Showing results for 
Search instead for 
Did you mean: 
Create a Post

Is it possible to take snapshot backup on a remote server directly?

Hello, Does anyone know if it is possible to take snapshot backup on a remote server directly? We are having disk space issues one of the gateways and its not possible to take the snapshot backup on the gateway due to that. I wanted to know if we can directly take the backup on a remote server.Appreciate the help!
Vladimir inside General Management Topics 17m ago
views 21 2

The database contains objects with non-Unicode characters

When Pre-Upgrade Verifier indicates that "The database contains objects with non-Unicode characters", the corresponding SK directs us to download and execute this utility on a PC running SmartConsole: The results are then supposed to be defined in db_encoding.txt But since we are not prompted for the management server's IP or credentials, I suspect that this utility is detecting encoding on local machine, not the Management Server. So if you have multiple workstations with different encoding on each, indicated result may be one of many, but we are not aware of that at this point. Can someone explain to me what the outcome of the situation described above would be? Thank you, Vladimir
Sangeeth_N inside General Management Topics an hour ago
views 50 5

Informational Exchange Received Delete IKE-SA from Peer: xx.xx.xx.xx

Hi I am trying to establish a VPN with an interoperable device[Sophos]. As checked, all the VPN parameters are matching. The VPN itself is not getting established and I am able to find the below mentioned log in SmartLog :Informational Exchange Received Delete IKE-SA from Peer: xx.xx.xx.xx; Cookies: xxxxxxxxxxxxxxxxxxxxxxxxxxxAny idea regarding why this issue occurred.
kmadhura15 inside General Management Topics 3 hours ago
views 113 3

TCP connection failure port=18191 [error no. 10]

Hello,I have a setup with two gateways in a cluster. The management interfaces of the gateways and SMS are in the range of 62.112.170.x. They are running on R80.10. I added a static NAT to an object in the 10.253.100.x range for the standby gateway, which would NAT the IP to IP address of management interface of standby server. I pushed the policy and after that for any policy I try to push, I get the error for tcp connection failure. I am not able to make any changes now since they cannot be applied to the standby gateway anymore. Any suggestions on how to solve this issue?
sukrui inside General Management Topics 4 hours ago
views 106 6

Power supply status dummy

I have 5600 appliance with version has two power supply.When I look with command below ,it says dummy both of them. What can I do about that?[Expert@Gateway:0]# cpstat os -f power_supplyPower Supply--------------|Index|Status|--------------| 1|Dummy || 2|Dummy |--------------

R80.30 upgrade from R80.10

We upgraded from R80.10 to R80.30 this last weekend. The process is well documented, although we wasted time when we got to the global Smart Event server, as detailed below... Some notes from our experience:Preloading kernel module drivers for VirtSCSI and VirtPCI.'R80.30 Management Server Migration Tool' is referenced in documentation as being 'Upgrade Tools'.License management via Smart Update is again problematic, use CLI Preloading kernel module drivers for VirtSCSI and VirtPCI.Our compute nodes use Linux KVM so we were previously limited in R80.10 to using the VirtIO Block drivers ( /dev/vda). This unfortunately doesn't support TRIM/DISCARD/UNMAP, so we were primarily looking forward to a more modern kernel to gain access to storage using VirtIO SCSI.We amended /etc/modprobe.conf to include additional drivers:alias scsi_hostadapter ccissalias scsi_hostadapter1 ata_piixalias scsi_hostadapter2 ahcialias scsi_hostadapter3 virtio_pcialias scsi_hostadapter4 virtio_scsiThen rebuilt the kernel:cd /bootmkinitrd initrd-3.10.0-693cpx86_64.img 3.10.0-693cpx86_64 -v -fImplemented Ceph object size aligned (4 MiB) partitioning structure:Disk /dev/sda: 419430400sSector size (logical/physical): 512B/512BPartition Table: gptNumber Start End Size File system Name Flags 1 8192s 622591s 614400s ext3 boot 2 622592s 9011199s 8388608s linux-swap(v1) 3 9011200s 419430366s 410419167s lvmDisk /dev/sdb: 209715200sSector size (logical/physical): 512B/512BPartition Table: gptNumber Start End Size File system Name Flags 1 8192s 209715200s 209706975s lvmWe use pvemove and pvextend to separate the operating system and PostgreSQL from logging and temporary file management:[Expert@fwcpm1:0]# lvdisplay -m | grep -e 'LV Path' -e 'LV Size'; lvdisplay -m | grep -A 3 -e 'Logical extents ' LV Path /dev/vg_splat/lv_current LV Size 195.69 GiB Logical extents 0 to 6261: Type linear Physical volume /dev/sda3 Physical extents 0 to 6261 LV Path /dev/vg_splat/lv_log LV Size 99.97 GiB Logical extents 0 to 3198: Type linear Physical volume /dev/sdb1 Physical extents 0 to 3198 We ran in to a problem when we attempted assembling the kernel, booted using a CentOS 7 rescue environment. I assume this to be an undocumented security feature; albeit resulting in one having to disconnect the drive and reattach it using either IDE or AHCI emulation, when assembling the kernel boot image. Question: Is there a Check Point recovery boot image with which one can package the Gaia 3.10 kernel? Check Point R80.10 - CPU utilisation - Multi Domain Log Server:Check Point R80.30 - CPU utilisation - Multi Domain Log Server Great performance improvement with us running it on Ceph... 'R80.30 Management Server Migration Tool' is referenced in documentation as being 'Upgrade Tools'Spent way too long puzzling through the wrong tool. The documentation references the required tool as being 'Upgrade Tools'. Upgrading Multi-Domain Upgrading Multi-Domain Servers in High Availability from R80.20, R80.10, and lower Upgrading Multi-Domain Servers in High Availability from R80.20, R80.10, and lower with Migration Upgrading a Dedicated SmartEvent Server Upgrading a Dedicated SmartEvent Server from R80.20, R80.10, and lower with Migration: R80.30 Home Page: The tool I wasted time with was the 'Upgrade Tools package', instead of the 'R80.30 Management Server Migration Tool'. License management via Smart Update is again problematic, use CLIRunning SmartUpdate (connect to domain, menu and then 'manage licenses and packages') reveals every vSec license being attached to the gateway within the domain, for each domain:The CLI method is ultimately faster and more reliable:Connect to the primary MDS server and obtain the relevant CMA IP address by running 'mdsstat'Switch to the domain by running mdsenv x.x.x.xRemove expiring or expired licenses by getting the signature and then removing it:cplic print -xcplic del <signature>Import the new license, eg cplic put -l <file.lic>Assign available licenses to gateways: vsec_central_license RegardsDavid Herselman
kfirash inside General Management Topics yesterday
views 88 3

Proxy ARP on Checkpoint R80.10

Hi,After Upgrading our gateways and management to r80.10 we start facing with a wired problem.The gateway doesn't send arp reply to the router and we have to configure manually proxy-arp on GAIA.i wonder if it's related only to the version itself or if there is any configuration or hotfix that can solve this issue. We Don't use Automatic NAT for network and we using static NAT for specific external resources and hide nat for LAN group . Enable Check Point ClusterXL for Bridge Active/Standby...==========================================================Check Point ClusterXL for Bridge Active/Standby is currently disabled.
paulastya inside General Management Topics yesterday
views 153 8

Upgrading the Checkpoint VSX cluster (VSLS) from R77.30 to R80.10 with Clean install

We are going to upgrade the Checkpoint VSX Cluster from R77.30 to R80.10 with a clean install on a 13500 appliances. The Management Gateway is already upgraded to R80.20 version. My question is can we do the clean installation of VSX cluster using the CPUSE ?While checking the documentation I found the following, From R75.40, R75.45, R75.46, R75.47, R75.40VS, R76, R77, R77.10, R77.20, R77.30 to R80.10:ComponentSupported MethodsSecurity Management ServerCPUSE UpgradeCPUSE Clean InstallAdvanced Database MigrationMulti-Domain ServerSecurity GatewayCPUSE UpgradeCPUSE Clean InstallVSXCPUSE Upgrade (from R77 only)Earlier versions: Use instructions in sk101518CloudGuard ControllerCPUSE Upgrade (from R77.30 only) So, the documentation says that CPUSE upgrade is possible not clarified about the Clean installation.

Network Group locked for deletion

Hi Guys,an API script adding new hosts then editing a group object has broken for some reason, session was disconnected but not discarded so seems that has locked the group and i'm not able to publish or discard the locked changes anymore, following script didn't help:#!/bin/bashmgmt_cli login -r true > id.txt; current_sid=$(mgmt_cli show session -s id.txt -f json | $CPDIR/jq/jq .uid); for sid in $(mgmt_cli -s id.txt show sessions details-level full -f json | $CPDIR/jq/jq '.objects[] | select ( .["application"] | contains ("WEB_API")) | .uid' | grep -v ${current_sid}); do mgmt_cli discard uid ${sid} -s id.txt ; done; mgmt_cli logout -s id.txtwould anyone please advise in that ?i've attached the locked object and the sessional list
Jerry inside General Management Topics Wednesday
views 221 6

Logs Indexing Error (R80.30) SmartLog

what you think folks? having that since upgrade (last weekend) ... any idea how to fix that?
Jesus_Cano inside General Management Topics Wednesday
views 1167 9

Smart1-210 maximum memory RAM

Hi,We have a Smart1-210, with the default memory RAM (8GB). It has 2 slots (4+4). Whats the maximum memory capacity for this appliance? wi need to increase memory to upgrade to R80.xThis appliance supports 16GB? 24GB?

Admin Not to be Blocked in Case of DOS

HiI am running a Compliance Check on all of My Checkpoint Firewalls. I am running R77.30 on all appliances (Management + Gateway)I would like to know if there is any way to Setup "Admin" not to be blocked in case of a DOS

How to specity a Session Name and Description in a mgmt_cli publish

I can't seem to find the syntax anywhere for adding a session name and description so that I can publish from the cli. Any help would be appreciated. mgmt_cli publish -s id.txt---------------------------------------------Time: [18:46:50] 20/8/2019---------------------------------------------"Publish operation" failed (100%)tasks:- task-id: "01234567-89ab-cdef-b80c-135154317141"task-name: "Publish operation"status: "failed"progress-percentage: 100suppressed: falsetask-details:- fault-message: "Publish cannot be performed without entering a session name and description."
inside General Management Topics Tuesday
views 112456 40 132

R80.x Training Videos

These videos were recorded originally for our partners by Jim Oqvist, but CheckMates members can now access this exclusive content! Introduction Duration R80 Management Training Introduction LITHIUM.OoyalaPlayer.addVideo('https:\/\/\/static\/v4\/production\/', 'lia-vid-hoNWpnaDE6yhvyj8O5mAWQnPpaZuYM19w900h720r931', 'hoNWpnaDE6yhvyj8O5mAWQnPpaZuYM19', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"900px","height":"720px"});(view in My Videos) Please note that Ravello blueprints have been discontinued and are no longer available.Most of the labs can be done with the Cloud Demo Mode in R80.x SmartConsole. 00:03:07 Module 1: Introduction to Security Management R80 Management Training Lesson 1 - Big Picture‌ 00:38:50 R80 Management Training Lesson 2 - Installation‌ 00:33:30 R80 Management Training Lesson 3 - SmartConsole‌ 00:46:50 Module 2: Enhance the Way You Manage Policies R80 Management Training Lesson 4 - Access Control‌ 00:46:30 R80 Management Training Lesson 5 Threat Prevention Policy‌ 00:30:00 R80 Management Training Lesson 6 - Management API‌ 00:45:45 R80 Management Training Lesson 7 - Logs & Monitoring‌ 00:35:35 Module 3: Multi-Domain Management and Migration to R80 R80 Management Training Lesson 8 - MDSM‌ 00:15:00 R80 Management Training Lesson 9 - Migration‌ 00:13:15
Rafael_Lima1 inside General Management Topics Tuesday
views 1096 16

Legitimate traffic being blocked - R80.20

After migration to R80.20 we are having a legitimate traffic being blocked, filtering via "fw ctl zdebug drop", we receive the following log:@;2731325746;[cpu_9];[fw4_2];fw_log_drop_ex: Packet proto=6 x.x.x.x:45242 -> y.y.y.y:443 dropped by fwmultik_process_f2p_cookie_inner Reason: PSL Drop: internal - reject enabledWe opened a SR and passed us the SK33328, which was done but did not work, we still have connection problems sometimes.The traffic is from an apache server to an nginx, TCP / 443Anyone else went through this and could help?