cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

kb1
kb1 inside General Management Topics 40m ago
views 23 1

can anyone share a document related to troubleshooting of management servers?

Was on a troubleshooting session with checkpoint and she seemed to use a bunch of complicated commands which i could not make notes of for the management server, apparently there was a solr service issue with the primary server and she issued a bunch of commands to find that out and then ultimately restart that process(there was also apparently a problem with cpm and she found that out by issuing another complicated command since when i used cpwd_admin list it showed cpm running so this part confuses the heck out of me) and then used a lot of other commands to make sure the servers are successfully synced with each other, so would be helpful if i get a document(im assuming all of this is CCSE level) that would state all complicated commands along with the explanation. Regards.
Dima_M
inside General Management Topics 2 hours ago
views 20
Employee+

Domain Backup and Migration in R80.x

Hi all, Wanted to inform everybody that Domain Backup and Migration capabilities we introduced in R80.40 are now available in R80.20 and R80.30 Jumbo Hotfix Accumulator (R80.20 take 117; R80.30 take 135) Supported capabilities are: Backup and restore an individual Domain Management Server on a Multi-Domain Server. Migrate a Multi-Domain Security Management from one Multi-Domain Server to a different Multi-Domain Server. Migrate a Security Management Server to become a Domain Management Server on a Multi-Domain Server. Migrate a Domain Management Server to become a Security Management Server. All details are in Installation and Upgrade guides: 30 Installation and Upgrade Guide 20 Installation and Upgrade Guide API reference R80.20 migrate-export-domain and migrate-import-domain R80.30 migrate-export-domain and migrate-import-domain  
fw_ctl
fw_ctl inside General Management Topics 3 hours ago
views 132 7

Best (simplest) way to export policy from old CMA to new all R80.20

As above - I have a requirement to migrate a policy package (Gaia config not important) from existing CMA in MDS domain #1 to new CMA in domain#2. (same mds)I have looked into multiple methods, such as ofiller/dumper, cp_merge, etc etc. What are peoples tried and tested method as i don't see an official SK or supported methodology.    
FXE
FXE inside General Management Topics 6 hours ago
views 246 5

Migrating VM to Smart-1

Hi, I would like to know how can I migrate my VM management server to a Smart-1 hardware.It will be in the same version, I just want to make my management sever from VM to a hardware based.Thanks
Nick_Doropoulos
Nick_Doropoulos inside General Management Topics 10 hours ago
views 79 6

Integration between Sandblast Mobile and Endpoint Security Manager

In the interest of having visibility of all endpoints in a single pane of glass (traditional on-prem workstations and mobile devices alike) would it be possible to integrate Sandblast Mobile's central dashboard with that of the Endpoint Security Management server so that full visibility of all endpoints can be achieved on the latter?Many thanks in advance.
Daniel_Taney
Daniel_Taney inside General Management Topics 11 hours ago
views 119 3

SMS Management Container License Utilization?

Pretty basic question that I couldn't find a concrete answer to on my own... Is there a way to see an accurate count of your consumption of a Management Container License. For example, if the container is for 25 GW's, I'd like to see how close I am to hitting that ceiling. At first glance, the obvious answer would be to just count the objects under "Gateways & Servers", but it is my understanding things like Clustered GWs, VSX Clusters & Objects (Virtual Switches, Routers) and Gateways in Scale Sets all may be counted or treated differently.  Thanks! Dan

Can we migrate checkpoint management server r80.30 from Open Server to Checkpoint Smart-1

Hello Everyone! Can you please tell me or share me the link, to migrate checkpoint management server from OPEN SERVER to Checkpoint SMART-1Thank You. 
kb1
kb1 inside General Management Topics Friday
views 124 6

Smartconsole mgmt server issue

smartconsole doesnot detect the primary mgmt server.Tried restarting checkpoint services on both the mgmt servers also tried reboot on both but it does not seem to work, will attach the screenshot of the error.Created a service request with checkpoint but in the mean time before they call me it would be great if i could get some other troubleshooting tips.Will be attaching the screenshot as well.And also im able to connect to the mgmt server using putty, also just recieved a mail from the proficio team (its a siem tool) that they cannot connect to the mgmt server as well which is probably related to this issue.Thank you.
kb1
kb1 inside General Management Topics Friday
views 262 7

Sic issue for new firewall!!!!!Helpppp!!

So i was given a new firewall to configure, will be attaching the screenshot of the issue as well, its a checkpoint 1550 appliance and for some reason there seems to be an sic issue, im able to establish trust between the firewall the management server(primary) but when i click "Test SIC Status" then it shows "Peer sent wrong DN" , what on earth is going on? I tried resetting SIC numerous times but to no avail. So because of this SIC issue im not able to "get interfaces" for the topology and cannot install policy on the firewall as well!!   The error is shown above! Help!!This firewall is using R80.20 and the mgmt servers are using R80.20 as well.
Anu_Cherian
Anu_Cherian inside General Management Topics Friday
views 23056 36 2

Site to Site VPN between Checkpoint and Palo Alto Firewalls

Hi All,We have a requirement to setup Site-to-Site vpn between our Checkpoint FW and customer Palo Alto FW. I have created one, but the issue is IKE phase 2 fails. I have confirmed the negotiation parameters with my customer engineer and it looks like everything is in order. What could be the possible issue?I used VPN tu and SmartView  monitor to view but to no success. Any advices will be highly appreciatedThank you so much
Solanin
Solanin inside General Management Topics Thursday
views 121 2

Security management server (HA) upgrade R80 to R80.30

Hello,I'm looking for a doc with the best practice for upgrading security management server ( R80 to R80.30).One is the primary server, the other one is the secondary.My biggest concerns:- Is there any prerequisite before upgrading aside doing a back up.- Which server upgrading first , primary or secondary- Is there anything to after both primary and secondary are upgraded ?Kind regards

CPM_DB_SIZE Management

Hello Check Mates! I run the cpm doctor script on the management server and output suggestion is 10GB for CPM_DB_SIZE but our management is greater than this value.And CP suggests to apply actions from sk156833.When i search this SK's on the internet , I could not find anything.If you have any suggestions to decrease  CPM_DB_SIZE values without damage production environment.I really want to hear that.Regards. 
varo08
varo08 inside General Management Topics Thursday
views 215 6

Issues with a scheduled backup

Hello guys, I have a customer who is having troubles when the scheduled backup is running. Sometimes it works and sometimes it doesn´t. The partition is around 66% so it is not a /var/log partition problem. As per the sk121212, it might be the TAR version 1.26 who is caussing issues and it suggests to downgrade the version to 1.15.1. The thing is that it does not say how to do it. Can someone knows the proceed to do it? Thank you and regards. 
Juan_Concepcion
Juan_Concepcion inside General Management Topics Thursday
views 749 4 1

Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

R80.10 ManagerR80.10 VSX with handful of virtual systems1 Virtual System is handling Endpoint Security VPN:Allow to route through gateway is setRoute through gateway is forced via global properties settingsipchicken confirm public ip is that of gatewayRule that reads:src: vpn_pooldst: InternetURL Category attempting to blockAction Block/UserCheck MessageIssue: App/URL Policy is not applied to these users even though they are routing through gateway, is this expected behavior? 

Smartconsole Admin Account - wrong password

Hi, have had a problem a few times with different versions of R80 where some admins on Smartconsole cannot login and you can see wrong password in the logs. The account is set not to expire and does not appear locked out until the enter the password a few times, problem is the user has not changed the password. You have to then logon with he original smartconsole admin and rest passwords. It happened once to all admins and couple of times with random admins.I think it might have coincided with upgrades and reboots of the management server, anyone else having this issue?