cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Douglas_Rich
Douglas_Rich inside General Management Topics an hour ago
views 22 1

How to specity a Session Name and Description in a mgmt_cli publish

I can't seem to find the syntax anywhere for adding a session name and description so that I can publish from the cli. Any help would be appreciated. mgmt_cli publish -s id.txt---------------------------------------------Time: [18:46:50] 20/8/2019---------------------------------------------"Publish operation" failed (100%)tasks:- task-id: "01234567-89ab-cdef-b80c-135154317141"task-name: "Publish operation"status: "failed"progress-percentage: 100suppressed: falsetask-details:- fault-message: "Publish cannot be performed without entering a session name and description."
sukrui
sukrui inside General Management Topics 2 hours ago
views 8

Power supply status dummy

I have 5600 appliance with version R80.20.it has two power supply.When I look with command below ,it says dummy both of them. What can I do about that?[Expert@Gateway:0]# cpstat os -f power_supplyPower Supply--------------|Index|Status|--------------| 1|Dummy || 2|Dummy |--------------
PhoneBoy
inside General Management Topics 7 hours ago
views 112310 40 132
Admin

R80.x Training Videos

These videos were recorded originally for our partners by Jim Oqvist, but CheckMates members can now access this exclusive content! Introduction Duration R80 Management Training Introduction LITHIUM.OoyalaPlayer.addVideo('https:\/\/player.ooyala.com\/static\/v4\/production\/', 'lia-vid-hoNWpnaDE6yhvyj8O5mAWQnPpaZuYM19w900h720r943', 'hoNWpnaDE6yhvyj8O5mAWQnPpaZuYM19', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"900px","height":"720px"});(view in My Videos) Please note that Ravello blueprints have been discontinued and are no longer available.Most of the labs can be done with the Cloud Demo Mode in R80.x SmartConsole. 00:03:07 Module 1: Introduction to Security Management R80 Management Training Lesson 1 - Big Picture‌ 00:38:50 R80 Management Training Lesson 2 - Installation‌ 00:33:30 R80 Management Training Lesson 3 - SmartConsole‌ 00:46:50 Module 2: Enhance the Way You Manage Policies R80 Management Training Lesson 4 - Access Control‌ 00:46:30 R80 Management Training Lesson 5 Threat Prevention Policy‌ 00:30:00 R80 Management Training Lesson 6 - Management API‌ 00:45:45 R80 Management Training Lesson 7 - Logs & Monitoring‌ 00:35:35 Module 3: Multi-Domain Management and Migration to R80 R80 Management Training Lesson 8 - MDSM‌ 00:15:00 R80 Management Training Lesson 9 - Migration‌ 00:13:15
Rafael_Lima1
Rafael_Lima1 inside General Management Topics 11 hours ago
views 1037 16

Legitimate traffic being blocked - R80.20

After migration to R80.20 we are having a legitimate traffic being blocked, filtering via "fw ctl zdebug drop", we receive the following log:@;2731325746;[cpu_9];[fw4_2];fw_log_drop_ex: Packet proto=6 x.x.x.x:45242 -> y.y.y.y:443 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: internal - reject enabledWe opened a SR and passed us the SK33328, which was done but did not work, we still have connection problems sometimes.The traffic is from an apache server to an nginx, TCP / 443Anyone else went through this and could help?
paulastya
paulastya inside General Management Topics 11 hours ago
views 126 7

Upgrading the Checkpoint VSX cluster (VSLS) from R77.30 to R80.10 with Clean install

We are going to upgrade the Checkpoint VSX Cluster from R77.30 to R80.10 with a clean install on a 13500 appliances. The Management Gateway is already upgraded to R80.20 version. My question is can we do the clean installation of VSX cluster using the CPUSE ?While checking the documentation I found the following, From R75.40, R75.45, R75.46, R75.47, R75.40VS, R76, R77, R77.10, R77.20, R77.30 to R80.10:ComponentSupported MethodsSecurity Management ServerCPUSE UpgradeCPUSE Clean InstallAdvanced Database MigrationMulti-Domain ServerSecurity GatewayCPUSE UpgradeCPUSE Clean InstallVSXCPUSE Upgrade (from R77 only)Earlier versions: Use instructions in sk101518CloudGuard ControllerCPUSE Upgrade (from R77.30 only) So, the documentation says that CPUSE upgrade is possible not clarified about the Clean installation.
Ravindra_Katrag
Ravindra_Katrag inside General Management Topics 14 hours ago
views 55 1

Admin Not to be Blocked in Case of DOS

HiI am running a Compliance Check on all of My Checkpoint Firewalls. I am running R77.30 on all appliances (Management + Gateway)I would like to know if there is any way to Setup "Admin" not to be blocked in case of a DOS
Ravindra_Katrag
Ravindra_Katrag inside General Management Topics yesterday
views 3244 6

SSH Version Check

helloI am new to checkpoint and I would like to know how can I check which SSH version is being configured in the checkpoint devices.Currently I have VSX clusters running R75.40VS and R77.30.Usually, if I want to check the SSH version I can change SSH protocol version in putty to 1 and try to login to the VSX device.But if I want to check which SSH version that is allowed in the VSX devices, How Can I do that?Also, if I want to configure SSH Version 1 on the VSX device how can i do that?Your Help would be much appreciated.
Kamil_Kolo
Kamil_Kolo inside General Management Topics yesterday
views 143 3

Updating to R80.20 Jumbo Hotifx Take 87 loses SSH capability

When I updated the management server to R80.20 Jumbo Hotfix Accumulator General Availability (Take 87), I lose the ability to SSH to the Management server. I can gain the access to the SSH login, but as soon as I enter the "login as:" credential, it immediately closes the putty session. Please keep in mind that this environment is in AWS and requires a ppk file (putty generated private key from pem file) in order to access the SSH session. Is there some kind of error with a known hosts file with putty sessions or some other issue that I am running into? The session drops after this and never enters the cli prompt:
Daniel_Taney
Daniel_Taney inside General Management Topics yesterday
views 814 3

PDP/PEP Identity Sharing Not In Sync?

I will likely open a TAC case on this, but we noticed today that one GW using identity sharing today seems to not be fully in sync with the PDP. For example, if I run pep show user all |grep <username> on the PDP, I am able to see a record existing for that user. However, when I go to the GW acting as the PEP, the same command returns no entries. It seems completely random as to the users impacted, but it is definitely messing with some App Control rules from working!I've tried using pdp update all and pdp control sync to try to force updates. I have also tried pushing policy again to both GW. Has anyone else ever seen this? Are they any other commands or troubleshooting recommended before possibly engaging TAC?From the PDP Gateway:pep show pdp allCommand: root->show->pdp->all-----------------------------------------------------------------------| Direction | IP | ID | Status | Users | Connect time |-----------------------------------------------------------------------| Incoming | 127.0.0.1 | 0 | Connected | 460 | 21Feb2019 6:16:33 |-----------------------------------------------------------------------From the PEP Gateway with Identity Sharing enabled to sync identities with the GW above:pep show pdp allCommand: root->show->pdp->all-------------------------------------------------------------------------| Direction | IP | ID | Status | Users | Connect time |-------------------------------------------------------------------------| Incoming | IP OF PDP GW | 0 | Connected | 391 | 8Apr2019 5:25:44 |-------------------------------------------------------------------------| Incoming | 127.0.0.1 | 0 | Connected | 0 | 8Apr2019 5:16:48 |-------------------------------------------------------------------------| Outgoing | IP OF PDP GW | 0 | Connected | N/A | 8Apr2019 5:17:08 |-------------------------------------------------------------------------
kfirash
kfirash inside General Management Topics yesterday
views 35

Proxy ARP on Checkpoint R80.10

Hi,After Upgrading our gateways and management to r80.10 we start facing with a wired problem.The gateway doesn't send arp reply to the router and we have to configure manually proxy-arp on GAIA.i wonder if it's related only to the version itself or if there is any configuration or hotfix that can solve this issue. We Don't use Automatic NAT for network and we using static NAT for specific external resources and hide nat for LAN group . Enable Check Point ClusterXL for Bridge Active/Standby...==========================================================Check Point ClusterXL for Bridge Active/Standby is currently disabled.
sukrui
sukrui inside General Management Topics Sunday
views 80 1

Appliance Sizing with https inspection

Hello all,I have open server firewall with version R77.30 in distributed environment. We are using full NGTP spesifications without https inspection now.When I run cpsizeme on open server, appliance sizing tool recommends 5600 appliance(utilization:%15-25) and 6500 appliance(utilization %10-20). But sk88160 say cpsizeme is not supported on open platforms, so is that recommendetions wrong?Also we want to migrate this open server to checkpoint appliances. And then we will upgrade the version to R80.20 and will use https inspeciton. According to this new situation which appliance will we select ?
Ants
Ants inside General Management Topics Friday
views 109 2

Custom Gaia Script not working

Hi All,So.. I am trying to do a simple script copy task and need a second pair of eyes please as i cannot get it working..My goal is to set a cron task to run a script once a day and copy the newest file (pdf reports automatically created daily) from folderA (MY_DIR) to folderB (DEST) on the R80.10 CMA (logged in as admin)---------------------------------------------#!/bin/bashMY_DIR="/var/tmp/"DEST="/home/admin/"FILEEXT="pdf"NEWEST=`ls -tr1d "${MY_DIR}"*.${FILEEXT} | tail -1`if [ -z "${NEWEST}" ] ; thenecho "No file to copy"exit 1elseecho "Copying ${NEWEST}"cp -p "${NEWEST}" "${DEST}"fi---------------------------------------------but when running the script i get the following error..[Expert@CMA:0]# ./sascopy.shCopying ls -tr1d "${MY_DIR}"=*.${FILEEXT} | tail -1cp: cannot stat `ls -tr1d "${MY_DIR}"=*.${FILEEXT} | tail -1': No such file or directory[Expert@CMA:0]#If I run 'ls -tr1d /var/tmp/ | tail -1' manually I can see the file and output is the full dir listing.I suspect this line here to be the problem.. NEWEST=`ls -tr1d "${MY_DIR}"*.${FILEEXT} | tail -1`thanks in advanceants
Marco_Valenti
Marco_Valenti inside General Management Topics Wednesday
views 958 4 2

audit log

Hey allHas anyone encountered this issue before? searching through the changes in audit log seems that the number of security rule involved by the change is not reported , if you copy the entire message from the audit log you can have a rule uid but is not a very "fast way" to retrieve this information.Thanks in advance
Vincent_Bacher
Vincent_Bacher inside General Management Topics Wednesday
views 29833 20 8

Will (Smart)Workflow come back?

Hello together,i am wondering if there are any news, if and when (Smart)Workflow will come back.Does anybody have news about that?Best regardsVincent
kmadhura15
kmadhura15 inside General Management Topics Tuesday
views 102 2

TCP connection failure port=18191 [error no. 10]

Hello,I have a setup with two gateways in a cluster. The management interfaces of the gateways and SMS are in the range of 62.112.170.x. They are running on R80.10. I added a static NAT to an object in the 10.253.100.x range for the standby gateway, which would NAT the IP to IP address of management interface of standby server. I pushed the policy and after that for any policy I try to push, I get the error for tcp connection failure. I am not able to make any changes now since they cannot be applied to the standby gateway anymore. Any suggestions on how to solve this issue?