cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Management Topics

This space is the place to ask questions about Check Point's Security Management Appliances, Security Compliance, Upgrading your Security Management to R80.x, and more!

thientq053
thientq053 inside General Management Topics 6 hours ago
views 114 3

Setup CheckPoint Security Management R80.30 on HP DL360 Gen 10

Dear all,I have a server HP DL360 Gen 10 but i cannot setup CheckPoint Security Management R80.30 on it.I use usb some vendor(kingston,adata) and DVD driver but cannot setup in Intelligent Provisioning mode of server.And when i setup by bios follow step of check point, it is not toolink : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108200Every one have exp with HP GEN 10 DL360 ? Thank you, 
prisciltetchou
prisciltetchou inside General Management Topics 13 hours ago
views 140 5

issue when generating trying to generate a candidate list with CDT

Hello All,  Please I need help to use CDT. I installed it on our SMS but I cannot generate a candidate list in basic mode. I typed the command: ./CentralDeploymentTool -generate testgen.csv IP_SMSThe only modification I made in the CentralDeploymentTool.xml file is my Email address that I added. see below the log: Thu Nov 14 10:32:52 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/ Thu Nov 14 10:32:52 2019 *E*: The SendTo setting in the CentralDeploymentTool.xml file is not empty, but an email server is not configured in Gaia. Notification email will not be sent. Thu Nov 14 10:32:53 2019 *D*: CPUSE RPM build: 1809 Thu Nov 14 10:32:53 2019 *D*: CDT process started (entered init) with these command line arguments: Thu Nov 14 10:32:53 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/ Thu Nov 14 10:32:53 2019 *D*: Executable directory: /opt/CPcdt/ Thu Nov 14 10:32:53 2019 *D*: 0: ./CentralDeploymentTool Thu Nov 14 10:32:53 2019 *D*: 1: -generate Thu Nov 14 10:32:53 2019 *D*: 2: testgen.csv Thu Nov 14 10:32:53 2019 *D*: 3: 10.224.6.43 Thu Nov 14 10:32:53 2019 *D*: CDT started with these configurations: Logger file level: 0 Screen file level: 1 Syslog level: 999 DA path: /sysimg/CPwrapper/linux/CPda/CPda-00-00.i386.rpm Max parallel remote operations: 5 Max machines in batch: -1 Last time to start a new batch: 31/12/2099 23:59 PerformCUUpgrade: 1 Restore original state: 0 Mail address: priscille.tetchou-tchonta@sogeti.com Thu Nov 14 10:32:53 2019 *A*: Central Deployment Tool (version 1.7 build #990180531) Thu Nov 14 10:32:53 2019 *A*: ====================================================== Thu Nov 14 10:32:53 2019 *A*: Current execution logs are in: /var/log/CPcdt/logs_2019-11-14-10-32-52/ Thu Nov 14 10:32:53 2019 *D*: The configured time zone is: CET Thu Nov 14 10:32:53 2019 *D*: Command Summary: Command = /bin/dbget snap:show:current:version Return code = 0 Output = R80.20 Thu Nov 14 10:32:53 2019 *D*: currentOSVersion=R80.20 Thu Nov 14 10:32:53 2019 *D*: CurrentBuild= 1809 MinimumDaBuildNumber= 1271 MaximumDaBuildNumber= -1 Thu Nov 14 10:32:53 2019 *D*: Starting parse arguments for deployment plan execution mode. Thu Nov 14 10:32:53 2019 *E*: Enter the deployment plan file path and try again. Thu Nov 14 10:32:53 2019 *N*: Total execution time: 0 hours 0 minutes 1 seconds Thu Nov 14 10:32:53 2019 *D*: CDT process ending with return code 108 Thu Nov 14 10:32:53 2019 *D*: Running /sbin/pidof CentralDeploymentTool Thu Nov 14 10:32:53 2019 *D*: Command Summary: Command = /sbin/pidof CentralDeploymentTool Return code = 0 Output = 16488 Thu Nov 14 10:32:53 2019 *D*: Split /opt/CPcdt/CentralDeploymentTool to filename CentralDeploymentTool , directory /opt/CPcdt/ Help please!!
Mark_Layton
Mark_Layton inside General Management Topics Friday
views 155 1 1

SMS log backup / archiving script?

Howdy All - we need to:archive our SMS logs for at least one yearneed to backup SMS logs daily to support a failureWe have about 20 GB a day of logs and growing, on a physical SMS server. This is similar to the direction that we have been doing:https://www.cpug.org/forums/archive/index.php/t-6952.html But want to know - Is there a better way to compress the files? Like 7zip or RAR? Gzip's compression was much larger in comparison. I see in 80.30 you can use xz which is better. I don't suspect there is a way to install 3rd party app?But really, more generally, how are others doing their SMS log compressing, backup, and archiving?  
pnorman821
pnorman821 inside General Management Topics Thursday
views 122 6

Promoting a secondary SC to be the primary SC

Hi All,I am trying to run through a process to promote the secondary SC server to be the primary SC server in the MGMT HA cluster. This is R80.20 Take 103 on both members.I have just started the process and have encountered a question/issue:[Expert@[hostname_of_sec_mgmt_server]:0]# cd $FWDIR/bin[Expert@[hostname_of_sec_mgmt_server]:0]# ./promote_utilBinding to localhost...DoneOpening database... Failed to open database in R/W mode (Management Server is not active)Is the above an expected response or is it something that needs to be fixed before continuing?I know that this is the standby mgmt server in the cluster, later on in the process it asks you to make it the the primaryThe procedure  is from the R80 Security Mgmt Administration GuideThanks, Paul Norman
Don_Paterson
Don_Paterson inside General Management Topics Thursday
views 14597 19 6

NAT Templates - SecureXL

Is it recommended to turn NAT Templates on?Why is it not on by default?[Expert@GW:0]# fwaccel statAccelerator Status : onAccept Templates : enabledDrop Templates : disabledNAT Templates : enabledNMR Templates : enabledNMT Templates : enabled

Single Management Server?

I am building out a test environment right now and have a question, can a single server act as both the management server and the Endpoint management server?  I built a VM of R80.20 and both the SmartConsole and Endpoint Console work (after enabling Endpoint blade).  Here is why I am asking, I am looking to deploy Endpoint soon, no firewall or VPN yet.  Eventually I will be adding 3 gateways and VPN access.  Do I need a stand alone management server or will the combined MGMT/Endpoint server work?  I realize this is not the best for redundancy, but I work at a very small company.  Thanks for the help.  Greg

Moving Full HA R77.30 to R80.30 distributed on new gateways and open server management

Hi Community,One of my clients currently has a Full HA environment running R77.30 on 4600 appliances. They have now purchased two 5100 appliances and a single open server to migrate from the full HA environment to the distributed environment on R80.30.Has anyone got experience with this or a recommended method? I was thinking to do a migrate export/import however would this also pull the gateway configuration given the HA setup or not? If it doesn't pull the gateway configuration then I guess I could use this export to get the new management server up and running. Then extract the clish configuration from the 4600 appliances relating to the gateways specifically to build the new 5100 gateways?Also they have a 3200 standalone appliance on R77.30 which also needs to be upgraded to R80.30, anyone know if they operate okay on R80.30 as standalone. Thanks in advance..
Jerry
Jerry inside General Management Topics Tuesday
views 288 20 1

Security Management Server is not running (after migration 77.30->80.30)

any clues what steps to take in order to bring CPM/FWM live again? few facts:   Product Name: Check Point Security Management ServerMajor version: 6Minor version: 0Build number: 993000001Is started: 0Active status: activeStatus: Security Management Server is not running [Expert@cpm:0]# cpwd_admin listAPP PID STAT #START START_TIME MON COMMANDCPVIEWD 21947 E 1 [10:56:04] 11/11/2019 N cpviewdCPVIEWS 21950 E 1 [10:56:04] 11/11/2019 N cpview_servicesCPD 21965 E 1 [10:56:04] 11/11/2019 N cpdFWD 22054 E 1 [10:56:05] 11/11/2019 N fwd -nFWM 0 T 1 [10:56:05] 11/11/2019 N fwmSTPR 22071 E 1 [10:56:05] 11/11/2019 N status_proxyCLOUDGUARD 22104 E 1 [10:56:05] 11/11/2019 N vsec_controller_startCPM 22451 E 1 [10:56:06] 11/11/2019 N /opt/CPsuite-R80.30/fw1/scripts/cpm.sh -sSOLR 22505 E 1 [10:56:06] 11/11/2019 N java_solr /opt/CPrt-R80.30/conf/jetty.xmlRFL 22560 E 1 [10:56:06] 11/11/2019 N LogCoreSMARTVIEW 22608 E 1 [10:56:06] 11/11/2019 N SmartViewINDEXER 22684 E 1 [10:56:06] 11/11/2019 N /opt/CPrt-R80.30/log_indexer/log_indexerSMARTLOG_SERVER 22730 E 1 [10:56:06] 11/11/2019 N /opt/CPSmartLog-R80.30/smartlog_serverDASERVICE 23082 E 1 [10:56:07] 11/11/2019 N DAService_script   1. migration from 77.30 to 80.30 was done based on https://community.checkpoint.com/t5/General-Management-Topics/R77-30-to-R80-10-SMS-Migration/td-p/36384  2. new SMS is on different IP address than the old one - we need to remain with new SMS on new IP address as the old one is still up&running and serves 77.30 clusters 3. goal is to have new SMS with content from old one with new Cluster. 4. wanted to reach out to TAC but 1st I believe is the so called "best practice" to ask your mates ... so I did 🙂   thanks for all your hints   Jerry
Niko
Niko inside General Management Topics Tuesday
views 228 2

Amazon Web Services Dynamic IP-Adress

Hello everyone,is there any feature for the Firewall Blade, where I can add a dynamic object for a link??Issue: A programm needs a connection to Amazon Web Services, but AWS is changing the IP-Adress about every 2 days. I´m using SmartDashboard R77.30.Thank you in advance 
Chinmaya_Naik
Chinmaya_Naik inside General Management Topics Monday
views 9814 13 3

Check Point Security Gateway freezes, crashes, or reboots randomly, core dump files are not created

CheckMates Admin Note: This document is an extract of sk31511 SecureKnowledge Article. Please refer to the SK for more details and full view of the procedure***************************************************************************************************************************************CheckPoint Security gateway freezes, crashes, or reboots randomly, core dump files are not created****************************************************************************************************************************************Due to some various cause , the security gateway may freeze or crash or during the policy installation also gateway may freeze or crash and also in such cases no such relevant information can be found on system logs.As we know that  GAIA OS can be configured to dump core file.The work of the core dump file or core file is to records the memory images of running processes and its process status like register value, etc.So whenever any failure happens then automatically core dump file is generated.But some time failure may so hard that core dump file not be generated.So to find out the root cause we need to extract the necessary information from the operating system (memory stack).NOTE :- The below procedure is not impact on performance because we simply change in the configuration of Linux Kernel.  I only demonstrated for GAIA OS (R75.40 or above) running on 32 bit or 64 bit by in proper step by step procedure.Please refer the sk31511 for below platform. NGX SecurePlatform 2.6 (R70 and above) NGX SecurePlatform 2.6 (R65 ENFv26)NGX SecurePlatform 2.4 (R60 - R65)VSX NGX R67 SecurePlatform 2.6VSX NGX R65 SecurePlatform 2.4VSX NGX Scalability Pack SecurePlatform 2.4VSX NGX SecurePlatform 2.4NG AI SecurePlatform 2.4NOTE : This procedure only supported on GAIA and SecurePlatform OS.Scenario 01 :-  Some time issue may occur on both of the Gateway.Scenario 02 :- Some time issue may occur on only one Gateway. REQUIREMENT:Serial Cable (RS232)Laptop with AdapterSHH Client for console access (PUTTY /Secure CRT/HyperTerminal/TeraTerm/ETC)NOTE :- Before we run the below procedure as I recommended to run the HARDWARE DIAGNOSTIC on problematic Gateway.Refer sk97251 for more details and also I recommended to run Interface test as well when running Hardware Diagnostics (loopback cable is required for interface test).If Hardware Diagnostics is successfully test and no issue found like all test passed then processed for the below procedure.IMP NOTE: 1. Before you start to debug mode reboot is required on the problematic security gateway and that gateway is going to Active after the gateway come up.                    2. If I do on Standby Member then Standby become Active. STEP 01 :- Need to check the Serial Terminal (ttyS0 or ttyS1)Take console access to the gateway by using serial cable and type ''w'' command in expert mode then we able to find out the output its either (ttyS0 or ttyS1)Note down serial terminal output. STEP 02 :- Check the GAIA OS  edition (32 bit or 64 bit)Now take SSH to the problematic Gateway.In CLISH mode run "show version all" and we able to find out (32 bit or 64 bit)Note down the output. STEP 03 :- Backup the  "grub.conf"file.Now take SSH to the problematic Gateway .Go to EXPERT Mode and type  "cp /boot/grub/grub.conf /boot/grub/grub.conf_backup"   3. Verify the backup file is exit or not by "ls" command on "/boot/grub/" location. STEP 04 :- Need to modify the value of  "console=" parameter  by editing the "grub.conf" file. Example: "console=ttyS0" or"console=ttyS1"Base on the 32bit or 64bit OS edition we find out below output when editing the "grub.conf" file. Example:-For Gaia OS 64-bit (R75.40 and above)title Start in 64bit online debug mode    root (hd0,0)    kernel /vmlinuz-x86_64 ro  root=/dev/vg_splat/lv_current vmalloc=256M  panic=15 console=CURRENT kdb=on crashkernel=128M@16M 3    initrd /initrd-x86_64  4. Now change the console parameter to "console=ttyS0" or "console=ttyS1"For Example:-title Start in 64bit online debug mode    root (hd0,0)    kernel /vmlinuz-x86_64 ro  root=/dev/vg_splat/lv_current vmalloc=256M  panic=15 console=ttyS0 kdb=on crashkernel=128M@16M 3    initrd /initrd-x86_64NOTE :- For 32bit OS  edition refer  "title Start in 32bit online debug mode" and rest of process are same as above.  5. Save the "grub.conf" file and type"wq!"NOTE :- In some case when we run KDB mode then sometimes we see the message like "Oops" because  USB drivers can cause conflict with KDB.So  for that please add the "nousb".Example:-title Start in 64bit online debug mode    root (hd0,0)    kernel /vmlinuz-x86_64 ro  root=/dev/vg_splat/lv_current vmalloc=256M  panic=15 console=ttyS0 kdb=on nousb crashkernel=128M@16M 3    initrd /initrd-x86_64 STEP 05 :- Connect the Laptop to the Security Gateway using a serial cable.(RS-232) Open SSH client (PUTTY /Secure CRT/Hyperterminal/Tera Term/ETC) Below is the pre-configuration before we take SSH.Data bits: 8Baud rate: Default 9600 / Depend upon the Hardware (Follow sk108095)Parity: NoneStop bits : 1Flow Control (Enable)       7.1. DTR/DSR       7.2. RTS/CTS       7.3. XON/XOFF STEP 06 :- Increase the "Scrollback buffer" size because it required for record the more information. "Scrollback buffer = 32000" STEP 07 :- Need to save the logs before you start the session.For Example:-Using Putty :- Go to Session ----   Logging -----  Select All session Output (Select the location to save the logs) NOTE :- You can also save the logs later once you run the all relevant command but I recommended to do the above step (STEP 07) before run any command to collect the logs. STEP 08 :- Reboot the Security Gateway. In Expert mode run command "reboot" and type "y" STEP 09 :- Need to enter into the Boot menu. Once we reboot the problematic security Gateway then after some time we able to see the below prompt."Press any key to see the boot menu..." [Booting in 5 seconds]At this time we need to press any key to open into the boot menu. STEP 10 :- Now we need to start the machine into the Debugging Mode. On the boot menu we able to see some option.Now base on the changes that we have done by modifying the value in "grub.conf" [refer the STEP 4]       So as per the STEP 4 , I change the value in "title Start in 64bit online debug mode" where we change the value to console=ttyS0. So I start the debug               mode by selecting the option"Start in 64bit online debug mode "   3. After start in debug mode waiting some time to load and then we able to see the login prompt then we put the login details and password for login.   4. After the login now the Problematic security gateway become Active. (Previously that gateway may be active or standby) STEP 11 :- Enable online Kernel Debugger by "echo" command.[Expert@HostName]# echo 1 > /proc/sys/kernel/kdb[Expert@HostName]# cat /proc/sys/kernel/kdb (we able to see "1" as output) STEP 12 :- Need to test that we able communicate with the kernel Debugger or not. For that we need to enter kernel debugger prompt so press one of the below command.      "Ctrl + A" , "Ctrl + C" , "Ctrl + AA" , " ESC +K+D+B" , Send a Break SignalNOTE:- Make sure that the Keyboard layout must be English, otherwise Gateway will freeze.   2. Now we able to see the kernel prompt like "kdb>" and below messages.   "Entering kdb (current=0xXXXXXXXX, pid 0) due to Keyboard Entry" NOTE :- Make sure that when we are in "kdb" prompt and no other process is running. STEP 13 :- Need to check Memory stack is display or not.Run the command "bt".For Example :-EBP        EIP         Function(args)0x8194beac 0x8011eca1 context_switch+0x81 (0x803e3980, 0x8194a000, 0x803b4000, 0x43fc, 0x8194bef4)                               kernel .text 0x80100000 0x8011ec20 0x8011ecf0 OR like this below EBP        EIP         Function(args)0x807adf80 0x80405deb apic_timer_interrupt+0x1f (0x0, 0x807ac000, 0x80403e10) STEP 14 :- Exit the on-line kernel debugger mode and enter into the regular prompt. Run the command "kdb>go" . After we able to see the regular prompt like "[Expert@HostName]#".Now on this stage, all functionality on the problematic  Security  Gateway is normal. STEP 15 :- Now we need to wait for the next freeze or crash to happen.: - Try to install the policy multiple time to check whether the gateway is going to freeze or not. IMP NOTE :- Make sure that the security gateway is connected to Laptop through the console port.:- It required because if Gateway will freeze then we directly run the required command by entering to the "kdb" mode.:- Because during the issue we have a limited time to run the required command so better we connect the laptop to the security gateway.:- If we not connect any laptop to the security Gateway then during the issue we need console access to the security gateway and run the required command and that takes some time to do so I recommended to connect the laptop still the next issue to happen. STEP 16 :- Once we face the issue like gateway freeze or crash then below command need to run. kdb>ps (Complete list of process that running in the Gateway) kdb>dmesg (To display the syslog buffer) (NOTE: Press"ENTER" till the end output because we need to copy the complete output).kdb>summery (To run kernel version memory summery)NOTE: If you have multiple CPU then need to perform the below command in the context of each CPU core.STEP 17 :-  kdb>cpu  (To check the available CPU contexts)For Example :- If we have a 4 CPU core thenkdb>cpuOutput :-Currently on cpu 0          Available cpus: 0 , 1 , 2 , 3As  we already  on  CPU 0 and need to run the below command for rest of CPU core.kdb>cpu 1 (NOTE : After  put cpu 1 command below line we able to see a message like  "Entering kdb (current0xb7c4e530, pid 0) on processor 1 due to cpu switch")kdb>bt-----------------------------kdb>cpu2kdb>bt-----------------------------kdb>cpu3kdb>bt-----------------------------STEP 18 :- Now copy all the log and save to any Notepad application for safer side and also we already configure to save the logs to a particular file location.(STEP 07) STEP 19 :- Return to normal shell kdb>go IMP NOTE :- Some time maybe you got an output like below "Catastrophic error detected""kdb_continue_catastrophic=0, type go a second time if you really want to continue""kdb_continue_catastrophic=0, attempting to continue""Kernel panic - not syncing:- In this CASE may be KDB prompt is stuck or maybe crash so in this scenario reboot the Security Gateway manually or wait some time to the gateway to crash and reboot automatically.:- Also if sometimes "bt" command does not run then go to normal mode (follow the STEP:12) and run the "bt" command again. STEP 20 :- Disable the on-line kernel debugger.[Expert@HostName]# echo 0 > /proc/sys/kernel/kdb[Expert@HostName]# cat /proc/sys/kernel/kdbNOTE :- Output show as "0" STEP 21 :- Now reboot the Security Gateway for start the machine on Normal Mode.I.[Expert@HostName]#reboot (type "y" ) STEP 22 :- Follow the STEP 09 to enter into the boot menu.Now we need the start problematic Gateway as "Normal Mode" so select "Start in Normal Mode" FINAL STEP :- Need to analyze the output (ps,bt and dmesg command) to find out the root cause.  #Chinmaya NaikNetwork Security Engineer , QOS Technology PVT LTD. , INDIA

Where can I find more information on Check Points integration to Arista MSS solution?

I just found the solution brief (https://www.checkpoint.com/downloads/Partners/arista-solution-brief.pdf) and this YouTube video (https://www.youtube.com/watch?v=WEoC7ezPbVY).
Blason_R
Blason_R inside General Management Topics Monday
views 301 6

Failed to upgrade R77.30 to R80.30 on Smart-1 210 appliance

Hi Guys,Sometime back I tried upgrading Smart-1 210 from R77.30 to R8.10. PUV showed no warning.However, it failed at POST upgrade and here are the logs I am seeing.Return code = 0Output =[2019-11-05 - 17:57:01][3233 7021]:about to copy file /etc/fstab to /etc/fstab.orig[2019-11-05 - 17:57:06][3233 7021]:/bin/dbset :save command summary:Return code = 0Output =[2019-11-05 - 17:57:06][3233 7021]:About to execute command: /bin/bash -x /mnt/fcd/post.sh upgrade /mnt/fcd >> /var/log/install_Major_R80.30_Mgmt_T200_1_detailed.log 2>&1[2019-11-05 - 17:57:06][3233 7021]:Command /bin/bash -x /mnt/fcd/post.sh upgrade /mnt/fcd >> /var/log/install_Major_R80.30_Mgmt_T200_1_detailed.log 2>&1 execution failed, exit code=1[2019-11-05 - 17:57:06][3233 7021]:Failed on Major_Post_Install_Script[2019-11-05 - 17:57:06][3233 7021]:About to execute command: /bin/mount | /bin/grep -w "/mnt/fcd" | awk '{print $1}'[2019-11-05 - 17:57:06][3233 7021]:/bin/mount | /bin/grep -w "/mnt/fcd" | awk '{print $1}' command summary:Return code = 0Output = /dev/mapper/vg_splat-lv_fcd_new[2019-11-05 - 17:57:06][3233 7021]:About to execute command: /bin/umount -l /mnt/fcd[2019-11-05 - 17:57:06][3233 7021]:/bin/umount -l /mnt/fcd command summary:Return code = 0Output =[2019-11-05 - 17:57:06][3233 7021]:About to execute command: /usr/sbin/lvremove -fvv /dev/mapper/vg_splat-lv_fcd_new[2019-11-05 - 17:57:06][3233 7021]:Command /usr/sbin/lvremove -fvv /dev/mapper/vg_splat-lv_fcd_new execution failed, exit code=5[2019-11-05 - 17:57:06][3233 7021]:Command output: Setting global/locking_type to 1File-based locking selected.Setting global/locking_dir to /var/lock/lvmUsing logical volume(s) on command lineLocking /var/lock/lvm/V_vg_splat WB/dev/ramdisk: No label detected/dev/sda: size is 3907029168 sectors/dev/md0: size is 0 sectors/dev/vg_splat/lv_fcd_GAIA: No label detected/dev/ram: No label detected/dev/sda1: No label detected/dev/vg_splat/lv_fcd_NGSE: No label detected/dev/ram2: No label detected/dev/sda2: No label detected/dev/vg_splat/lv_fcd_R75.47sg: No label detected/dev/ram3: No label detected/dev/sda3: lvm2 label detected/dev/vg_splat/hwdiag: No label detected/dev/ram4: No label detected/dev/vg_splat/lv_log: No label detected/dev/ram5: No label detected/dev/root: No label detected/dev/ram6: No label detected/dev/vg_splat/lv_SNAPSHOT_8APR17: No label detected/dev/ram7: No label detected/dev/vg_splat/lv_B4R8030: No label detected/dev/ram8: No label detected/dev/vg_splat/lv_fcd_new: No label detected/dev/ram9: No label detected/dev/ram10: No label detected/dev/ram11: No label detected/dev/ram12: No label detected/dev/ram13: No label detected/dev/ram14: No label detected/dev/ram15: No label detected/dev/sda3: lvm2 label detected/dev/sda3: lvm2 label detectedCan't remove open logical volume "lv_fcd_new"Unlocking /var/lock/lvm/V_vg_splat[2019-11-05 - 17:57:06][3233 7021]:About to execute command: lsof | grep $( dmsetup info -c | awk '/vg_splat-lv_fcd_new/ {printf("%d,%d\n",$2,$3)}') | awk '{print($2)}' | sort -u | while read pid; do kill -9 $pid; done[2019-11-05 - 17:57:17][3233 7021]:About to execute command: /usr/sbin/lvremove -fvv /dev/mapper/vg_splat-lv_fcd_new[2019-11-05 - 17:57:17][3233 7021]:Command /usr/sbin/lvremove -fvv /dev/mapper/vg_splat-lv_fcd_new execution failed, exit code=5[2019-11-05 - 17:57:17][3233 7021]:Command output: Setting global/locking_type to 1File-based locking selected.Setting global/locking_dir to /var/lock/lvmUsing logical volume(s) on command lineLocking /var/lock/lvm/V_vg_splat WB/dev/ramdisk: No label detected/dev/sda: size is 3907029168 sectors/dev/md0: size is 0 sectors/dev/vg_splat/lv_fcd_GAIA: No label detected/dev/ram: No label detected/dev/sda1: No label detected/dev/vg_splat/lv_fcd_NGSE: No label detected/dev/ram2: No label detected/dev/sda2: No label detected/dev/vg_splat/lv_fcd_R75.47sg: No label detected/dev/ram3: No label detected/dev/sda3: lvm2 label detected/dev/vg_splat/hwdiag: No label detected/dev/ram4: No label detected/dev/vg_splat/lv_log: No label detected/dev/ram5: No label detected/dev/root: No label detected/dev/ram6: No label detected/dev/vg_splat/lv_SNAPSHOT_8APR17: No label detected/dev/ram7: No label detected/dev/vg_splat/lv_B4R8030: No label detected/dev/ram8: No label detected/dev/vg_splat/lv_fcd_new: No label detected/dev/ram9: No label detected/dev/ram10: No label detected/dev/ram11: No label detected/dev/ram12: No label detected/dev/ram13: No label detected/dev/ram14: No label detected/dev/ram15: No label detected/dev/sda3: lvm2 label detected/dev/sda3: lvm2 label detectedCan't remove open logical volume "lv_fcd_new"Unlocking /var/lock/lvm/V_vg_splat[2019-11-05 - 17:57:17][3233 7021]:volume cleanup failed.[2019-11-05 - 17:57:17][3233 7021]:remaining open files:[2019-11-05 - 17:57:17][3233 7021]:failed to remove partition

Block emal to recipient in CheckPoint MTA

Hi.In our previous "Mail Gateway" I had the ability to block incoming mail to specific recipients, like inactive mailboxes and so.Doing so, the mail gateway did not need to scan the mail or relay it to the exchange server.It just dropped the mail.We are now using CheckPoint as MTA.Is there a way to do that in CheckPoint?Like a "Black List" but for internal recipients.Thanks./Tobias
Vladimir
Vladimir inside General Management Topics Monday
views 212 3

R80++ upgrade replacing topology definitions

Encountered this at one of my clients: In R77.30 they had multiple interfaces defined as "External" in topology. I do not want to debate how and if it was wrong to do so, but the fact remains that the upgrade process changed those to "this network":  

TCP start timeout per gateway / service - override global properies

Hello community,there are various timeouts set for the firewall state machine in global properties of the management domain.TCP startTCP sessionTCP endUDP virtual sessionICMP virtual sessionOther IP virtual sessionSCTP startSCTP sessionSCTP endI know that we can override the session timeouts for TCP, UDP, ICMP, other IP and SCTP by modifying the advanced properties of the service object used in the relevant firewall rule.I have a specific usecase, where I want to override the TCP start timeout, without changing it for all gateways in this management domain. Override per gateway would be nice, override per service object even better.As far as I know, this is not possible. Am I right with that? Does anyone know a way to do so?R80.30 T200 Jumbo HFA T50Thank you for your thoughts!