cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

fw_ctl
fw_ctl inside General Management Topics 39m ago
views 118 6

Best (simplest) way to export policy from old CMA to new all R80.20

As above - I have a requirement to migrate a policy package (Gaia config not important) from existing CMA in MDS domain #1 to new CMA in domain#2. (same mds)I have looked into multiple methods, such as ofiller/dumper, cp_merge, etc etc. What are peoples tried and tested method as i don't see an official SK or supported methodology.    
FXE
FXE inside General Management Topics 3 hours ago
views 222 5

Migrating VM to Smart-1

Hi, I would like to know how can I migrate my VM management server to a Smart-1 hardware.It will be in the same version, I just want to make my management sever from VM to a hardware based.Thanks
Nick_Doropoulos
Nick_Doropoulos inside General Management Topics 7 hours ago
views 65 6

Integration between Sandblast Mobile and Endpoint Security Manager

In the interest of having visibility of all endpoints in a single pane of glass (traditional on-prem workstations and mobile devices alike) would it be possible to integrate Sandblast Mobile's central dashboard with that of the Endpoint Security Management server so that full visibility of all endpoints can be achieved on the latter?Many thanks in advance.
Daniel_Taney
Daniel_Taney inside General Management Topics 7 hours ago
views 107 3

SMS Management Container License Utilization?

Pretty basic question that I couldn't find a concrete answer to on my own... Is there a way to see an accurate count of your consumption of a Management Container License. For example, if the container is for 25 GW's, I'd like to see how close I am to hitting that ceiling. At first glance, the obvious answer would be to just count the objects under "Gateways & Servers", but it is my understanding things like Clustered GWs, VSX Clusters & Objects (Virtual Switches, Routers) and Gateways in Scale Sets all may be counted or treated differently.  Thanks! Dan

Can we migrate checkpoint management server r80.30 from Open Server to Checkpoint Smart-1

Hello Everyone! Can you please tell me or share me the link, to migrate checkpoint management server from OPEN SERVER to Checkpoint SMART-1Thank You. 
kb1
kb1 inside General Management Topics Friday
views 114 6

Smartconsole mgmt server issue

smartconsole doesnot detect the primary mgmt server.Tried restarting checkpoint services on both the mgmt servers also tried reboot on both but it does not seem to work, will attach the screenshot of the error.Created a service request with checkpoint but in the mean time before they call me it would be great if i could get some other troubleshooting tips.Will be attaching the screenshot as well.And also im able to connect to the mgmt server using putty, also just recieved a mail from the proficio team (its a siem tool) that they cannot connect to the mgmt server as well which is probably related to this issue.Thank you.
kb1
kb1 inside General Management Topics Friday
views 254 7

Sic issue for new firewall!!!!!Helpppp!!

So i was given a new firewall to configure, will be attaching the screenshot of the issue as well, its a checkpoint 1550 appliance and for some reason there seems to be an sic issue, im able to establish trust between the firewall the management server(primary) but when i click "Test SIC Status" then it shows "Peer sent wrong DN" , what on earth is going on? I tried resetting SIC numerous times but to no avail. So because of this SIC issue im not able to "get interfaces" for the topology and cannot install policy on the firewall as well!!   The error is shown above! Help!!This firewall is using R80.20 and the mgmt servers are using R80.20 as well.
Anu_Cherian
Anu_Cherian inside General Management Topics Friday
views 23052 36 2

Site to Site VPN between Checkpoint and Palo Alto Firewalls

Hi All,We have a requirement to setup Site-to-Site vpn between our Checkpoint FW and customer Palo Alto FW. I have created one, but the issue is IKE phase 2 fails. I have confirmed the negotiation parameters with my customer engineer and it looks like everything is in order. What could be the possible issue?I used VPN tu and SmartView  monitor to view but to no success. Any advices will be highly appreciatedThank you so much
Solanin
Solanin inside General Management Topics Thursday
views 112 2

Security management server (HA) upgrade R80 to R80.30

Hello,I'm looking for a doc with the best practice for upgrading security management server ( R80 to R80.30).One is the primary server, the other one is the secondary.My biggest concerns:- Is there any prerequisite before upgrading aside doing a back up.- Which server upgrading first , primary or secondary- Is there anything to after both primary and secondary are upgraded ?Kind regards

CPM_DB_SIZE Management

Hello Check Mates! I run the cpm doctor script on the management server and output suggestion is 10GB for CPM_DB_SIZE but our management is greater than this value.And CP suggests to apply actions from sk156833.When i search this SK's on the internet , I could not find anything.If you have any suggestions to decrease  CPM_DB_SIZE values without damage production environment.I really want to hear that.Regards. 
varo08
varo08 inside General Management Topics Thursday
views 207 6

Issues with a scheduled backup

Hello guys, I have a customer who is having troubles when the scheduled backup is running. Sometimes it works and sometimes it doesn´t. The partition is around 66% so it is not a /var/log partition problem. As per the sk121212, it might be the TAR version 1.26 who is caussing issues and it suggests to downgrade the version to 1.15.1. The thing is that it does not say how to do it. Can someone knows the proceed to do it? Thank you and regards. 
Juan_Concepcion
Juan_Concepcion inside General Management Topics Thursday
views 748 4 1

Remote Access VPN/App+URL Policy Enforcement when split tunneling is disabled

R80.10 ManagerR80.10 VSX with handful of virtual systems1 Virtual System is handling Endpoint Security VPN:Allow to route through gateway is setRoute through gateway is forced via global properties settingsipchicken confirm public ip is that of gatewayRule that reads:src: vpn_pooldst: InternetURL Category attempting to blockAction Block/UserCheck MessageIssue: App/URL Policy is not applied to these users even though they are routing through gateway, is this expected behavior? 

Smartconsole Admin Account - wrong password

Hi, have had a problem a few times with different versions of R80 where some admins on Smartconsole cannot login and you can see wrong password in the logs. The account is set not to expire and does not appear locked out until the enter the password a few times, problem is the user has not changed the password. You have to then logon with he original smartconsole admin and rest passwords. It happened once to all admins and couple of times with random admins.I think it might have coincided with upgrades and reboots of the management server, anyone else having this issue? 
mrl_sousa
mrl_sousa inside General Management Topics Thursday
views 481 10 2

SMS Server R80.10 Extremely Slow and Cannot login

Hi , I'm running R80.10 on my Gateways and SMS Server ( Physical Appliance).  My SMS server was running very slow for same time  and now i cannot even login in Smart Console. Can someone please help troubleshoot/resolve the issue ?Find in attach the login error, top,sar, iostat and cpview. SMS SPECS          :  -2 x CPU ; -8 GB RAM ; GATEWAY SPECS :  -2 x CPU ( 16 x cores each) ; -32 GB RAM ; Note: I'm new to checkpoint. Regards,Mauro de sousa   
Ravi_Madhu
Ravi_Madhu inside General Management Topics Wednesday
views 1950 5 3

Hitcount reset

Is it possible to reset hitcount for a rule on R80.10 via SmartDashboard ?