Showing results for 
Search instead for 
Did you mean: 
Post a Question
Heath_Mote inside General Management Topics 14 hours ago
views 723 7

R80.20.M2 Management - Finalizing Stuck at 99% During Policy Installs

Setup is 2x Management Server 5150 with dedicated SmartEvent server all running R80.20.M2 pushing policy to a single 5800 HA ClusterXL setup all running R80.10. The management and cluster are located at the same site. The access/threat policy takes less than 3 minutes to succeed on the cluster but the 99% finalizing status takes a very long time to complete. I've just pushed a policy and it again finished in 3 minutes but has been stuck at 99% finalizing for the past 45 minutes... Is anyone else experiencing this after updating your management to R80.20.M2 or R80.20 in general?
Jon_Louis_Fern1 inside General Management Topics 20 hours ago
views 4900 25 5

Difference between HTTPS Inspection and Categorize HTTPS websites settings

Hi Checkmates,I would like to ask what is the difference in the behavior, pros and cons of or when will you use the following:1. HTTPS Inspection2. In Application & Url Filtering Settings under Url Filtering -> Categorize HTTPS websites.because in the " Categorize HTTPS websites" settings it says that you can allow HTTPS (SSL traffic) URL's without activating HTTPS Inspection.
Hardeep_Singh inside General Management Topics yesterday
views 210 6

can we merge two Management server in single Mgmt server

Hi all,can we merge two Management server data base in one Mgmt server
Sam_Ponder inside General Management Topics Saturday
views 282 3

migrate server export r80.30 running for over 3 hours

Hello all-I'm doing an advanced upgrade of a Smart1-410 appliance and during the migrate server export, it has been running for a long time. Currently, it has been running for almost 4 hours. Is this normal? It is currently running r80.20.m2.Is there a log file that I can look at to see where it is in the process?ThanksSam

Updatable objects - no longer available

Hello all,this morning I opened SmartConsole management (Check Point R80.20; Take 80 installed on Security Gateways) and I found Validations errors related to Updatable Objects:However, they are still present:I read the sk121877:1. Run unified_dl UPDATE ONLINE_SERVICES on Gateways; output:Entering mainloopUnified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]************************************************Got response : Request was completed successfullyGot Reason:************************************************Exiting mainloop2. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/; content:<?xml version='1.0' encoding='utf-8'?><RevisionInfo><Last_Revision>140619092032</Last_Revision></RevisionInfo>3. Content of Update_Status.dat:(:Last_Update_Status (3):Last_Update_Time (1560513301):Last_Update_Reason ():Success_Time (1560502924))4. google.C file under the folder $CPDIR/database/downloads/ONLINE_SERVICES/1.0/140619092032 contains valid Google Services references:(:CP_GGL_GGL (:parent ():uuid ("85bfe1b7-0581-3e89-a911-15e43ba0f7b4"):display_name ("Google Services"):icon ("@app/cp_ggl_ggl"):children (: (CP_GGL_GSuite): (CP_GGL_GCP))):CP_GGL_GSuite (:parent (CP_GGL_GGL):uuid ("3c0f0c1b-614d-3cdb-a47f-18995b9d6772"):display_name ("G Suite Services")...:CP_GGL_GCP (:parent (CP_GGL_GGL):uuid ("74ee9fa6-ac3a-3017-aed0-0d70abaefc40"):display_name ("Google Cloud Platform Services")...Any advice?Thank you,Luca

Anti-Bot & Anti-Virus, IPS update error on Standby Member

Anti-Bot & Anti-Virus and/or IPS on Check Point (R80.20) standby node report error "Error: Update failed. Contract entitlement check failed. Could not reach ''..." while updating.Details1. From standby node - Gaia web console => "Check for Updates", I get the error: "Could not connect to the Check Point Cloud. Check your connection settings..."2. From standby node, tests from SSH (sk83520) :- curl_cli -v -k => most of the time it doesn't work (timeout); sometimes it works.- curl_cli to any other URL => most of the time it doesn't work (timeout), sometimes it works.- ping public FQDN => most of the time it doesn't work (timeout), sometimes it works.- On active node => it works, always.3. From standby node, I can reach Internet gateway, and the other active node => no internal communication issues.4. Already verified and applied sk43807 (all points with the exception of point 4).fwha_forw_packet_to_not_active parameter is enabled on both nodes.5. Licenses are OK (sk98665); with the exception of command cpstat antimalware -f update_status that is returning the error below (the same I'm seeing from SmartConsole):AB Update status: up-to-date AB Update description: Gateway is up to date. Database version: 1906061756. Package date: Thu Jun 6 11:00:00 2019 AB Next update description: The next update will be run as scheduled. AB DB version: 1906061756 AV Update status: failed AV Update description: Update failed. Contract entitlement check failed. Could not reach "". Check proxy configuration on the gateway. AV Next update description: The next try will be within one hour. AV DB version: 1906070837I already read these CheckMates posts:- Update failed. Contract entitlement check failed- Problem accessing standby cluster member from non-local networkAny advice ? Thank you very much,Luca

change admin password to enter smartconsole R80.10

Hello People,I want to change the admin password for going to smartconsole.I tried with "cpconfig" without success, please share the way I can do it Thanks
cp-bc123 inside General Management Topics Thursday
views 368 1

Smart Console

Hello, I am new to checkpoint and have a few basic questions about smart utilities that check point firewall uses. so far i have seen smart console, smart dashboard, smart event and etc. how are each of these used and related? an explanation or a link to a document where i can read to answer all of these basic things will be highly appreciated. thank you in advance
Alex_Wu inside General Management Topics Wednesday
views 340 3

R80.20 Hotfixes

hi all,Why CPUSE still find older hotfix?I tried to install take 33, but failed due to a newer version (take 47) has been installed.
Vincent_Bacher inside General Management Topics Wednesday
views 23937 11 3

CPUSE upgrade of MDSM

Hello community,i am researching for best practices for inline upgrade of a multi domain security management, especially from R77.* to R80.10.In R80.10 installation and upgrade guide this way is mentioned but not explained.Is there any thread, sk or how-to which I did not find yet?Any hint is welcome.CheersVincent
Vladimir inside General Management Topics Tuesday
views 7232 19 1

Policy Installation Stages

Can someone describe what exactly status "Finalizing Installation" referring to?
Ayaz_Ahmad inside General Management Topics Tuesday
views 2472 13 2

Upgrade from R77.30 to R80.10 failed during import process

Hi,I am trying to upgrade our R77.30 management server to R80.10 using CPUSE.The OS upgrades fine and then when importing the database, it fails with "Failed during import process".I have tired this fix sk118795 but still no help. I have attached the log file which was generated after the update failure. In the log file I can see the following error: [2018-02-22 - 18:23:37][3703 4157531920]:cannot find migrate log path.[2018-02-22 - 19:18:34][3703 4157531920]:Failed on importing management configuration database to Destination[2018-02-22 - 19:18:34][3703 4157531920]:------ Reverting Back: ------Can someone help please.
BeaconBits inside General Management Topics Tuesday
views 2213 7 1

How to install Security Patches on VSX Cluster gateways on R80.10

Hello mates,Can anyone would guide me toHow can I install security patches of VSs of a VSX cluster?Scenario:-------------Two VSX boxes are being clustered and both VSX boxes have 3 VSs.Installing security patch on Active VS would do it on the Standby as well?Do I need to failover manually???Please guide!Regards,B

FQDN objects generate excessive amount of DNS queries

For those using "new" type FQDN objects - have you noticed or looked at DNS stats from the gateway? The other day our DNS guy asked us why one of our VS gateways was generating 25 million (!) DNS queries per day. So had to dig into it. I can't say that we use FQDN objects excessively (~200 objects, all new type) but we still like them. As for calculation, after enabling WSDNSD debug following was concluded: each FQDN object will create 10 DNS queries every minute (not too sure why but all 10 are sent at the same time nearly) each FQDN object then will be added prefix "www" and another 10 queries sent to DNS every mi minute lastly each successful response will trigger reverse lookup Numbers seem to add up: (200 x 10 x 2) x 60 x 24 = 5.76M If you now add rerverse lookups then 20M is not a surprise number. Seems very inefficient design if you ask me. Would be interesting to hear from CP why there is a need for such excessive amount of DNS queries. We are running R80.10 take 203 VSX + MDS
D_TK inside General Management Topics a week ago
views 412 2

Change gateway management to different interface

Hello everyone. I have an R80.20 cluster that is currently being managed via its external interface over the internet. When this cluster was installed, the internal MPLS interface hadn't been installed yet, so we set management to the only reachable address.At a later point, MPLS was installed there, and now management can reach it over the private address. It seems straightforward to move management to the other interface - 3 changes:Cluster IP & both member IPs.Am i missing anything - i assume sic doesn't need resetting. thanks.