cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Leandro_Nicolet
Leandro_Nicolet inside General Management Topics 13 hours ago
views 841 8

Reverting back an upgrade to R80.10 from R77.30

Hi folks.I'm in the middle of testing the upgrade steps required to get our R77.30 VSX Gateways from R77.30 to R80.10We've already done the management side which is already on R80.10. I've tested upgrading a gateway (all be it in VMware) using vsx_util upgrade on the management side and cpuse on the gateway side which is all fine.What i'm really struggling to find are procedures for rolling back if we need to, so my question is.... is it possible to uninstall or revert back to R77.30 on the gateway ?

How to tell SIC Reset NOT to fetch topology

When upgrading our R77 gateways to R80.20 using blink, we have to Reset the SIC. When doing this on the R80.20 SmartCenter, the SmartCenter fetches the topology from the gateway and re-arranges the Antispoofing definitions, which is highly undesirable. Is there a way to prevent that the SmartCenter fetches the topology
Marcel_Wildenbe
Marcel_Wildenbe inside General Management Topics yesterday
views 3056 30 3

upgrade to R80.20 failed

Hi CheckMates,Last night, I have tried to upgrade our MDS from R80.10 to R80.20.I have ran into a few issues, but the most aggravating was when the installer got stuck and I had to reboot in order to get any further, the snapshot that was made by the installer was not removed and a new attempt is telling me there is no free space enough.CP support tells me to run MDS export, do a fresh install en import, but I would like to avoid the hassle and just remove the LV.Can I remove this Logical Volume and if so, how do I do that?It is GAIA running on VMware 5.5. So it is using LVM for Snapshots. "show snapshots" is showing no snapshots, but lvm_manager shows me lv_fcd_new of 300 GB, non configurable, containing: Factory defaults volume, which was not present prior to the upgrade.

how to Check Managed Gateway quota

GreetingsI'm looking for some commands to show Exactly how many GW are being managed from the SM view .I need this to compare with the Licensing capabilities of my mgmt .The count is quite simple with "normal" gw and clusters but it could be quite tricky in enviroment with VSX .The best command i've found is:cplic check -p fw1 -c cluster-1But i'm not sure this is showing Exactly the count i need .Any suggestions?

Upgrade and integrate from cloud to onprem management

Hi, I have an Azure deployment with mgmt and 2 x VMSS gateways in the cloud. I also have an on-prem mgmt, managing multiple gateway types including NSX and physical gateways.Mgmt on-prem is r80.10 - Critical deviceMgmt in the cloud is r80.20 take 47 - to be decommissionedIs there a process I should be taken to perform this upgrade of the on-prem to r80.20 and then integrating with my Azure environment in order to manage the VMSS gateways?Any help would be great.Thanks,E

SmartMove Index was out of range error for Netscreen

Doing some testing with the SmartMove tool. Ran a couple SRX configs (xml format) through it and had no issues. but when testing Netscreen configs (txt format) get "Index was out of range. Must be non-negative and less than the size of the collection" . This happens almost immediately when the tool starts running and provides no logs. so it's hard to try to figure what is causing the problem. Looked around and couldn't find any information so any info would be appreciated
Sarayut_Romsuk
Sarayut_Romsuk inside General Management Topics yesterday
views 2342 9 1

Can't install policy due to gateways obj don't show in policy target

After my customer restored backup by use upgrade_import to new Mgmt(Gaia R77.30), They can't install policy because Firewall gateways object don't show up in policy target. Please advise me to solved this issues.Note: Sic status is communicating / SMS can ping to the gateways as normal.I tried with SK77821 already but no luck.Look like gateway object don't show in Smartview monitor too.

Endpoint device license management

We constantly seem to be going over the number of allotted licenses we have for our company which made my director question how Check Point manages licenses. I seem unable to find this information on my own. How does Check Point count endpoint devices and how do I know old devices that have been removed from our network aren't still being counted as taking up a license?
Blason_R
Blason_R inside General Management Topics Tuesday
views 2868 13

Captive portal for linux SSH or Terminal windows

Hi there,Is anyone aware if any mechanism exists to leverage Identity awareness when I would like to pass through Firewall with captive Portal enabled while using SSH or Linux with no GUI Terminal?With browser Yes it's pretty much possible; but what if the GUI is not available? Thanks and Regards,Blason R
Josh_Dill
Josh_Dill inside General Management Topics Tuesday
views 91 2

Identity Awareness setup

Hi All,I will be setting up Identity Awareness in an R80.10 MDS environment. We will be using Identity collects to communicate with the DCs and provide what is in the security logs to the firewall. After reading the documentation I have some questions regarding setup and usage. Thanks in advance: 1) I have read the following identity collection requirement:"Identity collector provides information about users, machines and IP addresses to the Security Gateway. LDAP Account Unit(s) should be configured to allow PDP gateways to perform group lookups on IDs that are provided from Identity Collector to match them to Access Roles." If an account unit is created in the domain (checkpoint local domain NOT active directory) and applied to the firewall object under firewall properties - others - user directory. Is that all I need to perform this requirement?2) There is no way to apply an account unit I created in global directory (at least not that I can find). Does this mean I cannot use global rules with identity awareness since the global account unit would not be assigned to the firewall to perform global lookups? 3) Is there anyway to create rules for individual users opposed to groups? Thanks,Josh
Hugo_vd_Kooij
Hugo_vd_Kooij inside General Management Topics Tuesday
views 100 1 2

A request for an in-depth session on the backend of R80

Hi, When I read articles like sk157932 : "Accept" traffic statistics are not displayed in the Access Control view then I could appreciate a session about how the backend things are designed and how they interact. This article explains some of it but I think a in-depth session on Check Mates would be a good idea to understand a lot more of how everything works in the backend where al the data is stored. I can deduct a lot from seperate articles but puttin g it all together would a good idea in my view. Let me know your thoughts on this. Regards, Hugo.
Sumedh_Gujar
Sumedh_Gujar inside General Management Topics Tuesday
views 502 9 1

Behavior of HA cluster when SYN link is down

Hi,I am bit confused in behavior of HA cluster. We have configured HA cluster between our 2 firewalls (12400 and R77.30). We have point to point link between these 2 firewalls for syncing. When this link goes down our Active firewall goes to down state and Standby firewall goes to Active state, which we can see in cphaprob stat command. I just want to confirm whether this is the normal behavior of Checkpoint firewalls in HA mode. Or like Cisco HSRP, both firewalls should go to Active Active mode. Thank youSumedh

IPS change management - Help needed

Hi all,we've recently upgraded out managment and logging servers from R77.30 to R80.20 (gateways are still on R77.30). With R77.30 we've used a simple MS Excel based change management tool to document all of our changes and exceptions in the IPS System.We've simply marked and copied the changed protections from the R77.30 dashboard to a text file and used a script to import to excel. This was an easy way to keep a time track to our changes. Since I can't copy any content from the R80.20 SmartConsole this solution isn't working any more and I try to figure out a simple way how to keep a time track of our IPS changes and get the data into our Excel chart again.I've learned the R80.20 has new automation APIs but to be honest - I'm a noob on that.Any ideas?Many thx
Vincent_Bacher
Vincent_Bacher inside General Management Topics Monday
views 29070 15 8

Will (Smart)Workflow come back?

Hello together,i am wondering if there are any news, if and when (Smart)Workflow will come back.Does anybody have news about that?Best regardsVincent
Heath_Mote
Heath_Mote inside General Management Topics Monday
views 2794 12

R80.20.M2 Management - Finalizing Stuck at 99% During Policy Installs

Setup is 2x Management Server 5150 with dedicated SmartEvent server all running R80.20.M2 pushing policy to a single 5800 HA ClusterXL setup all running R80.10. The management and cluster are located at the same site. The access/threat policy takes less than 3 minutes to succeed on the cluster but the 99% finalizing status takes a very long time to complete. I've just pushed a policy and it again finished in 3 minutes but has been stuck at 99% finalizing for the past 45 minutes... Is anyone else experiencing this after updating your management to R80.20.M2 or R80.20 in general?