it and when I started it it showed me the following error, which refers to the java libraries, I looked for information but I can't find anything to fix it.Regards.
ceyhun inside General Management Topics Thursday
views 120 1

Combining two different management server configurations

 I have the following structure.Location A => Management + Gateway (Cluster) (R77.30)Location B => Management + Gateway (Cluster) (R80.10)We want the management server at location A to be disabled and the structure at that location is managed from the Management server at location B.There are thousands of objects, many S2S and hundreds of NAT rules on the Management server at location A. How do we transfer objects on this management to management at location B, or how to plan scenario for the transition. I want to gather management on location Management Server at location B. How can I do that? I'm waiting for your comments and ideas. Finally, unfortunately I do not have an MDS license. Thanks

Strange log - Originating from against

Hi,I found a strange and recurring log "originating from against" for the blade IPS - see screenshotNo behavior, but a lot of this for all our firewall.Firewall and MGMT are running version R80.20 Any idea for that point ?Thanks,Arthur
Prince_Osei_Wia inside General Management Topics Thursday
views 6840 10 3

Having problem with my clusterXL: Error message "HA module not started" after cphaprob stat.

Cluster XL is enabled using cpconfig#cphaprob statHA module not started
Anu_Cherian inside General Management Topics Thursday
views 22074 31 1

Site to Site VPN between Checkpoint and Palo Alto Firewalls

Hi All,We have a requirement to setup Site-to-Site vpn between our Checkpoint FW and customer Palo Alto FW. I have created one, but the issue is IKE phase 2 fails. I have confirmed the negotiation parameters with my customer engineer and it looks like everything is in order. What could be the possible issue?I used VPN tu and SmartView  monitor to view but to no success. Any advices will be highly appreciatedThank you so much
kb1 inside General Management Topics Thursday
views 62 1

Can someone share a guide to migrate from one management server to a new one for R80.20

So the primay management server we have has been very problematic for us (its a smart-1 225 appliance ), the secondary is working fine, most of the time we would have problems with the primary as in there would be smartconsole connection issues, active/standby issues, etc so we are fed up with the server and are going to replace it with a new one, so want to know how the migration is done from the old one to new one in case im being tasked to do it, just need to be directed to the exact SK article or any other link that would show detailed steps on how to accomplish that.

How to control traffic from remote offices

Hi, I need some tips/recommendations how to control access from remote offices.Today one main headquarter with all servers behind with two 3200.20 small remote offices using 730 SMB firewalls with VPN to the 3200.I want to control so only Windows AD joined computers have full access through the vpn tunnel.All other devices should have limited access, for example printers, thin clients etc.I can see 3 different approaches:1. Control the vpn traffic in the 3200 firewall with user awareness.2. Control the vpn traffic in the 730 firewalls (I think they also have user awareness with an Active Directory connection)3. Setup 802.1x wired authentication in all remote switches and control the traffice with different vlans.What would you do and why?