cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Don_Paterson
Don_Paterson inside General Management Topics 15 hours ago
views 247 6 1

Legacy SmartConsole Apps

Its about the SmartUpdate, SmartEvent, SmartView Monitor and SmartDashboard (and dare I say SmartView Tracker) legacy apps.When will they be fully consolidated into the R80.x SmartConsole? (not asking about SmartView Tracker in this instance).In the meantime it could perhaps be beneficial to have the launch options (links) all grouped together in one place, perhaps the Application Menu, as is the case with SmartUpdate (although the legacy app name is not exposed)?Of course the existing links in their current locations are valid and only a short orientation period is required to learn them but to give the optimisation and efficiency in administration the links grouped together might be better for now.Don

import https inspection inbound certificate by mgmt_cli

dear checkmates,we are using free ssl certificate for our https inspection and we needs to renew every 60 days the inbound certificate used for https inpection, we would like to reimport automatically ,or via script, the certificates inside the management. can you suggest us a way using API or mgmt_cli command? if it exists.thanks
Philipp_Schiff
Philipp_Schiff inside General Management Topics 18 hours ago
views 358 7

Upgrade to R80.20 M1 from R80.10

Hi,I tried an upgrade on VMWare Workstation from a clean install of R80.10.I just imported the customer's database and then upgraded via CPUSE to R80.20 M1.After installation the machine reboots but get stuck at the boot menu. If I follow the instructions i come into a loop and then I'm back at that screen again.Anyone else had this?Thanks,Philipp
Ryan_St__Germai
Ryan_St__Germai inside General Management Topics 19 hours ago
views 433 4 2

R80.20 Gaia 3.10 and IPv6

I noticed that a known limitation of the 3.10 kernel is no IPv6 support. We are planning on doing a fresh install of this release on new hardware in the coming months. While we do not actually use IPv6 we do have IPv6 addresses assigned to our gateways and several objects along with their IPv4 addresses. We were previously in the process of migrating but hit a snag with our upstream provider. Since 3.10 does not support IPv6 will we run into issues when migrating to the new hardware or will we not have an issue since we dont actually process IPv6 traffic just have IPv6 addresses assigned?I guess simple answer is remove the IPv6 addresses. When we do eventually migrate to IPv6 it would be nice to not have to re-add the addresses though.Thanks!
Blason_R
Blason_R inside General Management Topics 23 hours ago
views 95 8

Upgrade R77.30 to R80.10 Database Import issue

Hi Team,I am facing an issue while importing database for upgrade in R77.30. This is I am importing database from R77.30 to R77.30 and below is the error messages. Can someone pls help? [24 Jun 11:39:29] [ExecCommandGetOutput] ERR: Command completed with error code 1[24 Jun 11:39:29] ...<-- ExecCommandGetOutput[24 Jun 11:39:29] [CommandRunner::exec] Command's output:-------------------------------------Execution finished with errors. See log file '/opt/CPshrd-R77/log/PItpi-import_install.elg' for further detailsExecution has finished-------------------------------------[24 Jun 11:39:29] [CommandRunner::exec] ERR: Command execution had failed[24 Jun 11:39:29] ..<-- CommandRunner::exec[24 Jun 11:39:29] .<-- PluginsInstallationRunner::InstallPlugin[24 Jun 11:39:29] [PluginsInstallationRunner::exec] ERR: Failed to install plugin[24 Jun 11:39:29] <-- PluginsInstallationRunner::exec[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginsInstallationRunner' failed[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginsInstallationRunner' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1**************************************************[Expert@mgmt-server:0]# more /opt/CPshrd-R77/log/PItpi-import_install.elg[24 Jun 11:39:24][24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] ********************* Log session beginning *********************[24 Jun 11:39:24] *****************************************************************[24 Jun 11:39:24] [writeExecCommandTolog] Program executed as: /opt/CPPItpi-R77/bin/uacRunner -p PItpi -import_install[24 Jun 11:39:24] [writeEnvInfoToLog] Binary was build for Linux OS[24 Jun 11:39:24] [writeEnvInfoToLog] Management type of machine is 'Smc'[24 Jun 11:39:24] [writeOptionsToLog] Base name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Product name is: PItpi[24 Jun 11:39:24] [writeOptionsToLog] Main run flag is: -import_install[24 Jun 11:39:24] [writeOptionsToLog] Runner working directory is: /opt/CPPItpi-R77[24 Jun 11:39:24] [writeOptionsToLog] Main run option is of type: Default[24 Jun 11:39:24] [runDefaultActivities] Running default activities[24 Jun 11:39:24] [PluginSpecs::PluginSpecs] Initializing plugin specs with '/opt/CPPItpi-R77/conf/specs.conf'[24 Jun 11:39:24] [ActivitiesManager::exec] Starting activities execution[24 Jun 11:39:24] [ActivitiesManager::exec] Executing activity 'PluginDefaultDbMaker'[24 Jun 11:39:24] [copyPluginDBtoManagement] Removing directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi' if it exists[24 Jun 11:39:24] [copyPluginDBtoManagement] Creating directory '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] Copying plugin default directory from '/opt/CPPItpi-R77/conf/defaultDatabase' to '/opt/CPsuite-R77/fw1/conf/pluginDefault/_PItpi'[24 Jun 11:39:29] [copyPluginDBtoManagement] ERR: Failed to copy plugin default directory[24 Jun 11:39:29] [ActivitiesManager::exec] ERR: Activity 'PluginDefaultDbMaker' failed[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back previous activities[24 Jun 11:39:29] [ActivitiesManager::exec] Rolling back activity 'PluginDefaultDbMaker'[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities execution finished with errors[24 Jun 11:39:29] [ActivitiesManager::exec] WRN: Activities 'PluginDefaultDbMaker' have failed[24 Jun 11:39:29] [ActivitiesManager::exec] Designated exit code is 1
DFR_
DFR_ inside General Management Topics yesterday
views 51

Site-Site Tunnel with NAT to a second Tunnel

Hello all,I'm in no way a experienced admin of Check Point, this is a situation that I was tasked with because no one else would take it.I'm used to work with palo and asa devices, so I might be missing something here.This is the basic layout: Due to whatever policies, 10.13.1.x can't be connected directly to 1.1.1.1, so the solution was to create the tunnel between devices 1 and 2.Device 1 is a Fortinet that I have no control over.The tunnel between device 2 and 10.13.1.x already exists and is ok.I have assigned 172.31.221.201 to a internal interface on device 2, that is a Check Point device, and created access and nat rules that I can see applied on logs when I telnet one of the allowed ports from 10.13.1.11 to 172.31.201.82Phase 1 is ok, but the admin of device 1 says it sees device 2 trying to negotiate the 10.13.1.x subnet but not 172.31.221.x on phase 2. Is there any way I can force 2 to negotiate only the wanted subnet?Should I create a new gateway object for this new tunnel and set the topology to this address? On a palo device I would create a new IKE gateway for each tunnel I want to establish. Is this the same logic on Check Point?Thank you for any help you provide.
HitManExp
HitManExp inside General Management Topics yesterday
views 43

R77.30 - rpm command is not working.

Hello guys, i need help with "rpm" command. If i started command 'rpm -qa ntp' causes session to hang indefinitely. How can i check, what wrong with this command?
Vladimir
Vladimir inside General Management Topics yesterday
views 3086 16 1

Behavior of the subscription blade policies after expiration

Please advise on how are the policies and rules created for IPS, DLP, AV, AB, APPC, URLF, etc., will behave should the client's subscription lapse.Thank you,Vladimir

System Recovery GAIA R77.30 on HW / Appliance Model: 4200.

There is a system failure on the Security Gateway. After a reboot, the gateway does not function. How can I restore the file system to a stable state and not lose the current system configuration (For example, interfaces, routing, hostname)? We do not have backups of the system before this fault.* Software Product Line: Security Gateway* HW/Appliance Type: Enterprise Appliances* HW/Appliance Model: 4200* Operating System: Gaia* Version: R77.30

no session-name with Ansible playbook

Hello everyone,I would want to have the session name appear in the audit logs when pushing or publishing changes with the web-services API via Ansible.Basically, what is done automatically when publishing in SmartConsole (see Capture.PNG).However, session name is not set when using the session-name parameter in the login command (see Capture2.PNG), and therefore not in the logs neither (Capture3.PNG)This is the login task I use (I want the session to use the ansible user and date, as well as a change ticket that the user will be prompted for):- name: login into SmartConsole API check_point_mgmt: command: login parameters: username: "{{ cpuser }}" password: "{{ cppassword }}" management: "{{ cpserver }}" session-name: "{{ change_ticket | upper }} - {{ ansible_user_id | lower}} - {{ ansible_date_time.date }}" fingerprint: "{{ cpfingerprint }}" register: login_responseThe session-name parameter is not rejected and the user is correctly logged in. It doesn't seem that the publish command permits to set a session name.My management station is 80.10 and Ansible is in version 2.7.10.What am I doing wrong? Or is it some kind of bug? I did not find doc about this outside ofI don't have the issue I use the mgmt_cli tool in expert mode (Capture4.PNG). Any help will be appreciated, thank you in advance.
mutyumu
mutyumu inside General Management Topics Sunday
views 74 2

Question regarding Security Gateway and Security Management Images

Hi,I'm new to the Check Point world and since I will have the opportunity to work with CP firewalls in my new job I wanted to do some labbing and reading.I'm using eve-ng and found this: https://www.eve-ng.net/documentation/howto-s/125-howto-add-checkpointSo after signing up here I downloaded three images:The one for R80.10 doesn't specify if it's for Security Gateway or Security Management. Is that one some sort of standalone image or perhaps it's just the Gateway?If it is a standalone image, is there something similar for R80.30? I realize that this might be a stupid question but I couldn't find any concrete information. Thanks.

R80.20 (mlm) log servers swapping

I have experienced a couple R80.20 MDS log servers swapping, this could include log servers as well. The customers have enough RAM, so the file system cache eats up about 60 % of available memory. Still the system swap is increasing slowly. We are using either GA or ongoing take JHF on both systems. The MDS is neither swapping nor using as much cache as the MLM.Anyone experiencing the same problem?Check your swap usage with free/top and sar: [Expert@mdlog:0]# free -m total used free shared buff/cache available Mem: 15921 5505 271 241 10144 9522 Swap: 8189 526 7663 [Expert@mlm:0]# for safile in $safiles; do sar -S -f "/var/log/sa/$safile" |grep Average|awk '{print $3}'; done 0 6160 28746 58714 27729 ... 411624 453370 495278 518524
lucafabbri365
lucafabbri365 inside General Management Topics Thursday
views 1050 4

Updatable objects - no longer available

Hello all,this morning I opened SmartConsole management (Check Point R80.20; Take 80 installed on Security Gateways) and I found Validations errors related to Updatable Objects:However, they are still present:I read the sk121877:1. Run unified_dl UPDATE ONLINE_SERVICES on Gateways; output:Entering mainloopUnified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]************************************************Got response : Request was completed successfullyGot Reason:************************************************Exiting mainloop2. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/; content:<?xml version='1.0' encoding='utf-8'?><RevisionInfo><Last_Revision>140619092032</Last_Revision></RevisionInfo>3. Content of Update_Status.dat:(:Last_Update_Status (3):Last_Update_Time (1560513301):Last_Update_Reason ():Success_Time (1560502924))4. google.C file under the folder $CPDIR/database/downloads/ONLINE_SERVICES/1.0/140619092032 contains valid Google Services references:(:CP_GGL_GGL (:parent ():uuid ("85bfe1b7-0581-3e89-a911-15e43ba0f7b4"):display_name ("Google Services"):icon ("@app/cp_ggl_ggl"):children (: (CP_GGL_GSuite): (CP_GGL_GCP))):CP_GGL_GSuite (:parent (CP_GGL_GGL):uuid ("3c0f0c1b-614d-3cdb-a47f-18995b9d6772"):display_name ("G Suite Services")...:CP_GGL_GCP (:parent (CP_GGL_GGL):uuid ("74ee9fa6-ac3a-3017-aed0-0d70abaefc40"):display_name ("Google Cloud Platform Services")...Any advice?Thank you,Luca
Sangeeth_N
Sangeeth_N inside General Management Topics a week ago
views 342 1

Error (User Center: unknown user name or password)

One of the gateways [running with Gaia R77.30] in cluster is in problem state because of showing the error - "Error (User Center: unknown user name or password)" in Smart Dashboard. I had came across the sk140712 which is for R80.10, R80.20. Is there anything related to R77.30 related to this issue.