cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Wang
Wang inside General Topics 2 hours ago
views 21 5

This error was encountered while restoring SystemBackup in R77.30's GUI

Hello, engineers, can someone help me with this problem?Thank you very much!
Wang
Wang inside General Topics yesterday
views 88 8

Number of VPN tunnel connections

Hello, engineers, which engineers can help me solve this problem? The tunnel that the user establishes through the VPN client, does a user have only one tunnel?Thank you very much!
Danny
Danny inside General Topics yesterday
views 5344 38 30

DiagnosticsView - CPInfo Viewer

DiagnosticsView is a new Support Debug Tool for Check Point Support Engineers.It's a Windows application that replaces InfoView and offers a graphical representation of collected data from CPInfo.It's layout is highly adjustable and features the general R80 style. Panels can be re-sized, dragged and re-arranged.Thanks Check Point for developing such helpful tools for everydays support routines. InfoView was long outdated.
Fedor_Agafonov1
Fedor_Agafonov1 inside General Topics yesterday
views 4

Threat Emulation Terminating VM due to error: failed to start tap interface

Hi,After update image on sandblast appliance T250 gaia R80.20, VM not start. Error: Terminating VM due to error: failed to start tap interfaceEmulator log:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244', Run: 1, Priority: normal (0 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d', Run: 1, Priority: normal (1 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '5e5de275-a103-4f67-b55b-47532918fa59', Run: 1, Priority: normal (2 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '5e5de275-a103-4f67-b55b-47532918fa59HPS', Run: 1, Priority: normal (3 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 12 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 12 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason: Failed to create VM for Win7 64b,Office 2010,Adobe 11[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 13 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 13 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 1, reason: Failed to create VM for Win7,Office 2013,Adobe 11[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59HPS' () by: 40, reason:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: creation. is_hps=1[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 14 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 14 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59HPS' () by: 1, reason: Failed to create VM for[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 40, reason:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 15 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 15 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason: Failed to create VM for Win10 64b,Office 2016,Adobe DC Thanks.
sajin
sajin inside General Topics yesterday
views 24 2

IPS Blade is preventing but not enabled

I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades. Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.Firewall- R80.10
Miguel_Barrios
Miguel_Barrios inside General Topics yesterday
views 18 1

How to check ThreatCloud URL Reputation?

Is there a webpage to check Check Point ThreatCloud URL, IP or domain reputation online?
Serhii_Yaholnyt
Serhii_Yaholnyt inside General Topics yesterday
views 524 5

Route Injection Mechanism and its features(bugs?)

Hi all. I am trying to configure RIM in Site-to-Site VPN. I have a remote peer with VPN domain 10.248.0.0/24. I am trying to advertise remote peer's VPN domain to local OSPF. I have enabled Route Injection Mechanism in my VPN community and got such a result:S 0.0.0.0/0 via 10.0.1.2, eth0, cost 0, age 8119C 10.0.1.0/24 is directly connected, eth0K 10.248.0.1/32 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.2/31 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.4/30 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.8/29 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.16/28 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.32/27 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.64/26 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.128/29 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.136/30 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.140/32 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.142/31 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.144/28 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.160/27 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.192/26 via 10.0.1.59, eth0, cost 0, age 559C 10.249.0.0/24 is directly connected, eth2C 127.0.0.0/8 is directly connected, loI can redistribute these routes to OSPF but why Checkpoint shows all these networks instead of 10.248.0.0/24?To reduce number of routes I have agregated them to a 10.248.0.0/24 and redistributed routes to OSPF from agregation. But on my Checkpoint gateway agregated route has a 'is a reject route' description:S 0.0.0.0/0 via 10.0.1.2, eth0, cost 0, age 8873C 10.0.1.0/24 is directly connected, eth0K 10.248.0.1/32 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.2/31 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.4/30 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.8/29 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.16/28 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.32/27 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.64/26 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.128/29 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.136/30 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.140/32 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.142/31 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.144/28 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.160/27 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.192/26 via 10.0.1.59, eth0, cost 0, age 41A 10.248.0.0/24 is a reject routeC 10.249.0.0/24 is directly connected, eth2C 127.0.0.0/8 is directly connected, loWhat does it mean? Is such work of RIM correct? It looks very strange...
Valeri_Loukine
inside General Topics yesterday
views 237 6 5
Admin

White Paper - URL Filtering using SNI for HTTPS websites

Author @Kevin_Jones Abstract The document describes how to leverage Server Name Indication (SNI) when using URL Filtering Software Blade.
Daniel_Taney
Daniel_Taney inside General Topics yesterday
views 31

R80.20 Take_74 GA Release Date?

I was just wondering if anyone at Check Point has an idea when R80.20 Take 74 HFA may be released as "GA"? It looks like its been listed as Ongoing for over a month now. I have some new Gateways that will be getting deployed in two weeks and would prefer to deploy with the latest, not Ongoing, HFA. Edit: I forgot to add... one reason for specifically wanting Take 74+ was that we experienced a stability issue with R80.20 in the current HFA that required a Hotfix. So, we'd really prefer to not have to deploy new HW with a Hotfix if it can be avoided. Thanks!
Kul
Kul inside General Topics yesterday
views 132 8

can ping internet but unable to browse

Hello everyone ,i would appreciate if anyone could suggest some solutions . I have configured firewall in bridge mode.It is in distributed system running R80.10 in both management and firewall.I have this issue of not being able to browse but i can ping internet and the logs shows the traffic as accepted .When i bypass firewall it works fine.All hot fixes and licenses are aligned and there is not issue with it.Below is the troubleshoot summary:-- Checked for the drops on firewall but not getting any logs for the test machine.-- Firewall is accepting the traffic and it is reaching to isp router as well but the communication is not happening.-- Ping is happening properly but unable to access the same is browsers.-- Disabled threat prevention blades, application and url filtering blade but the same issue.-- Then enabled blades again, still the same issue.-- You have checked with isp router by directly connecting the desktop, then you are not facing any kind issues while accessing. -- Created one more profile, installed the policy but no luck.
John_Colfer
John_Colfer inside General Topics yesterday
views 111 5

Update SSH client on Checkpoint

Hi FolksI put a cisco switch into an environment and enabled sshV2 on the switch. We have ssh access to the firewall, so my idea was SSH to the firewall and then ssh from the firewall to the switch. However when I try this I get the below error:"no kex alg"I did some googling and found that this is usually due to an out of date ssh client and that the client should be updated.Is there any way to update the SSH client on Checkpoint or is there a workaround for this issue?Thanks in advanceJohn
Yifat_Chen
inside General Topics yesterday
views 37 1
Employee+

R80.10: New Jumbo Hotfix (Take 203) GA-Release

R80.10 Jumbo HF Take #203 was released as our GA take (replaced take 189) on May 13 This take is available for download to all via CPUSE (as recommended) and via sk116380.
Yifat_Chen
inside General Topics yesterday
views 240 1 2
Employee+

New Jumbo Hotfix (Take 203) Ongoing Release

A new Ongoing Jumbo Hotfix Accumulator take for R80.10 (take 203) is available. Please refer to sk116380. R80.10 JHF Take #203 content: Issue # Resolved Issue Description MTR-31335 Added support for 6500 and 6800 appliances. Refer to sk139932. PMTR-33029,SMCPOL-195 OSE policy cannot be viewed without installing it on device. PMTR-29497,PRHF-1960 Manual changes in INSPECT files under $FWDIR/lib directory of compatibility packages are not synchronized from active to standby Management servers. Refer to sk143792. PMTR-29584,PMTR-29856,PMTR-29855 Policy installation fails with "IPv6 addresses domain is not supported for Remote Access VPN community" message when using Domain object in Remote Access encryption domain.Refer to sk142832. PMTR-29921,PMTR-28958,PMTR-29923 "Error retrieving results" message is displayed in SmartConsole after searching for unused objects in Object Explorer. PMTR-23744, MCFG-80 Unjustified validation error is displayed when installing Threat Prevention policy on Cluster object: "Threat Prevention requires topology to be defined.At least one internal, one external, and no undefined interfaces are required.Incorrectly defined topology impacts performance and security.Please install both Access Control and Threat Prevention policies after fixing the topology." PMTR-28643,PMTR-28557 In some scenarios, running the fwm sic_reset command from Domain fails with "reset_objects: updateMultiple failed" message. Refer to sk142512. PMTR-17991,PRHF-359,PRHF-714 In some scenarios, the Interpreter process stops working. Refer to sk132892. PMTR-21787 CPView is not supported on Multi-Domain Security Management environments. PMTR-8603,PMTR-30286 Multi-Domain Management GUI randomly does not reflect the Domain Management objects change. PMTR-31520,PMTR-31800 When using the "add/set simple-gateway" API command and specifying backup log servers, the input servers are not saved in the same order as listed in the request. PMTR-34013,API-595 Number of sessions in "Changes" list does not match the value of 'total'. PMTR-28058,PMTR-31248 When an administrator publishes session for a different administrator, the name of the administrator that invoked the action will be written in the audit logs as the publisher. PMTR-12448,PMTR-12430 When searching in the SmartConsole main search bar for network groups we can see some number of network groups, but the search inside the Logical Server object shows the different number of Logical server objects groups. PMTR-30570,IDA-1120 Group update request is sent specifically to the originator LDAP server even if it is down. Refer to sk127833. PMTR-21207,PMTR-20424 In rare scenarios, Security Gateway runs out of kernel memory and may stop processing traffic, printing "double record of connection" message in /var/log/messages file. Refer to sk143432. PMTR-31314,PRHF-2244 In some scenarios, TCP state information is not displayed in the log despite being enabled in SmartConsole. PMTR-21080,UP-251 A large number of Time objects used in the rule base may cause rulebase matching failures resulting in connectivity issues. PMTR-17490,PRHF-642 When working with NAT on DNS payload and having disabled NAT rules, NAT on DNS payload may not work. Refer to sk132032. PMTR-28414,PMTR-30657 When X-Forwarded-For (XFF) settings are enabled on one of the policy layers or/and on the Security gateway object, the/var/log/messages file shows errors related to asynchronous identity fetch. Refer to sk145673. PMTR-11999,PMTR-3286 In some scenarios, creation of a new gateway upgrade to R80.10 fails with "An internal error has occurred. (Code: 0x8003001D, Could not access file for write operation)" message. PMTR-25755 In some scenarios, IPS purge makes a deadlock for some GUI clients, resulting in "Timeout error" error. PMTR-31100 In some scenarios, extracted Microsoft Azure files contain only blank pages. PMTR-24066,PRHF-134 Non-ASCII named files cause the undecoded non-ASCII characters to appear in the Threat Emulation log. PMTR-27876,AVIR-370 Traffic from the client to the bogus IP address is handled according to the Access Control policy, but not logged as "prevented". Refer to sk141853. PMTR-30608,PMTR-29583 In rare scenarios, when the Log server miscalculates the available disk space, it may stop receiving logs from the connected gateways and cause the logs to accumulate locally on the Security gateway. Refer to sk146152. PMTR-30217,TPM-1378 "A general error has occurred" message appears when trying to edit the IPS Protection settings. PRHF-523,PMTR-16583 Some SMTP-related IPS Core Protections remain enabled despite the IPS is disabled. PMTR-31135,SA-99 Mobile Access Portal Agent installation page is vulnerable for XSS attack in Chrome and Firefox. PMTR-15461,PMTR-21043,PMTR-28348 Added support for i40evf driver. PMTR-22503,MB-166,PMTR-28064 In some scenarios, virtio_net is not able to run multiqueue. PMTR-35032 Important security update for IPSec Site-to-Site (S2S) VPN. PMTR-27144,02657434 Improved connectivity with 3rd party VPN peers using IKEv2. Refer to sk120835. PMTR-30870,PMTR-21587 Connectivity improvements for certain Windows L2TP client versions. Refer to sk145895. PMTR-19379,PMTR-23292,PMTR-23293,02031663 The CLISH command "show arp table dynamic all" and Bash command "arp -an" show different entries.Refer to sk112753. PMTR-15738,PRHF-270 In some scenarios, routed process stops working when a VPN tunnel interface is deleted without removing the dynamic routing protocols. PMTR-18254,PMTR-18255EPS-17135 In some scenarios, SmartEndpoint shows different numbers of reported "Anti-Malware signature was not upgraded in the last 72 hours" between the warnings and the Active alerts section. PMTR-32542,PMTR-32187 After new Domain creation, logs from this Domain are not seen in SmartConsole. PMTR-28470,PMTR-329 Before R80.10 Jumbo Hotfix Accumulator Take 189, the Probing feature is set, by default, to Fail Open. From Take 189, the default behavior is changed to Fail Close. Refer to sk104717. Thanks Release Managers Groups
Danny
Danny inside General Topics yesterday
views 1855 8 18

Max Power (max) - Fix me beautiful

max is a community driven health, security and performance optimization script. GPL licensed. Installation (expert mode) or download: curl_cli http://dannyjung.de/max | zcat > /usr/bin/max && chmod +x /usr/bin/max Spoiler (Highlight to read) Changelog 0.1 - Initial Release (Early Availability) 0.2 - Added checks for address spoofing, stateful inspection Changelog 0.1 - Initial Release (Early Availability) 0.2 - Added checks for address spoofing, stateful inspection The script name is referring to Check Points Maximizing Network Performance guide and Tim Hall's Max Power Firewalls book, which (together with Michael Endrizzi's free CoreXL training) inspired me to start this accompanying project. As Valeri Loukine mentioned in his Gateway Performance Optimization post, it's a tough challenge to master. This script is here to help.
kobilevi
kobilevi inside General Topics yesterday
views 65 4

Peak bandwith on interfaces?

Hello i have 2 check point in cluster and i want to check peak bandwith history on the interfaces ? can someone help?Tanks