Showing results for 
Search instead for 
Did you mean: 
Create a Post
General Topics

Have a question and you can't figure out where to post about it after reading All Products and Where to Post About Them? Post it here!

Miguel_Barrios inside General Topics 3 hours ago
views 748 4 2

How to check ThreatCloud URL Reputation?

Is there a webpage to check Check Point ThreatCloud URL, IP or domain reputation online?
Di_Junior inside General Topics 4 hours ago
views 70 5 1

Issues migrating from Cisco ASA to Check Point

Hi MatesJust to give more information about the issue I am facing with a customer network.We are migrating the infrastructure from Cisco ASA to Check Point Firewall, everything seems to be working fine but we have this problem that I need help on how I can achieve the same cenario using Check Point. We are using R80.20   There is sit-to-site VPN between the Cisco Router and Check Point. the machines on Networks C and D must communicate with the machines in Networks A and B (vice-versa) using this site-to-site VPN between Check Point and Cisco Router. In addition to that, Networks C and D must also go to the internet through the site-to-site VPN with Check Point that is connected to the internet. The site-to-site VPN tunel is closed using the Ips: X.X.X.1 from the Firewall and the Peer is X.X.X.2, in order to allow communication between the Networks A and B and Networks C and D, I am doing NAT on the Firewall. Hence, if a host on network A is trying to connect to the Host on network C, the IP of the host in the network A is NATted to the Firewalls IP (X.X.X.1) and vice-versa.So we have this cenario:Networks C and D area able to communicate with Network A and B, and they are also going to the internet through the tunel.Network A and B are able to access the internet as well using the F.F.F.2ProblemNetwork A and B are ONLY able to ping Network C and D, and nothing else. You cannot run RDP or SSH from Network A and B to networks C and D.There are some services on Network C that are published on the Internet; these services are also not working.Another issue that I will be facing too is the fact that with Cisco ASA, they have different site-to-site VPN with their partners using point-to-point links, how can I have Check Point having multiple site-to-site VPN using different interfaces. For example, there is tunnel with Cisco router using X.X.X.1 address, and another tunel with the partner using the F.F.F.1.Your help will be appreciated Thanks in advance
Gaurav_Pandya inside General Topics 6 hours ago
views 1780 11

Route Based VPN

Hi,I am trying to establish route based VPN and I have created numbered VTIs on both firewalls with help of SK113735. But traffic is going in clear text, it is not encrypting traffic. Please let me know if any other setting, creating community etc. needs to be done.
HeikoAnkenbrand inside General Topics 6 hours ago
views 17

Forum Ranks?

I just found something to ranks here: New Lithium Ranks  What factors have an impact to increase the rank?  
sebastian_tarka inside General Topics 11 hours ago
views 2496 6

Cannot re-install Check Point VPN macOS

Hello everyone!I'm facing the issue that I cannot install (re-install) the latest checkpoint version (E80.89). I also tried to install older versions but I always get the same error message (see picture as well):"Check Point Endpoint Security VPN can not be installed on this computerCheck Point Endpoint Security is installed on this computer. Please install the VPN blade as part of Endpoint Security."Before installing the latest version of Checkpoint Endpoint Security VPN, I have used the uninstaller located in /Library/Applications Support/Checkpoint...I was already looking for files which could be part of the VPN application, but I could find anymore. I hope that you guys can help me out, because I need to run this application... BR
Di_Junior inside General Topics 16 hours ago
views 85 4 1

RDP and SSH not working through a Check Point Firewall site-to-site vpn

Dear MatesI am running through a very strange behavior.I have a site-to-site VPN connecting two sites (Check Point Firewall and Cisco).The connection from site A to site B everythings works fine, but connection from site B to A only ping works the rest protocols does not work.I am doing NAT on both Sites (traffic from Site A to Site B is natted by the firewall to its interface in site B, and vice versa)Any help would be appreciated.Thanks in advance
kobilevi inside General Topics 18 hours ago
views 125 4

Gaia applaince -15600 Lab

helloi need to reclaim my network to lab, i have 2 checkpoint 15600 that connect with cluster and 1 server that manage the friewalls   what is the best practice to build this lab ?i need server that running smartdashbord too? thanks
HeikoAnkenbrand inside General Topics yesterday
views 623435 44 168

R80.x Architecture and Performance Tuning - Link Collection

  Architecture - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Logical Packet Flow) - Update R80.20+- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - Security Gateway Architecture (Acceleration Card Offloading)- R80.x - Ports Used for Communication by Various Check Point Modules- R80.x - How does the Medium Path (PXL) and Content Inspection work with R80- R80.x - ClusterXL CCP Encryption (R80.30+)- R80.x - SNI vs. enabled HTTPS Interception- R80.x - Policy Installation Flowchart  Performance tuning - R80.x - Top 20 Gateway Tuning Tips - R80.x - Gateway Performance Metrics - R80.x - Performance Tuning Tip - Intel Hardware- R80.x - Performance Tuning Tip - AES-NI- R80.x - Performance Tuning Tip - SMT (Hyper Threading)- R80.x - Performance Tuning Tip - Multi Queue- R80.x - Performance Tuning Tip - Connection Table- R80.x - Performance Tuning Tip - Elephant Flows (Heavy Connections)- R80.x - Performance Tuning Tip – User Mode Firewall vs. Kernel Mode Firewall  - R80.x - Performance Tuning Tip - Dynamic split of CoreXL in R80.40 - R80.x - Performance Tuning Tip - SecureXL Fast Accelerator in R80.20 JHF103- R80.x - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“ - R80.x - Performance Tuning Tip - SNI vs. https inspection- R80.x - Performance Tuning Tip - Control SecureXL / CoreXL Paths- R80.x - Performance Tuning and Debug Tips - fw monitor- R80.x - Performance Tuning and Debug Tips - TCPDUMP vs. CPPCAP- R80.x - High Performance Gateways and Tuning- R80.x - Falcon Modules and R80.20- R80.x - Performance Tuning - Link Collection Cheat sheets - R80.x - cheat sheet - fw monitor- R80.x - cheat sheet - ClusterXL ClusterXL - R80.20 - new ClusterXL commands- R80.20 - More ClusterXL State Information- R80.30 - ClusterXL CCP Encryption SecureXL - R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor CoreXL - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - More then 40 Cores for CoreXL- R80.x - User-Mode Firewall and performance impact Management Server, MDS and SmartConsole - R80.20 - Portable SmartConsole + Tips and Tricks- R80.10 - Syslog Exporter- R80.20 - Multiple SmartConsole sessions- R80.x   - Debug policy installation on gateway- R80.x   - MDS Upgrade failing from R80.10 to R80.30- R80.x   - Policy Installation Flowchart  Sandblast and TEX - Fortigate Firewall ICAP and Sandblast (TEX)- Symantec (Bluecoat) SG ICAP and Sandblast (TEX)- ICAP and Sandblast Appliance R80.10+ - R80.10 - Syslog Exporter- R80.10 - Bash script to show IP ranges for countrys from GeoProtection (new version)- R80.10 - GEO Location Objects in Firewall Policy (with Dynamic Objects)- R80.10 - User-Mode Firewall and performance impact R80.20+ - R80.20 - new interesting commands- R80.20 - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“- R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor- R80.20 - SecureXL - new names in "/proc/ppk/statistics"?- R80.20 - Portable SmartConsole + Tips and Tricks- R80.20 - New daemon or processes under R80.20!- R80.20 - New SecureXL path in R80.20 (CPASXL)- R80.20 - More then 40 Cores for CoreXL - R80.20 - Updatable Domain Objects and CLI Commands- R80.20 - SNI vs. enabled HTTPS Interception  R80.30+ - R80.30 - new interesting commands- R80.30 - ClusterXL CCP Encryption- R80.30 - Swiss Army Knive IPMITOOL for GAIA R80.40+ - R80.40 - new interesting commands - R80.40 - automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue- R80.40 - Dynamic split of CoreXL SND and FW  CLI - GAIA - Easy execute CLI commands from management on gateways- GAIA - Easy execute CLI commands on all gateways simultaneously- GAIA - Create snapshots or backups on all gateways with one CLI command.- GAIA - Backup all clish configs from all gateways with one CLI command- CLISH Commands in Expert Mode easier- Show VPN Routing on CLI- Show Address Spoofing Networks via CLI- Interface speed and duplex as list- "fw ctl zdebug" Helpful Command Combinations- Check Inbound and Outbound TCP Sequece Numbers on R80.20+- R80.20 - new interesting commands- R80.30 - new interesting commands- ccp_analyzer - what is it!- Check Point - HEX to IP Converter Tool?- R80.30 - Swiss Army Knive IPMITOOL for GAIA- ONELINER - process utilization per core  Script - Bash script to show IP ranges for countrys from GeoProtection (new version)- GEO Location Objects in Firewall Policy (with Dynamic Objects) More - Appliance model from CLI and dmidecode with full model list- VoIP Issue and SMB Appliance (600/1000/1200/1400)- High CPU utilization during process fwk0_dev_0 (UMFW vs. KMFW) - Password reset - Collection- One-liner collection- Check and config SSHv1 or SSHv2 on GAIA- Top100 - Check Point Terms Overview for Debug  More interesting articles and books Over the last years I had a very good cooperation and exchange of knowledge with @Timothy_Hall. Therefore I recommend you to read this book about Check Point Performance Tuning. - Max Power 2020 Why these articles I wrote my first article on R80.x firewall architecture a year ago. After many hours in the lab with R80.10, R80.20, R80.30 and R80.40 many long evenings, another approximately 40 articles were added. Because I lost the overview of my articles, here is a list of links to the most interesting articles with the topics:- R80.x performance tuning- R80.x architecture- R80.x new CoreXL, SecureXL and ClusterXL functions I hope I can help you with interesting information about R80.x! Thanks to everyone who contributed to the Checkmates forum and to the Check Point R&D guys as well as the Chackmates team and thanks to all who voted this article as Post of the Year 2019.  Copyright by Heiko Ankenbrand  1994-2020
inside General Topics yesterday
views 66 2 1

Who's Going to CPX 360 2020 New Orleans and/or Vienna?

Of course, the CheckMates team will be there.Be sure to bring your A Game to the CheckMates Zone 🙂 And the Blazepods...will be ablazing! (view in My Videos)
SUPPORT_RINGO_C inside General Topics Friday
views 1487 8 1

centrally manage a DAIP gateway

Hello Teams,My environment:I have a SmarCenter on R80.10 with public ip address, and want to centrally manage a natted 3000 series R80.10 gateway (is behind natting device router).My question:How should i create the gw object without knowing in advance its ip ? And succeed SIC communication ?Is there any method that suits for such cases ?Thanks in advance.
entsupport inside General Topics Friday
views 101 3

Commmands not executing in Management Server R80.10

Hello All,Since last 2 days every morning we are facing very strange issue. Commands are not getting executed on management server. CPU & memory utilization is also normal. After rebooting of management server the issue gets fixed but again next morning the issue arises.We have collected few of the outputs during the issue as per the TAC suggestion. Attaching the same herewith.We have logged a ticket with checkpoint TAC but they are also not able to fix this issue.Kindly help if any troubleshooting we can perform to fix this issue
inside General Topics Friday
views 1877 15 10

sk164752 - Installing DOOM on Gaia

Hello everyone, I work at one of the Checkpoint TACs. We had a little internal contest to see if we could get doom running on a Checkpoint firewall for fun. I managed to get it done and just finished the SK. Feel free to take a look at sk164752 for how it was done. It is general access so anyone should be able to view it.   Needless to say do not try this in production, you are increasing the attack surface of the operating system significantly by doing so.   Edit: It looks like management decided to make the SK internal, sorry guys. Edit2: They did ok it to be posted on checkmates though, Please see below.   Symptoms You want to run linux applications on Gaia. You need to defeat the minions of hell. Solution Please note this procedure is not supported and not secure Under no circumstances should this be done in a production environment This is a proof of concept and for fun Pre-requisites An R80.30 Gateway running the 3.10 kernel as per sk152652 A bootable Ubuntu Live image - link More spare time than sense Installing a Debian chroot Boot the R80.30 3.10 gateway from the Ubuntu Live Image Ensure the live OS has an internet connection Once booted installed debootstrap sudo apt update     sudo apt install debootstrap Create a working environment and mount the Gaia file system mkdir /home/ubuntu/installdir sudo mount /dev/mapper/vg_splat-lv_current /home/ubuntu/installerdir We will be installing Debian Jessie in the chroot, this is because Jessie runs Kernel 3.16 which is very close to the gaia Kernel 3.10. This will help ensure things run smoother. Create the chroot environment, if you choose another chroot OS be sure to change the path sudo mkdir /home/ubuntu/installdir/chroot sudo mkdir /home/ubuntu/installdir/chroot/jessie Use the following command to install Jessie this may take some time sudo debootstrap --include locales --arch amd64 jessie /home/ubuntu/installdir/chroot/jessie Once complete reboot and remove the Ubuntu installation media Prepare the Chroot To allow the chroot to properly communicate with the hardware of the machine we need to bind several mount points in the chroot, since this needs to be done at every boot I will provide a script below that binds these mounts. I placed this in the home directory of the admin user for ease of use. Start of script #!/bin/bash mount --bind /proc /chroot/jessie/proc mount --bind /sys /chroot/jessie/sys mount --bind /dev /chroot/jessie/dev mount --bind /dev/pts /chroot/jessie/dev/pts End of script Give the script the privileges it needs to run and run it chmod 755 /home/admin/ cd /home/admin ./ Create the default root users home directory mkdir /chroot/jessie/home/admin optionally you may bind the existing gaia /home/admin directory to the chroot by adding the below line to the script mount --bind /home/admin /chroot/jessie/home/admin Enter the chroot chroot /chroot/jessie Configure the Chroot Set the dns server by adding a dns server of your preference to /etc/resolv.conf with vi add "nameserver $IPgoesHere" to the file Install vim because vi is terrible, the default repositories should be able to do this. apt update apt install vim add the gaia hostname to /etc/hosts see below for an example, my hostname is DOOM The first line of /etc/hosts should appear similar below but with your hostname127.0.0.1 localhost DOOM add a complete list of jessie repositories to /etc/apt/sources.list by matching the contents below using vim Start of sources.list deb jessie main non-free contrib deb-src jessie main non-free contrib deb jessie/updates main contrib non-free deb-src jessie/updates main contrib non-free End of sources.list Update the repository list using "apt update" Create a non-root user Install sudo apt install sudo create a new non-root user (in this case doom) adduser doom follow the prompts to set the password Add the new user to the sudo group usermod -aG sudo doom   Installing the desktop Ensure the debian software selection with the following command tasksel Using the arrow keys and space bar select "Debian Desktop Environment" & "Xfce" Use tab to select OK and enter to continue. Wait for the needed packages to install (this will take several minutes) You will be prompted to select your keyboard layout during this process, do so. Once complete you will be back at the terminal Installing the desktop will have overwritten /etc/resolv.conf reset the dns server by adding a dns server of your preference to /etc/resolv.conf with vim add "nameserver $IPgoesHere" to the file Installing the desktop may have overwritten the hostname inside the chroot test the hostname to see if its changed by using the hostname command if it has changed, change it back by using the hostname command example below hostname DOOM make sure to edit the /etc/hostname file to match so it survives reboot Install xrdp apt install xrdp exit the chroot (just type exit in the terminal) add the following line to the script chroot /chroot/jessie /etc/init.d/xrdp restart This will ensure xrdp is started properly when spawning the chroot Ensure that your firewall policy is either unloaded (fw unloadlocal) or add firewall rules that allow port 3389 re-add the full repository list as per the "Configure the Chroot" section, ensure you "apt update"   Login to the GUI and install DOOM RDP to an ip of the gateway that is reachable Use the default sesman-Xvnc module Provide the username and password (do not log in with root use the non-root user we created earlier) If all went well you should see the desktop Open a terminal and install DOOM sudo apt-get install doom-wad-shareware prboom Start DOOM /usr/games/prboom Doom running on a Gaia firewall, note the xfce4 and xrdp processes running in attached screenshot.      
AlexeyB inside General Topics Friday
views 610 3 2

Command to show history of ClusterXL member status

 Here is yet another onliner for R77.xxsqlite3 /var/log/CPView_history/CPViewDB.dat "SELECT datetime(a.Timestamp, 'unixepoch', 'localtime'), a.cluster_status FROM UM_STAT_UM_SYSTEM AS a WHERE a.cluster_status <> ( SELECT b.cluster_status FROM UM_STAT_UM_SYSTEM AS b WHERE a.Timestamp > b.Timestamp ORDER BY b.Timestamp DESC LIMIT 1 );" Comand shows data for current member like  show cluster failover in R80.20:2019-11-01 15:31:03|Standby2019-12-02 15:11:15|Down2019-12-02 15:12:15|Standby2019-12-02 15:15:15|ActiveIt is better than show routed cluster-state detailedbecause it shows only real changes excluding info like Jun 16 17:33:36 Master to Master and it shows more older data 
mahesh027cse1 inside General Topics Friday
views 74 1

How to Check Point maintaining connection for GRE traffic

Hi,Can anyone please help to understand how Checkpoint firewall,  GRE through traffic handling.I am getting an issue.  GRE is configured on both end route and in between i have CheckPoint firewall.When a fail-over (primary to secondary) occurs, GRE is stop working and then i need to request with network person to bounce the Router GRE terminated physical port. I need to understand CheckPoint GRE through traffic handling, and how it maintain in connection table, i tried to find documents but no luck.Route --->CheckPoint ---> Router    
Adrian_Pillo inside General Topics Friday
views 139 2

Do you trust goole?

searching in google from a german IP for "checkpoint" or "check point" shows palo alto on firt position ... somehow strange! ok, it is advertisement for e book NGFW for dummies ....  Who believs in coincidence ???