Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

Ravindra_Yadav inside General Management Topics 17 hours ago
views 42 2

Does system backup of management server contains all the policies and objects ?

Dear Team,My management server has got crashed. We used to take weekly system backup of the management server.Will restoring system backup has all the policies and objects ?What are recommendations for restoring system backup on management server.Regards,Ravindra
Don_Paterson inside General Management Topics yesterday
views 14790 22 8

NAT Templates - SecureXL

Is it recommended to turn NAT Templates on?Why is it not on by default?[Expert@GW:0]# fwaccel statAccelerator Status : onAccept Templates : enabledDrop Templates : disabledNAT Templates : enabledNMR Templates : enabledNMT Templates : enabled
yishola inside General Management Topics yesterday
views 491 10

R80.10 -> R80.20/30 Management upgrade issues

Hi There,I've tried various upgrade paths for my VM Management server (R80.10 take 462) to R80.20 or R80.30 without success. I've increased the disk space and extended existing space with lvm_manager - still no joys. Tried cli and cpuse and the errors are always about insufficient disk space. I seem to have a lot of space.Tried migrate export and space issue persists. Tried snapshot and though system says I need 9gb for snapshot (and I have 33gb free), snapshot is unsuccessful.What I am looking for is a process by which I can upgrade the server without CheckPoint snapshot or backup. I can use VM Snapshot as fallback in case I need to.LVM overview============                     Size(GB)     Used(GB)       Configurable    Descriptionlv_current  20                  9                    yes                     Check Point OS and productslv_log          20                15                   yes                     Logs volumeupgrade     22                N/A                 no                      Reserved for version upgradeswap           5                 N/A                 no                      Swap volume sizefree             33               N/A                 no                      Unused space------- ----total 100 N/A no Total size  

Cleaning up /var/log

We recently did an inline (cpuse) upgrade on our SmartCenter Server from R80.20 to R80.30/var/log has now a size of 712GB, and there must be plenty of unused stuff to delete. Any hints are welcome.For example: WTF is /var/log/opt/CPsuite-R80.20/fw1/log/blob/
yishaia inside General Management Topics yesterday
views 117 6

20 FWs on 1 Management server

Hello,I have 20 gateways and 1 management server,when i install policy from the management server,i put the FWs i want to install on - on the "install on" section,is there any way to make groups on "install on" FWs?i need to select 5-6 diffrents FWs on every rule i install,anyway to make groups?like 5 gateways "group one"10 gateways "group two" something like that?thanks

Outbound https inspection and SNI on R80.20

Hi!I am a bit confused about https inspection and SNI-support.We are running r80.20 take 80 with https inspection and we alse have enabled the "Categorize HTTPS websites" for non https-inspection machines.Lately we encounter strange behaviours with websites running in Cloudflare.ssllabs shows: "This site works only in browsers with SNI support." and most of them only supports ESCDA cipher suites that is only supported from the gateway to the server in R80.20 One example of the behaviourClient using chrome (same issue with other browsers) to access https://oauth.netPcap from the client: Client web browser sends Client Hello , SNI=oauth.netThe gateway tries to connect to the server and tries the supported cipher suites.Pcap from the gateway: After a while (after failing several times without sending ECDSA ciphers) they connect with the supported ECDSA cipher and the server sends correct SAN-names:*, and oauth.netPcap from the client:The client recieves wrong SAN-names: and and the web browser displays a certificate warning.All wrong SAN-names displayed are also hosted on cloudflare, so my theory is that the firewall has cached the SAN-names and the corresponding ip-address.After hitting F5 alot of times and accepting the wrong certificate the client can connect. My questions:Why is the client getting wrong SAN-names from the gateway?Is there a https-cache (SAN-names to corresponding ip-address) that is causing this?If so, can it be cleared?Is there a way to get around this issue without disabling https-inspection to the cloudflare /14 subnet without upgrading to R80.30?Adding screenshots of the behaviour. 

Credential Guessing Event in SmartEvent

Dear All,Anyone had come across on the below Events:We have SmartEvent (Both R77.x & R80.x) in same machine of Management server.We have enabled Event Policy - "Unauthorized Entry" - "Credential Guessing" to generate events of 3 failures within 600 Seconds.We are receiving Events on the above as well which is fine.But we have different info on the above "Credential Guessing" Event Log.Example: We have Internal Server (Windows 2012) and we tried to SSH into Firewall from this Server.For few wrong attempts as per Event Detection - we get Events.But the Event "Product" says "Linux OS" instead of "Windows OS"(Attached screenshot)Regards, Prabulingam

Tacacs+ SmartDshboard authentication

Hello,Not work  tacacs authentication in SmartDshboard. But on this managment applince ssh and WebUI tacacs authentication is work. In log "Administrator failed to log in: Wrong Password"Tacacs server is Cisco ISE. 

BackBox and the symlink of doom for 80.30 upgrade

I spent an exhaustive amount of time testing our 80.10->80.30 upgrades to make sure I had all of my ducks in a row.  But my VM environment couldn't prepare me for this error:The package failed to install at Sat Dec 7 10:15:36 2019 (and 4 more times)Reason of failure: Failed during MDS setup.Failed to execute: . /opt/CPshared/5.0/tmp/ >/dev/null 2>&1 ; export MDS_SYSTEM=/mnt/fcd/sysimg/CPwrapper/linux/p1_install/system; export UPGRADE_CONTEXT=cpuse; export CPUSE_SHOW_PROGRESS_ID=Check_Point_R80.30_T200_Fresh_Install_and_Upgrade_Security_Management.tgz; /mnt/fcd//sysimg/CPwrapper/linux/p1_install/system/install// -b -t /mnt/fcd/exported_mds_settings >> /var/log/install_Major_R80.30_Mgmt_T200_1_detailed.log 2>&1Took forever chasing the logs to discover that, for some reason in /opt/CPmds-R80/tmp there was a symlink named "migrate".  It pointed to /var/log/BackBox/migrate.Problem is, the upgrade process attempts to create /opt/CPmds-R80/tmp/migrate.Oops.Deleted the symlink and BOOM goes the dynamite and the upgrade took off and completed.Wanted to put this here so the next poor person running into this doesn't pull the last little bit of hair they have left out.  In other news, I don't need hair cuts any longer and our database got a clean-ish bill of health from CPM Doctor.There's a SK forthcoming. Unfortunately, the 80.30 upgrade tanked our MDS.  Long 31 hour story later, our reversion to the snapshot taken by 80.30's installer is complete and we're back to square one.  Which is good, because I negelected to snag a copy of our user.def.FW1 file.Scripts are forth coming to backup and replicate that file to our secondary MDS - it isn't replicated or grabbed during an mds_backup.
J_Saun inside General Management Topics Sunday
views 1382 5 1

Resize R80 partition

I am trying to resize one of my paritions because it keeps complaining that /opt is low on space.I followed the instructions in the link below: Step 4 worked - lvresize -L 11G vg_splat/lv_currentBut step 5 gives me the following error:[Expert@r80_mgr:0]# resize2fs /dev/vg_splat-lv_currentresize2fs 1.42.9 (28-Dec-2013)open: No such file or directory while opening /dev/vg_splat-lv_currentAny help would be appreciated.Thanks
Azaad inside General Management Topics Sunday
views 143 5 1

Unable to run R80.x Pre_Upgrade_Verifier on R77.30 MGMT window platfrom

I am Unable to run R80.x Pre_Upgrade_Verifier on R77.30 MGMT window platfrom which i want to convert to R80.30 Gaia I checked permissions,MD5sum evrythingPLease help me in this 

Cast (chromecast and Apple AirPlay) from different networks

Hi.I am setting up one Apple TV and one Chromecast in one of our conference rooms.They will be connected to our "device network". People should then be able to cast and share screen from "Internal Networks" as well from "Guest Network" and "PDA/Phone Network" to these devices.I guess I somehow have to enable multicast forward and then create rules allowing unicast to those devices from the different networks?Anyone who has any experience and can share some tips how to do this?Running R80.30 HAThanks/Tobias 

Run a script more than once in Central Deployment Tool (CDT)

Hi. Today I am preparing a small presentation for our next week inhouse-exhibition about CDT – version 1.5. During my preparations I was trying to refine a script that was executed on the gateways via execute_script. After the script was executed successful once, I was unable to run it again on the same gateway. Output tells me that execution was skipped. No hints in the documentation. It took me some time fo find where the state of the execution was saved. The script was named The state of the script can be reset on the gateway with:/bin/dbset installer:cdt:/var/log/ 0Knowing this one could put a command into the deployment plan executing this for scripts to be run again. But I do not consider saving the state on the gateway the perfect idea for a tool designed to centrally manage gateways. In my opinion such state information has to be saved locally on the management server running the CDT. In that way you can change the state in the same place where you configure the rest of your deployment.By all means, this has to be documented. Another suggestion would be a possibility to define a $HOME where the CDT commands shall be executed on the gateway. Actually $HOME is /. That would not be my directory of choice.
Milos_Jovovic inside General Management Topics Thursday
views 1850 12

RAVPN Checkpoint securID authentication forwarding to RSA authentication manager

Hello Team,I was going through integration of securID RSA Auth. Manager with CheckPoint Cluster (2x5200 NGGW's with 77.30 Gaia on it).Made one object for checkpoint agent on RSA auth. manager console (with ip of CP cluster). What name i have to put here? There is written to put name of securID agent object in CheckPoint smart dashboard. What is that name (securID server object? or someting else?). I have configured External user profile with match-all-users option (is this correct? we need to forward all auth request to RSA Auth. manager. In CheckPoint endpoint security vpn client we have three fields (username, PIN and token)). We have one passphrase (PIN and token), for one user. Is this only one factor or two? I am confused here. I have configured this external user group to be part of new user group securid_user_grupa:I have put authentication sheme securid for this external user profile:I have put this user group in remote access community for RAVPN connections:I have put the same sdconf.rec file on both gw's in cluster (active and standby) on path /var/ace/Installed policy and authentication does not work, zero packets going from CP cluster to RSA auth. manager.In vpn debug log files there is error “Access denied - wrong user name or password”.It is like CP tries to authenticate users in internal user database in MGMT server.I off course put in GW>>>VPNClient>Auth.>>>auth sheme to securID (chose securID server object).Do I have to do cpstop/cpstart on gw's to make this work?Eny suggestion? Maybe I have to change in external user profile type to match by domain?Do i have to check this box omit domain name when auth. users?Thanks Everyone for help.Any help would be appreciated a lot.
Moe_89 inside General Management Topics Wednesday
views 3503 7

"Certificate revoked" error when trying to login to SmartConsole. Cause: Corruption caused by unpredictable circumstances ?

A customer was unable to login to smartconsole with error "certificate revoked". Followed sk113744 which resolved the issue. But the given cause of the issue is "Corruption caused by unpredictable circumstances". What does that even mean ? Does anyone know the actual reason for this issue ?