Showing results for 
Search instead for 
Did you mean: 
Create a Post
HeikoAnkenbrand inside General Topics an hour ago
views 166 9 8

Update R80.20+ Security Gateway Architecture (Logical Packet Flow)

Flowchart news in R80.20 and above SecureXL has been significantly revised in R80.20. This has also led to some changes in "fw monitor". There are new fw monitor chain (SecureXL) objects that do not run in the virtual machine. Now SecureXL works in part in user space. The SecureXL driver takes a certain amount of kernel memory per core and that was adding up to more kernel memory than Intel/Linux was allowing. The packet flow in R80.20+ is a little bit different from the flow lower than R80.20. Now it is possible to use async SecureXL and other new functions. This figure shows the new features with the reinjection of SecureXL packages. SecureXL supportes now also Async SecureXL with Falcon cards. That's new in acceleration high level architecture (SecureXL on Acceleration Card): Streaming over SecureXL, Lite Parsers, Scalable SecureXL, Acceleration stickiness... More informations here: R80.x Security Gateway Architecture (Logical Packet Flow) Whats new in R80.20+: Now there are several SecureXL instances possible. As a result, packets are reinjected with the new SecureXL ID into the correct SecureXL instance again after they have been allowed by access template or rule set. After the packet has been reinjected, the SecureXL ID is added to the SecureXL connetion table and the packet is forwarded to the correct SecureXL instance. Therefore the flow is slightly different to older version before R80.20. This new mechanism also offers the possibility to transfer packets into a new SecureXL instance on Falcon cards. PXL vs. PSLXL - Technology name for combination of SecureXL and PSL. PXL was renamed to PSLXL in R80.20. This is from my point of view the politically correct better term. For the new acceleration Falcon card architecture with R80.20+ and SecureXL offloading read this article: R80.x Security Gateway Architecture (Acceleration Card Offloading):
Jain_Raj inside General Topics 4 hours ago
views 135 6

Zero Downtime Upgrade From R77.30 to R80.20

As this is a season of R80 Upgrade, just sharing my experience of recent upgrades in the live environment from R77.30 to R80.20 without any service down1.Upgrade the DA Agent to the latest version2.Upload the R80.20 Image through CPUSE and verify for any errors3. In CMA cluster Properties, Select Maintain current cluster Active member4.Upgrade on the current standby FW(CPUSE) and let it Reboot5. Once rebooted, Change the Gateway Object to R80.20 version(It will change for all 3 objects)6.Install policy(Uncheck the option- For gateway clusters, if installation on a cluster member fails, do not install on that cluster)7. Check the HA in new version FW,(HA module not started or it may be Ready)8. Now do the upgrade in another gateway, During a reboot, the other pair on HA not started/Ready will become Active9.No service Interruption and the other FW will take HA Active10.Reinstall policy by again (Uncheck) the optionNow verify both status and do a final Policy Installation by "Keep Check" the actions11. Now Install the Hotfix.R80.20 Jumbo Hotfix Accumulator General Availability(Take 87)
Carlos_Arzate inside General Topics 4 hours ago
views 110 6

Vsx R80. 30

We have an environment with 2 12000 in Ha and they are VSX. It has 5 virtual instances. Ii it advisable to instala R80. 30 to improve performance? Keep in mind that every 12K has only 4 cores. Regards
Antony inside General Topics yesterday
views 78 2

application control can't block chrome remote desktop

Recently, We want to block all remote administration applications like chrome remote desktop. We enabled the application control blade in existing 4210 R77.30 and block all remote administration applications. But it seem not work.Antony
inside General Topics yesterday
views 50

TechTalk - Utilizing the Check Point API to Automate Operations

Join our next TechTalk on September 11, 2019. In this session, Rafi Zvi will talk about use of Check Point APIs for automation, covering the following topics: Learn how to work with the Check Point API to push configuration changes, automate upgrades and jumbo fix installs and manipulate the security policy. Understand how to work with the new Smart Dashboard Extensions to populate relevant 3rd party data. Monitor and query the CPView database to visualize critical resource and performance data over time. Register here Rafi Zvi brings over 20 years of experience in the technology sector to the BackBox leadership. He has grown BackBox to become a global player and a leading provider of solutions for automated backup and recovery software for network and security devices.
HeikoAnkenbrand inside General Topics yesterday
views 2967 6 1

When does the R80.40 EA phase start?

Is there any information about R80.40 EA? When does the EA80.40 EA phase start? Regards Heiko
Yoni-Indeni inside General Topics yesterday
views 165 4

Are you in an R77.30 Upgrade Rush?

A few months ago, the vast majority of Check Point firewalls out there were still running R77.30*. As the time progressed, we slowly saw people upgrading their firewalls to R80.10 and later. However, in the month of August, we saw a massive acceleration in upgrades**, in anticipation of the End of Support for R77.30 in September.This raised a few questions:1. Why are so many people waiting for the last minute to upgrade? Some may even go beyond the Sep 30th date.2. What can be done to avoid this from happening again in the future? ---------------------------------* Our data comes from Indeni Insight, which receives non-confidential data about the devices in use by our customers. These are mostly large enterprises in North America, with deployments of at least 100 firewalls.** Massive acceleration: 40% of all upgrades to R80.20, up to Aug 15 2019, occurred in the first two weeks of August. Again, this is based on just our data.
inside General Topics yesterday
views 1681 12 5

R80.30 – default version (widely recommended)

As of today, R80.30 take 200 with Jumbo Hotfix Accumulator take_19 (as described in sk153152) is the default version (widely recommended) for all deployments. This version is available for download via CPUSE and from the R80.30 home page (sk144293). Thanks, Release Management group.
Jessie_Rich inside General Topics Saturday
views 87 3

Internal firewall anti-spoofing

I have 2 networks separated by a firewall and then a internet facing firewall. I am getting anti-spoofing alerts on traffic passing through my internal firewall from the internet.Topology looks something like thisNetwork-A >>> InternalFW >>>> Network-B >>>>> internetFW >>>>>> InternetOn the Network-B facing interfaces on both firewalls I have only my Network-B networks defined in the topology. I assume on the InternalFW I need to add the internet to the topology on the interface connected to Network-B? To not mess up anti-spoofing on the internetFW I assume I would create separate network groups for my topology on the internal and internet firewalls?Thank you for any advice you can give.
inside General Topics Saturday
views 9728 8 16

White Papers Publishing Project

Hi CheckMaters, As you may have mentioned, we are currently in the process of publishing white papers created by our Security Engineers around the globe. These documents cover various products, implementation scenarios, features and configuration details. Here is the list: Name Link A deeper dive into FQDN Objects CDT and Blink Guide to configure logging to SolarWinds LEM SIEM Configuring R80.10 GW to send logs to Log Analytics Restoring a large MDS environment in VMware from mds backup Recovering a file from Gaia Snapshot Integrating Custom IOC Feeds RulebaseExporter/RulebaseImporter Cloud Guard: Automated firewall Cluster Deployment with auto-scaling option Log cleaning rule Deploying Auto Scaling CloudGuard gateways in Azure using VM Scale Sets Tufin integration with Check Point R80 Integration of Gemalto’s MobilePass+ Secure MFA and Managed Identities with the Check Point Firewall Mobile Access Blade as an IT Automator Protecting IoT (Internet of Things) implementations with R80.10 and later Unified Policy, Protocol Signature, and Segmentation Integration with Splunk Phantom Check Point and LogRhythm: Integrated Enterprise Security ClearPass & Checkpoint utilizing RESTful API and RADIUS Accounting Azure Deployment Leveraging Capsule Docs and DLP to provide IRM Advanced Migration to R80.x Quick Guide Updating Legacy DHCP Relay To Be R80.10 Ready Protect ICS SCADA URL Filtering using SNI for HTTPS websites Using AD certificates for outbound SSL inspection Deploying CP GW/MGMT with gcloud shell Publishing SmartConsole as a RemoteApp Reducing False Positive DLP CGSaaS CloudGuard SaaS Threat Prevention Managing Threat Prevention IoCs Introduction to Management CLI and JQ Endpoint Policy Server in DMZ Deploying Endpoint clients via GPO Adding a CloudGuard Cluster into an existing AWS Environment AAD compared to NIST Logging OSPF transitions with syslog Deploying SMS & a cluster on Azure Management upgrade workbook Azure Service Principal Configuration Phantom integration Custom SmartEvent Reports Updating Endpoint Client Version from EndPoint Management Server Healthcare: Mobile Security Mobile Security Configuring NAT64 for Internet Access in R80.20 Importing Custom IOC’s in Smart Console R80.20 URL Filtering Best Practices for Large Scale Deployment SMB Technology Guide Deploying 1200R Security Gateway with Zero Touch Cloud Service SandBlast Cloud Office 365 to CloudGuard SaaS for Office 365 Migration TWC/Spectrum VOIP with SMB appliances Customer User Center Basics and Strategy How to Batch Categorize URLs Security Zones How to configure Client Authentication in R80.20 HTTPS Inspection with Cisco Umbrella Integration of Check Point Identity Collector and Cisco ISE SMS and EPM log integration using SmartLog Getting out of CPUSE Jumbo Jail Distributed IPS Integration with Extreme Networks Network Access Control (NAC) Configuring Check Point Security Gateway with an IPv6 Tunnel Broker Updating 1200R Firmware with a USB Stick Security Management Server Migration from R65 to R80.20 Ansible Deployment Guide for Check Point Minimizing SBA Notifications with Check Point GuiDBedit Using RADIUS Authentication for Remote Access VPN Check Point Compliance Checking with Secure Configuration Verification Check Point Configuration with Radware (Alteon) SSL Decrypt & URL/UserCheck Logging & Monitoring, Events & Reports with R80.10 VSX Migration - Moving one VS at a Time R80.20 Endpoint initial Configuration and Setup (CP4B Series) Absolute Beginner’s Guide to R80.x Site to Site VPN in R80.x Implementing Non-FQDN Domain Objects Utilizing GeoProtection and Updatable Objects Within the R80.20 Rulebase Inline Layer Policy Best Practice More documents to come!
MattDunn inside General Topics Friday
views 332 9 4

R80.30 - A Good News Story

A few days ago I upgraded a customer from R80.10 to R80.30. They are very pleased with the improvements in SmartView, and also shared this SNMP graph with me of the difference in gateway CPU utilisation. I thought it was worth sharing with you all. See if you can spot what time I completed the upgrade? Quite remarkable! 😀
inside General Topics Friday
views 5117 12 12

Identity Awareness Agents SK with direct links - published!

Hi CheckMates,I have published a new SK for Identity Awareness agents with direct links and list of resolved issues for your use.The SK is sk134312.It includes the following agents:Identity CollectorIdentity Agent – FullIdentity Agent – lightIdentity Agent for MACTerminal Server Agent.We will update this SK from time to time with new versions after they will be QAed.In case you have remarks or any clarification is needed - I'm here to answer.Thanks,Royi PriovTeam Leader, Identity Awareness R&D.
inside General Topics Friday
views 121 2

A new GA SmartConsole (Build #08) for R80.30 is available.

A new GA SmartConsole (Build #08) for R80.30 is available. Please refer to sk153153. Release Highlights: Resolved issue - On Windows 10 with .Net framework 4.8, the view is not properly updated after scrolling up or down the name column in lists, combo box, pickers etc. For full content - Please refer to sk153153. Thanks, Release Management Group
inside General Topics Friday
views 1230 2 1

White Paper - Security Management Server Migration from R65 to R80.20

Author @Michael_Massa Abstract: Customers with legacy versions of Check Point still exist and the reasons for this can be as varied as the customers themselves. Whatever the reason the security implications of not upgrading are too great to ignore. The document is providing steps by step instructions for migrating R65 Security Management Server to R80.x. For the full list of White Papers, go here.
Wolfgang inside General Topics Friday
views 72 1

Policy Based routing, NAT issue

Hello checkmates,I had a problem with PBR (plicy based routing) and hide NAT.We defined an automatic hide NAT on a network object with option hide behind gateway. Hide NAT works as expected,Depending the routing configuration, IP-address from interface eth0 or eth1 is used as NAT address.But if we use PBR for this network the IP-address of the interface regarding the default route is used as NAT address. Does the option "hide behind gateway" uses the outgoing interface IP as NAT address or depends this NAT address of the configured static-routes and the interface this route is directed?Is there something different with PBR and hide behind gateway NAT? ThanksWolfgang