cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Hardeep_Singh
Hardeep_Singh inside General Management Topics 9 hours ago
views 157 4

can we merge two Management server in single Mgmt server

Hi all,can we merge two Management server data base in one Mgmt server
Sam_Ponder
Sam_Ponder inside General Management Topics 17 hours ago
views 65 3

migrate server export r80.30 running for over 3 hours

Hello all-I'm doing an advanced upgrade of a Smart1-410 appliance and during the migrate server export, it has been running for a long time. Currently, it has been running for almost 4 hours. Is this normal? It is currently running r80.20.m2.Is there a log file that I can look at to see where it is in the process?ThanksSam

Updatable objects - no longer available

Hello all,this morning I opened SmartConsole management (Check Point R80.20; Take 80 installed on Security Gateways) and I found Validations errors related to Updatable Objects:However, they are still present:I read the sk121877:1. Run unified_dl UPDATE ONLINE_SERVICES on Gateways; output:Entering mainloopUnified_Download_Update_Now_CB: Activated, opq [UPDATE NOW OPAQUE]************************************************Got response : Request was completed successfullyGot Reason:************************************************Exiting mainloop2. Search the last_revision.xml file under $CPDIR/database/downloads/ONLINE_SERVICES/1.0/; content:<?xml version='1.0' encoding='utf-8'?><RevisionInfo><Last_Revision>140619092032</Last_Revision></RevisionInfo>3. Content of Update_Status.dat:(:Last_Update_Status (3):Last_Update_Time (1560513301):Last_Update_Reason ():Success_Time (1560502924))4. google.C file under the folder $CPDIR/database/downloads/ONLINE_SERVICES/1.0/140619092032 contains valid Google Services references:(:CP_GGL_GGL (:parent ():uuid ("85bfe1b7-0581-3e89-a911-15e43ba0f7b4"):display_name ("Google Services"):icon ("@app/cp_ggl_ggl"):children (: (CP_GGL_GSuite): (CP_GGL_GCP))):CP_GGL_GSuite (:parent (CP_GGL_GGL):uuid ("3c0f0c1b-614d-3cdb-a47f-18995b9d6772"):display_name ("G Suite Services")...:CP_GGL_GCP (:parent (CP_GGL_GGL):uuid ("74ee9fa6-ac3a-3017-aed0-0d70abaefc40"):display_name ("Google Cloud Platform Services")...Any advice?Thank you,Luca

Anti-Bot & Anti-Virus, IPS update error on Standby Member

Anti-Bot & Anti-Virus and/or IPS on Check Point (R80.20) standby node report error "Error: Update failed. Contract entitlement check failed. Could not reach 'updates.checkpoint.com'..." while updating.Details1. From standby node - Gaia web console => "Check for Updates", I get the error: "Could not connect to the Check Point Cloud. Check your connection settings..."2. From standby node, tests from SSH (sk83520) :- curl_cli -v -k https://updates.checkpoint.com/ => most of the time it doesn't work (timeout); sometimes it works.- curl_cli to any other URL => most of the time it doesn't work (timeout), sometimes it works.- ping public FQDN => most of the time it doesn't work (timeout), sometimes it works.- On active node => it works, always.3. From standby node, I can reach Internet gateway, and the other active node => no internal communication issues.4. Already verified and applied sk43807 (all points with the exception of point 4).fwha_forw_packet_to_not_active parameter is enabled on both nodes.5. Licenses are OK (sk98665); with the exception of command cpstat antimalware -f update_status that is returning the error below (the same I'm seeing from SmartConsole):AB Update status: up-to-date AB Update description: Gateway is up to date. Database version: 1906061756. Package date: Thu Jun 6 11:00:00 2019 AB Next update description: The next update will be run as scheduled. AB DB version: 1906061756 AV Update status: failed AV Update description: Update failed. Contract entitlement check failed. Could not reach "updates.checkpoint.com". Check proxy configuration on the gateway. AV Next update description: The next try will be within one hour. AV DB version: 1906070837I already read these CheckMates posts:- Update failed. Contract entitlement check failed- Problem accessing standby cluster member from non-local networkAny advice ? Thank you very much,Luca

change admin password to enter smartconsole R80.10

Hello People,I want to change the admin password for going to smartconsole.I tried with "cpconfig" without success, please share the way I can do it Thanks
Alex_Wu
Alex_Wu inside General Management Topics Wednesday
views 337 3

R80.20 Hotfixes

hi all,Why CPUSE still find older hotfix?I tried to install take 33, but failed due to a newer version (take 47) has been installed.
Heath_Mote
Heath_Mote inside General Management Topics Wednesday
views 560 4

R80.20.M2 Management - Finalizing Stuck at 99% During Policy Installs

Setup is 2x Management Server 5150 with dedicated SmartEvent server all running R80.20.M2 pushing policy to a single 5800 HA ClusterXL setup all running R80.10. The management and cluster are located at the same site. The access/threat policy takes less than 3 minutes to succeed on the cluster but the 99% finalizing status takes a very long time to complete. I've just pushed a policy and it again finished in 3 minutes but has been stuck at 99% finalizing for the past 45 minutes... Is anyone else experiencing this after updating your management to R80.20.M2 or R80.20 in general?
Vincent_Bacher
Vincent_Bacher inside General Management Topics Wednesday
views 23791 11 3

CPUSE upgrade of MDSM

Hello community,i am researching for best practices for inline upgrade of a multi domain security management, especially from R77.* to R80.10.In R80.10 installation and upgrade guide this way is mentioned but not explained.Is there any thread, sk or how-to which I did not find yet?Any hint is welcome.CheersVincent
Vladimir
Vladimir inside General Management Topics Tuesday
views 7152 19 1

Policy Installation Stages

Can someone describe what exactly status "Finalizing Installation" referring to?
Ayaz_Ahmad
Ayaz_Ahmad inside General Management Topics Tuesday
views 2313 13 2

Upgrade from R77.30 to R80.10 failed during import process

Hi,I am trying to upgrade our R77.30 management server to R80.10 using CPUSE.The OS upgrades fine and then when importing the database, it fails with "Failed during import process".I have tired this fix sk118795 but still no help. I have attached the log file which was generated after the update failure. In the log file I can see the following error: [2018-02-22 - 18:23:37][3703 4157531920]:cannot find migrate log path.[2018-02-22 - 19:18:34][3703 4157531920]:Failed on importing management configuration database to Destination[2018-02-22 - 19:18:34][3703 4157531920]:------ Reverting Back: ------Can someone help please.
BeaconBits
BeaconBits inside General Management Topics Tuesday
views 2072 7 1

How to install Security Patches on VSX Cluster gateways on R80.10

Hello mates,Can anyone would guide me toHow can I install security patches of VSs of a VSX cluster?Scenario:-------------Two VSX boxes are being clustered and both VSX boxes have 3 VSs.Installing security patch on Active VS would do it on the Standby as well?Do I need to failover manually???Please guide!Regards,B

FQDN objects generate excessive amount of DNS queries

For those using "new" type FQDN objects - have you noticed or looked at DNS stats from the gateway? The other day our DNS guy asked us why one of our VS gateways was generating 25 million (!) DNS queries per day. So had to dig into it. I can't say that we use FQDN objects excessively (~200 objects, all new type) but we still like them. As for calculation, after enabling WSDNSD debug following was concluded: each FQDN object will create 10 DNS queries every minute (not too sure why but all 10 are sent at the same time nearly) each FQDN object then will be added prefix "www" and another 10 queries sent to DNS every mi minute lastly each successful response will trigger reverse lookup Numbers seem to add up: (200 x 10 x 2) x 60 x 24 = 5.76M If you now add rerverse lookups then 20M is not a surprise number. Seems very inefficient design if you ask me. Would be interesting to hear from CP why there is a need for such excessive amount of DNS queries. We are running R80.10 take 203 VSX + MDS
D_TK
D_TK inside General Management Topics Monday
views 157 2

Change gateway management to different interface

Hello everyone. I have an R80.20 cluster that is currently being managed via its external interface over the internet. When this cluster was installed, the internal MPLS interface hadn't been installed yet, so we set management to the only reachable address.At a later point, MPLS was installed there, and now management can reach it over the private address. It seems straightforward to move management to the other interface - 3 changes:Cluster IP & both member IPs.Am i missing anything - i assume sic doesn't need resetting. thanks.

How to recovery lost admin password

Is it possible to recovery lost admin password? If yes, how to do this. Checkpoint management server on R80.10.

MDM R80.x migration from hardware to software

Hello Checkmates. I just went to do a customer MDM migration (test in my lab) from HW>SW on an R80.10 installation. Normally the way I do this is whether its an upgrade or a platform shift is to build out a new MDM, recreate the users, roles, passwords etc and then I import the CMA while building out the new domain. That option is obviously no longer available. So I started digging. I saw this tool ExportImportPolicyPackage as well as this link https://community.checkpoint.com/docs/DOC-1938However, re-establishing SIC and recreating objects are not a good option at this time. While the customer does not do much with the MDM/global policies, they have a lot of gateways, and downtime is difficult to get.What is the easiest way to go from R80.10 MDM on HW to R80.10 MDM on SW. Am I just missing something? Do I have to backup and restore the whole MDS? If that's thats the only way that's fine, I was just not expecting that. Does mds_backup and mds_restore even work for HW>SW?I'm hoping there is an easy answer and I'm just missing it so hopefully its as easy as pointing me to a link.Thanks,Paul