cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
mukai
mukai inside General Management Topics yesterday
views 185 4

migrate R75.40 to R80.30 Failed

migrate from R75.40 to R80.30Export succeeded with migrate toolImport to R80.30 failed and FWM process does not startContents of migrate log/opt/CPshrd-R80.30/log/migrate-xxxx・・[14 Oct 1:52:24] [ExecCommandGetOutput] Going to execute command: '/opt/CPsuite-R80.30/fw1/bin/upgrade_phase -d 41e821a0-3720-11e3-aa6e-0800200c9fde -s end'[14 Oct 2:10:51] [ExecCommandGetOutput] ERR: Command completed with error code 4[14 Oct 2:10:51] ..<-- ExecCommandGetOutput[14 Oct 2:10:51] [CommandRunner::exec] Command's output:-------------------------------------Failed to upgrade phase-------------------------------------[14 Oct 2:10:51] [CommandRunner::exec] ERR: Command execution had failed[14 Oct 2:10:51] .<-- CommandRunner::exec[14 Oct 2:10:51] <-- ConditionalExecutor::exec[14 Oct 2:10:51] [ActivitiesManager::exec] ERR: Activity 'ConditionalExecutor' failed[14 Oct 2:10:51] [ActivitiesManager::exec] WRN: Activities execution finished with errors[14 Oct 2:10:51] [ActivitiesManager::exec] WRN: Activities 'ConditionalExecutor' have failed[14 Oct 2:10:51] [ActivitiesManager::exec] Designated exit code is 1[14 Oct 2:10:51] --> CleanupManager::Instance[14 Oct 2:10:51] <-- CleanupManager::Instance[14 Oct 2:10:51] --> CleanupManager::DoCleanup[14 Oct 2:10:51] [CleanupManager::DoCleanup] Starting to perform cleanup[14 Oct 2:10:51] .--> DirCleaner::exec[14 Oct 2:10:51] [DirCleaner::exec] Going to remove directory '/opt/CPsuite-R80.30/fw1/tmp/migrate/'[14 Oct 2:10:51] .<-- DirCleaner::exec[14 Oct 2:10:51] .--> ImportFailureMarker::exec[14 Oct 2:10:51] [ImportFailureMarker::exec] Checking if cleaner is active[14 Oct 2:10:51] [ImportFailureMarker::exec] Cleaner is active, starting cleanup[14 Oct 2:10:51] [ImportFailureMarker::exec] Checking migrate's exit code[14 Oct 2:10:51] [ImportFailureMarker::exec] Migration had failed, creating a marker file[14 Oct 2:10:51] ..--> UpgradeMacroReplacer::Instance[14 Oct 2:10:51] ..<-- UpgradeMacroReplacer::Instance[14 Oct 2:10:51] [ImportFailureMarker::exec] Created a marker file[14 Oct 2:10:51] .<-- ImportFailureMarker::exec[14 Oct 2:10:51] [CleanupManager::DoCleanup] Completed the cleanup[14 Oct 2:10:51] <-- CleanupManager::DoCleanup end Please tell me the solution  
ascent72
ascent72 inside General Management Topics yesterday
views 49 3

Can't install Checkpoint R80.20 smartconsole on Windows 8.1 computer

 I am having issues installing smartconsole 80.20 on my computer(windows 81.). Downloaded the console exe(smartconsole.exe) from our management server.Installer(smartconsole.exe) keeps saying it is already installed on this machine. Please remove it and try again.When I try  to uninstall Checkpoint R80.20 smartconsole (Control Panel-Add/remove programs) installer says, 'it is not installed'. I can't repair it either How can I resolve this issue?  rebooted my computer couple of times(didn't help), no regedit entry either. However, it still seen in control panel  
MattDunn
MattDunn inside General Management Topics yesterday
views 61 2

Management HA & Reporting

Hi everyone.  I'm looking for some advice and guidance please regarding Management HA and Event/Reporting.My customer currently has 2 sites.  The FW cluster is split across these sites, one member in each, and there is full replication of all other server at both sites - mostly VMware.  My SMS is running on VMware at Site 1.  The idea has always been that if there's a problem at Site 1, they can just spin that server up over at Site 2 and carry on.  Last week they had a problem affecting the VMware platform itself, so they lost the SMS (for a while) and also couldn't spin it up elsewhere.  So now they want to explore their options.Ordinarily I'd suggest Management HA, with the HA SMS running at Site 2.The thing that I can't figure out is what happens with Event & Reporting  (Currently in use on SMS 1)?Is it as easy as spinning up a HA SMS at site 2, ticking the Event & Reporting boxes and having the cluster log to both SMS's?Or in the case of Management HA is there a better way of handling Event/Reporting?  Because ultimately the customer will expect Event/Reporting HA too.Interested in your thoughts 😀Thanks,Matt

How to import file (network object setting)

Hi,We use R77.30 Security Gateway. I'm looking for a way to set network objects in bulk. I discovered that SmartDashboard has a way to import ckp files. However, I don't know how to do it because I can't find the document. Could you give me some information on how to do this?Best,
Andreas_Aust
Andreas_Aust inside General Management Topics yesterday
views 290 6

PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement.

Can anybody shed some light on "PMTR-23492, PRJ-2847 Added support for Internal CA certificate replacement." as stated in the sk153152.
Avigdor_Sharon
Avigdor_Sharon inside General Management Topics yesterday
views 544 5 1

supporting SMB appliances

Will R80 support the SMB appliances such as the 1100 series?
Daniel_Taney
Daniel_Taney inside General Management Topics Thursday
views 6429 17 3

Add Interfaces To VSX Bond Group?

Good Afternoon,I plan to add additional 10GB interfaces to an existing bond group in a VSX VSLS cluster. Is there any trick to doing this that may not be obvious? I planned on gracefully migrating all the VS's to a single cluster member using vsx_util vsls via the management server. Once failed over, I was going to issue a cpstop to the vacated Gateway to shut everything down.  Then, in CLISH run:add bonding group 0 interface eth1-03add bonding group 0 interface eth1-04add bonding group 0 interface eth2-03add bonding group 0 interface eth2-04After that, I was planning on rebooting the Gateway given its long uptime. Once it came back up, I was going to verify the cluster integrity with the new interfaces with cphaprob -a if.Then, rinse and repeat with the other cluster member.Is there anything else I need to do to make sure this goes as smoothly as possible?Thanks!Dan
Maarten_Sjouw
Maarten_Sjouw inside General Management Topics Thursday
views 1239 10 1

Multi-domain Admin user authentication to AD?

Is there a possibility to use ad AD connection to authenticate Admin users for a Multi Domain environment? Currently we use a TacAcs solution but this mean an additional server in between the MDS and the AD.
TOM_MORAN
TOM_MORAN inside General Management Topics Thursday
views 79 2

retrive logs from a firewall after Management station has been disconnected

Hi I have a log question. If the Management Station is disconnected from  the firewall due to  ISP outages, The firewall logs locally.When the Management station reconnects does it:1) download the local logs of the firewall automatically (I do not believe it does)2) do we have to download the logs manually ?    a) is there a procedure for this, noting obvious  Any help is appreciated    
Vlad_Tonne
inside General Management Topics Thursday
views 140 8 1
Employee

Web API - setting track level

Hi CheckMates,   Encountered an issue with Management API while creating a rule via Web API. Trying to set track level according to https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/set-access-rule~v1.5%20   , track field is able to receive "log"  (even though it seems not to be documented). However, it automatically switches on "Accounting" log feature as well. Trying to adjust the accounting setting results in an error.   Any thoughts how it can be resolved?   Sent payload that creates a rule with logging enabled plus accounting: payload_For_API = { "layer": "Network", "position": "top", "name": "API 1", "action": "Accept", "destination": "hst_dst_1.10.1.100", "service": "Kubernetes1", "enabled": True, "source": "Any", "track": "log"}   Trying to use track.type (as in https://community.checkpoint.com/t5/Policy-Management/change-to-Track-setting-in-policy/m-p/47958#M2929) results in  {'code': 'generic_err_invalid_parameter_name', 'message': 'Unrecognized parameter [track.type]'}   Trying to configure track using additional fields: {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'} or: {'code': 'generic_err_invalid_parameter', 'message': 'Invalid parameter for [track]. The invalid value [ "log" , {"accounting" : False }] should be replaced by one of the following values: [none, log, extended log, detailed log]'}   Thanks, Vlad Tonne
Kaspars_Zibarts
Kaspars_Zibarts inside General Management Topics Thursday
views 5291 14 2

Revisions Management in R80.x

There is a "tiny-not-a-lot-of-explanation" sk113615 about changes made between R77.x and R80.x.And before you say Tim Hall‌ - there was not a lot in the new book Problem is that there are no automated means to control number of versions you keep so it keeps growing indefinitely (unless you remember to do manual purge) and also you cannot turn it off even if you wanted to. Due to the complexity of the network (MDS with many CMAs plus couple of VSX clusters and VSes stretching over multiple CMAs) I'd rather rely on good old MDS backup than revisions.And now we have hit some wall where purge on MDS simply fails - it sits at stage 3/3 forever and eventually gets "server restart" errorI will raise an SR but would be great to have a bit more insight of R80 revision management / troubleshootingI also wonder how much this will impact MDS backup size (as it has been growing like crazy)

Upgrading Checkpoint management to R80.X from R77.30

Hi All I have a 17 years old Checkpoint standalone management server, was originally 4.1 and was upgrade through the years to R77.30.I would like to upgrade the management server to R80.X I was able to export and import the configuration on a new R80.10 server, but the CPM service was not started.I was found it is related to the ICA.I understand I would need to upgrade the ICA certificate to a new version. (SHA-256)I have many VPNs the relays on this ICA. In addition, I have many users in the internal database, that are using user certificates for remote access authentication, issued by the ICA.What would be the best way to update the ICA certificate without causing problems to the VPNs and the user authentication?Best regards,Michael 
cp-bc123
cp-bc123 inside General Management Topics Wednesday
views 119 2 1

Sip traffic Inspection

Hello, I am fairly new to checkpoint. I am looking for commands or settings that will allow me to do following.  1- how can I check if sip traffic passing thru checkpoint is being inspected?2- how can I clear a specific sip session from firewall session table?3- How can I disable sip alg if there is any?4- where should I check if sip packets are being dropped but it's not showing up in the logs? any command to verify packets are being dropped?  Thank you in advance.
HoogliBoogli
HoogliBoogli inside General Management Topics Wednesday
views 153 5

How to exports admin accounts

Hi,I want to export all my admin accounts from GAIA 77.30 an import in GAIA 80.10. How can I do this on cli?Thanks for your help.
Dan_Roddy
Dan_Roddy inside General Management Topics Tuesday
views 547 5

Migrate Endpoint Management from R77.30.03 to R80.10

When we licensed Endpoint the only option was to manage it from R77.30.03.  Now I want to migrate management to R80.10 that is also used to manage all our R80.10 gateways.  So I want to import a policy with objects into the R80.10 database.