cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Jeff_Gao
Jeff_Gao inside General Topics 11m ago
views 2621 17 1

Physical memory is high

Dear all      My CP23500 is 16G  memory and traffic is low.but memory is high,as follow:This is why?Thanks!
Kunal_Parikh
Kunal_Parikh inside General Topics 2 hours ago
views 16098 4 1

Dynamic Objects (URL)

What is best approach to allow connection to Microsoft Azure/AWS, when destination URL are hosted in cloud and does not have fixed IP. If I don't want traffic to go via proxy, does checkpoint support destination URL's ? I have read about dynamic objects and have also read it causes high CPU but not sure if it is best practice.
mbsm
mbsm inside General Topics 4 hours ago
views 16

Identity Collector Users unable to browse to internet

Hi,We successfully implement Identity Collector and working on R80.30. But we encounter an problem, the user is connected thru the WiFi and able to browse the internet but when the user disconnect to WiFi then connect thru LAN cable the user unable to browse the internet. By the way, the network of the WiFi is different to the LAN. Our workaround is login thru captive portal or restart the laptop.Is there a solution for this issue? Or is this a limitation of the Identity Collector? Appreciate your answers,
KE
KE inside General Topics 6 hours ago
views 41 1

Client authentication user has to re-authenticate after every policy install

Checkpoint Gaia R77.30 ClusterXLClient authentication user has to re-authenticate after every policy install.The client_auth table is cleared after every install.Any idea?Thanks! 
Shurik
Shurik inside General Topics 6 hours ago
views 12

Stats/Monitor each VPN Tunnel

Hello guys,We have about 100 VPN tunnels (site-to-site). Would like to accomplish:1. Would to capture statistics (OID) of each VPN tunnel, and see throughput of each tunnel on our monitoring system (not the summary).2. Is there a way we can get alerts (status of VPN) tunnel in case it's down? Looking to get OID - status of each VPN tunnel. I've contacted the support team a few times, unfortunately, didn't get any meaningful answer. Thank you!
Vengatesh_SR
Vengatesh_SR inside General Topics 7 hours ago
views 904 8 1

Vulerability#CVE-2007-4752

Hi Team,We are getting the below vulnerability for the checkpoint.  Name : OpenSSH X11 Cookie Local Authentication Bypass Vulnerability (openssh-x11-cookie-auth-bypass)    Description :ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.OpenBSD OpenSSH < 4.7Download and apply the upgrade from: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSHWhile you can always build OpenSSH from source, many platforms and distributions provide pre-built binary packages for OpenSSH.These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.-----------------------------------------------------------------We have the take installed is take_286.From the above description, I can find the CVE associated for the vulnerability is #CVE-2007-4752.From the #sk65269, I can see the comments given is Not vulnerable. So it means checkpoint devices are not vulnerable for this vulnerbaility ??Regards,Vengatesh SR
Wang
Wang inside General Topics 8 hours ago
views 60 5

How to configure QOS based on user?

Hello, engineers, how to configure QOS based on user?Thank you very much for your support.
Gsharma61234
Gsharma61234 inside General Topics 10 hours ago
views 89 3

checkpoint not booting

Hi All, I do have checkpoint 4600.recently it was upgraded successfully from R75.40 to R77.10 then R77.10.From yesterday i am unable to login to the device.its giving me below error.I believe its not booting.Please let me know,how to resolve this issue.Apart from this i am not getting any option on putty CLI.   Reboot and Select proper Boot deviceor Insert Boot Media in selected Boot device and press a keyIntel(R) Boot Agent GE v1.3.53Copyright (C) 1997-2010, Intel CorporationPXE-E61: Media test failure, check cablePXE-M0F: Exiting Intel Boot Agent. 
Niklas_Davidsso
Niklas_Davidsso inside General Topics yesterday
views 431 19

New Core Switch - Failure

Hey There So we are runing a Old Cisco Nexus 5000K Switch stack, Checkpoint 15000 <> N5KSwitches <> N5KSwitches <> Checkpoint 15000the 15000 is runing VSXWorked pretty good. So this year we got new Cisco Nexus 9000K Switch, and today we tried to move them Moving Firewall, no big issue and we connected it up to the 9000 and it reconncted with the other FIrewall and they connect to eatcher, we move the active firewalls from the firewall connected to the N5K switch to the firewall connected N9K switch.  And everything is working But when we move the Firewall still conncted to N5K switch to the N9K, they start going active  standby down and as soon as Firewall 1 has done this Firewall 2 will go active standby down and so on.  so the network works for 3-4 minutes then highlatancy and then works 3-4 minutes rinse and repeat. Anyone seen this before? //Niklas   
bsb
bsb inside General Topics yesterday
views 27

header to identify inbound original ip after nat hide nat

Hi, below is the scenarioInternet -- > Checkpoint Firewall (any internet Nat'd to firewall external interface ip hide nat) ---- > Load balancer -- > backend serverNeed to identify the inbound public ip post performing Nat in checkpoint firewall for analysis.Is there a way to see this original inbound public ip in packet captures with different header name like xff etc....thanks BSB  
Raphael_V
Raphael_V inside General Topics yesterday
views 3595 2

Legacy Auth (User Auth, Client Auth) on R80.10 gateways

Hey everyone,does anybody know if Legacy Authentication (User Auth and Client Auth) is still supported on R80.10 gateways?We updated one of our clusters today from R77.30 to R80.10 and are facing some very strange behaviour.We have a rule with a "Legacy user at location" object (location are all our internal networks) as a source object and User Auth as action.After the upgrade to R80.10 the "Legacy user at location" object in the source is now ignored and seems to behave like "ANY".The release notes from R80.10 does only state that"Session Authentication and UserAuthority are replaced by Identity Awareness."but nothing regarding User Auth or Client Auth.(Yes, we will move away from these authentication methods...)Thanks and best regardsRaphael
Vladimir
Vladimir inside General Topics yesterday
views 636 1 2

Need for new URL category for "User Awareness Training"

How can we request a creation of the new URL category? In particular, I'd like to have a new general category called "User Awareness Training" to be available and to have an option of bulk URL submits for Check Point to properly categorize the likes of KnowBe4 training phishing URLs. I am sure that my situation is not unique and at least half of my clients using them or similar products. Regards, Vladimir 
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics yesterday
views 618542 33 139

R80.x Architecture and Performance Tuning - Link Collection

I wrote my first article on R80.x firewall architecture a year ago. After many hours in the lab with R80.10, R80.20, R80.30 and R80.40 many long evenings, another approximately 40 articles were added. Because I lost the overview of my articles, here is a list of links to the most interesting articles with the topics:- R80.x performance tuning- R80.x architecture- R80.x new CoreXL, SecureXL and ClusterXL functions I hope I can help you with interesting information about R80.x! Thanks to everyone who contributed to the Checkmates forum and to the Check Point R&D guys as well as the Chackmates team and thanks to all who voted this article as Post of the Year 2019.  Architecture - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Logical Packet Flow) - Update R80.20+- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - Security Gateway Architecture (Acceleration Card Offloading)- R80.x - Ports Used for Communication by Various Check Point Modules- R80.x - How does the Medium Path (PXL) and Content Inspection work with R80- R80.x - ClusterXL CCP Encryption (R80.30+) Performance tuning - R80.x - Gateway Performance Metrics - R80.x - Performance Tuning Tip - Intel Hardware- R80.x - Performance Tuning Tip - AES-NI- R80.x - Performance Tuning Tip - SMT (Hyper Threading)- R80.x - Performance Tuning Tip - Multi Queue- R80.x - Performance Tuning Tip - Connection Table- R80.x - Performance Tuning and Debug Tips - fw monitor- R80.x - Performance Tuning and Debug Tips - TCPDUMP vs. CPPCAP- R80.x - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“- R80.x - High Performance Gateways and Tuning- R80.x - Falcon Modules and R80.20- R80.x - Performance Tuning - Link Collection Cheat sheets - R80.x - cheat sheet - fw monitor- R80.x - cheat sheet - ClusterXL ClusterXL - R80.20 - new ClusterXL commands- R80.20 - More ClusterXL State Information- R80.30 - ClusterXL CCP Encryption SecureXL - R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor CoreXL - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - More then 40 Cores for CoreXL- R80.x - User-Mode Firewall and performance impact Management Server, MDS and SmartConsole - R80.20 - Portable SmartConsole + Tips and Tricks- R80.10 - Syslog Exporter- R80.20 - Multiple SmartConsole sessions- R80.x   - Debug policy installation on gateway- R80.x   - MDS Upgrade failing from R80.10 to R80.30 Sandblast and TEX - Fortigate Firewall ICAP and Sandblast (TEX)- Symantec (Bluecoat) SG ICAP and Sandblast (TEX)- ICAP and Sandblast Appliance R80.10+ - R80.10 - Syslog Exporter- R80.10 - Bash script to show IP ranges for countrys from GeoProtection (new version)- R80.10 - GEO Location Objects in Firewall Policy (with Dynamic Objects)- R80.10 - User-Mode Firewall and performance impact R80.20+ - R80.20 - new interesting commands- R80.20 - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“- R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor- R80.20 - SecureXL - new names in "/proc/ppk/statistics"?- R80.20 - Portable SmartConsole + Tips and Tricks- R80.20 - New daemon or processes under R80.20!- R80.20 - New SecureXL path in R80.20 (CPASXL)- R80.20 - More then 40 Cores for CoreXL - R80.20 - Updatable Domain Objects and CLI Commands R80.30+ - R80.30 - new interesting commands- R80.30 - ClusterXL CCP Encryption- R80.30 - Swiss Army Knive IPMITOOL for GAIA R80.40+ - R80.40 automatically changes the number of CoreXL SNDs, Firewall instances and the Multi-Queue CLI - GAIA - Easy execute CLI commands from management on gateways- GAIA - Easy execute CLI commands on all gateways simultaneously- GAIA - Create snapshots or backups on all gateways with one CLI command.- GAIA - Backup all clish configs from all gateways with one CLI command- CLISH Commands in Expert Mode easier- Show VPN Routing on CLI- Show Address Spoofing Networks via CLI- Interface speed and duplex as list- "fw ctl zdebug" Helpful Command Combinations- Check Inbound and Outbound TCP Sequece Numbers on R80.20+- R80.20 - new interesting commands- R80.30 - new interesting commands- ccp_analyzer - what is it!- Check Point - HEX to IP Converter Tool?- R80.30 - Swiss Army Knive IPMITOOL for GAIA Script - Bash script to show IP ranges for countrys from GeoProtection (new version)- GEO Location Objects in Firewall Policy (with Dynamic Objects) More - Appliance model from CLI and dmidecode with full model list- VoIP Issue and SMB Appliance (600/1000/1200/1400)- Password reset - Collection- One-liner collection- Check and config SSHv1 or SSHv2 on GAIA Copyright by Heiko Ankenbrand  1994-2019
soni_kumari1
soni_kumari1 inside General Topics yesterday
views 573 7 1

How to configure alert for identity collector

How to configure alert for identity collector for below condition. If identity collector got disconnected. if gateway got disconnected . If gateway didn't received last hour events.customer is having both R80.10 and R77.30 version gateway.
Tiago_Cerqueira
Tiago_Cerqueira inside General Topics yesterday
views 232 7

VPN issue with IKEv2 and Cisco ASA

Hi,Last week we upgraded our security gateway from R77.30 to R80.20. After this upgrade, we lost connectivity with one of our VPNs. This VPN is with a third party gateway, a Cisco ASA and we are using IKEv2.The issue is weird and I've isolated the following things:1)If the negotiation is triggered on the ASA side, everything works as expected (so, as a workaround, they are bouncing the tunnel on their side, generating traffic to us (if we are the first to generate traffic it won't work) and that's allowing us to connect)2)If we initiate the connection, we are unable to reach the other side of the VPN but, they are able to reach our network. So traffic generated on their side of the VPN always reaches us without issues.3)Child SAs are only being negotiated on re-keys, I'm assuming the first time they are created is under the AUTH packet, as per the RFC. I have a case opened with TAC, but so far no meaningful replies. I can also share the vpnd.elg files, as well as the ikev2.xmll files if you are interested in taking a look at that. Thanks