Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

jacneto inside General Management Topics 9 hours ago
views 16

Hit Count in R80.x

Have anyone here already reset the Hit Count in R80.x "following" sk111162 without run step1? Asking because the necessity of backup/delete the history files on the security gateways plus run cpstop/cpstart just to reset a counter sounds too much to me. Does anyone know the implication of run step 2 without 1?
libin inside General Management Topics 9 hours ago
views 175 3

Mobile Access Role for Local users

Hi all,Regarding Unified Policy for Mobile Access, if I create access role with the local users. why should I integrate identity awareness in the gateway for the access role to work since here I am calling only the local users.Is it mandatory that the gateway should always connect to the AD for the access role which has local users or only for the first time identity awareness is required?
GuilletB inside General Management Topics 9 hours ago
views 365 8

R80.10 management server with r77.30 log servers

Hi, I have for the moment two Appliances ST-150-00 Under r77.30 who are used for Network Policy manager/endpoint Policy manager/logging.I have already build 2 new open server Under r80.10 as our new manager servers only and enable the High availability. Pre-Upragde_verification is fine.My wish is to import my database from r77.30 to r80.10 but keep logs under our old Appliance. The goal is during the upgrade process to keep our old server running for production with all gateways connected on it. and after the import of the db, under new management server connect only one Gateway,  for test.1, Is it possible to have a different version Under the log server and the network Policy manager?2, which steps should be done?Many thanks for your support.
Alex_Gilis inside General Management Topics 10 hours ago
views 193 3

Integrate EPS standalone in R80.30 SMS

I believe this was addressed in the past, but I'd like to check the status on this.Since the integration of full-featured EPS into the R80.20/30 management, is there now an "easy" way to export EPS policies and packages to integrate them into an existing SMS. It would allow single management server along with log consolidation.I put "easy" between quotes because each migration is still a challenge, but I'm thinking of something along the lines of the R80.X migration tools.This is relevant to the many customers who come from the R77.30.03 world where it was necessary to maintain a separate server and could now benefit from integration.
David_Spencer inside General Management Topics 11 hours ago
views 395 11 2

in.emaild.mta high cpu usage

I'm seeing extremely high CPU usage form the in.emaild.mta that past 2 days. No significant changes have been made. Currently it's consuming %120 of cpu (5400, dual core). I've tried rebooting and failing over.  I'm not seeing much in the queue when running >tecli show emulator queue, but there are 4 items that are stack in there (we are using cloud), cloud queue is rolling through fast as well. I'm a little lost as to why the cpu usage has shot up. looking at the logs we're not seeing any significant increase in mail traffic.   fw ctl multik stat ID | Active | CPU | Connections | Peak ---------------------------------------------- 0 | Yes | 1 | 4738 | 9502 1 | Yes | 0 | 4738 | 9609     
Tbgaz inside General Management Topics 15 hours ago
views 103 2

Changing ISP - With/Without Topology

Hi,We are changing our backup ISP and we have got the process in place but just wanted to triple check that on the cluster object we select 'get interfaces without topology' after the IP change instead of 'with topology'. It's just a simple interface IP/NAT/ARP rule change. Having looked on here, it seems that 'with topology' isn't the way to go!
Tom_Cripps inside General Management Topics 16 hours ago
views 276 10

Upgrading to R80.30 has caused one fw_worker to be stuck at 100%

Hi,Since our upgrade to 80.30, our standby member in our cluster has had a fw_worker stuck at 100% cpu, it isn't a particular fw_worker it can change, when one drops another one takes it place essentially. We're also now seeing that when we attempt policy installations we lose "GAiA" in essence as is presented with the raw Bash shell as you would see if booted in maintenance mode.Anything obvious stick out to anyone?Tom
kb1 inside General Management Topics 19 hours ago
views 118 1 1

Can someone share a guide to migrate from one management server to a new one for R80.20

So the primay management server we have has been very problematic for us (its a smart-1 225 appliance ), the secondary is working fine, most of the time we would have problems with the primary as in there would be smartconsole connection issues, active/standby issues, etc so we are fed up with the server and are going to replace it with a new one, so want to know how the migration is done from the old one to new one in case im being tasked to do it, just need to be directed to the exact SK article or any other link that would show detailed steps on how to accomplish that.
Paul_Hewitson inside General Management Topics 23 hours ago
views 253 9

Upgrade Volume too small

I have an R77.30 Log server which is due for upgrade for R80.20. It is an open server on ESXi Vmware.The upgrade volume is too small to take a snapshot.a) How can I increase the "upgrade volume" sizeb) Is it automatically calculated as I cannot actually see an upgrade volumec) I imagine this is going to prevent me from performing a major version upgrade to R80.20?I can't currently replicate this as all other customer servers and my lab server have an upgrade volume larger than lv_current. If I simply add disk will this resolve itself? It may be in this state due to multiple upgrades over the years. My last resort is fresh install, but it's difficult because the box is remote.LVM overview============Size(GB) Used(GB) Configurable Description lv_current 11 6 yes Check Point OS and productslv_log 48 29 yes Logs volume upgrade 0 N/A no swap 8 N/A no Swap volume size free 12 N/A no Unused space ------- ---- total 79 N/A no Total size Expert@servername:0]# fdisk -lDisk /dev/sda: 85.8 GB, 85899345920 bytes255 heads, 63 sectors/track, 10443 cylindersUnits = cylinders of 16065 * 512 = 8225280 bytesDevice Boot Start End Blocks Id System/dev/sda1 * 1 38 305203+ 83 Linux/dev/sda2 39 1082 8385930 82 Linux swap / Solaris/dev/sda3 1083 10443 75192232+ 8e Linux LVM[Expert@servername:0]# pvsPV VG Fmt Attr PSize PFree /dev/sda3 vg_splat lvm2 a- 71.69G 12.69G[Expert@servername:0]# lvsLV VG Attr LSize Origin Snap% Move Log Copy%lv_current vg_splat -wi-ao 11.00Glv_log vg_splat -wi-ao 48.00G servername> show snapshotsCreation of an additional restore point will need 6.464GAmount of space available for restore points is 0.59G
pete_a inside General Management Topics 23 hours ago
views 90 4

Unable to update through CPUSE

I am trying to run an update to R80.10 Jumbo hotfix FA (take249) on a security management server but every time it completes it's download it immediate fails statingStatus:The package failed to download at Mon Jan 20 17:01:43 2020Reason of failure: Does not match Expected SHA1  Is this anything others have seen, or anyone potentially know what I can do to fix? Cheers,  Pete
thevvk inside General Management Topics yesterday
views 15

VPN/SSH connection disconnected during data transfer

Hi, we are using Global VPN to connect with one of our clients to access their servers but when we are trying to transfer data through Winscp application; the SSH and global VPN getting this connected as we checked, there is no restriction from client side.The same data transfer is working with mobile hotspot taghering but we are having a problem when we are using our company network.In our company, we using checkpoint Firewall(5400) and we have enabled communication to client public IP in our check point access rule. 

Ansible task failing

Hello! I am trying to add an rule to the checkpoint management server (in AWS) through Ansible.If I use the module "cp_mgmt_access_rule" it gives me the error "Relevant hotfix is not installed on Check Point server. See sk114661 on Check Point Support Center." I already installed the latest update, how can I solve this problem? Manager Node Environment: Centos 8, Ansible 2.9.2, Python 3.6.8 (Not using 2.7.9+ because of EOL)
Andreas_Aust inside General Management Topics Saturday
views 312 6 1

When will LSMcli support 1500 Appliance

Hi, is there a roadmap when LSMcli will support 1500 Appliance ?
kb1 inside General Management Topics Friday
views 83 2

Is there a way for me to find the application and associated ports being used by the firewalls?

so we have a bunch of firewall and since we dont have any records of the applications that arebeing used, im being tasked along with my colleague to find the port numbers associated with the applications used in the firewalls? we do use firemon here and i did generate a report for one of the firewalls here but i dont think it shows the ports for the applications, does firemon have that functionality if not how do i accomplish this task? i mean there are a 1000 applications or more being used and need to figure that out for each application so it definitely is a very tedious process.
inside General Management Topics Friday
views 113 1

sic status issue

Hi Everyone,      Now found one issue that the SIC status is not normal sometimes. It shows "secure internal communication is not operational with "fwi2n". Verify that SIC is initailized or was not reset".  See below picture . And recovered automatically after a few minutes. The gateway and SMC both are R80.10 version. During the issue period, can't push policy to this gateway.  I tried to rest the SIC, still face same issue.