cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Timothy_Fan
Timothy_Fan inside General Topics 2 hours ago
views 10

Checkpoint 5400 with secondary internet

How can i config the checkpoint with secondary internet ? The interface part only let me to enter the IP address and subnet. How about the gateway and it's new set of DNS ? I want to set the secondary internet for IPSec-VPN only. I searched for post whole days but in vain. THX
s_milidrag
s_milidrag inside General Topics 7 hours ago
views 833 4

Protocol Signatures

Kindly ask if someone can explain in more detail "Protocol Signature" option in https/http/dns/telnet/smtp ... service objects. What is the difference in matching between https without protocol signature enable (default option) and with protocol signature enabled. Thanks 
Michael_Goessma
Michael_Goessma inside General Topics 10 hours ago
views 59 2

fw monitor and cppcap on VSX R80.20 (JHF 91)

I just want to share my findings on fw monitor and cppcap on a VSX R80.20 JHF 91 environment:fw monitor just segfaults if I use the -v <VSID> switchfw monitor just ignores the VS context if running without -v switch and captures packets in all VScppcap does not work in VSX R80.20 JHF 91 with acceleration enabled, I had to do a fwaccel off in the specific VS to capture trafficI may be wrong. But if not, some documents should be corrected, including Heiko's excellent cheat sheet... 
ponravoth
ponravoth inside General Topics 13 hours ago
views 56 1

CheckPoint redirect to IP address 62.0.58.94

Hello support,Please advise us, It is normal event for Check Point or suspicious event? After checkpoint prevent will redirect to IP address 62.0.58.94. What's IP address? Best Regards,Ravoth
Jesus_Vladimir_
Jesus_Vladimir_ inside General Topics 13 hours ago
views 2666 19 1

PBR With Multiple Tracking

Hi, how to configure PBR for redundancy automatic,i try Priority but not functioning.Regards
Kamiar_Sh
Kamiar_Sh inside General Topics 20 hours ago
views 4093 21 2

Enable DPD on R80.20

Hi everyone,I have upgraded R77.30 to R80.20 recently and I am new with R80.20 , I have 20  IPsec Tunnel terminated to my cluster firewalls and here is my question:1-there is an issue on one IPsec tunnel with 3rd party and I need to enable DPD mode ( the tunnel is not permanent) so if I enable DPD mode is there any impact to other tunnels?and here is the tunnel config:IKEv1Phase 1AES-256SHA-256DH:Group5Renegotiation IKE security  1440 minutesappreciate if someone can assist me to resolve the issue
Khalid_Aftas
Khalid_Aftas inside General Topics 22 hours ago
views 250 7

R80.20 Ipsec VPN issues

Hi, After upgrade to r80.20 in multiple gateway, we started having issue with a lot of VPN that were running without problem in 80.10 case 1 : VPN with partner down, i had to make him disable NAT-T option for it to work again.Case 2 (most critical) : Amazon Web Services, once phase 2 proposition from aws come, CP accept it, then decide to propose again another negotiation, during few minutes complete cut out of the traffic. Other cases in other GW with simlar issues. Opened a case in the TAC, they made me install some special hotfix, with no succes. What changed in R80.20 regarding vpn ? i hope there is a solution for these issues. [CPFC]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[MGMT]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[FW1]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87HOTFIX_R80_20_JHF_T87_190_MAINHOTFIX_R80_20_JHF_T87_174_MAINHOTFIX_R80_20_JHF_87_90_002_MAINFW1 build number:This is Check Point's software version R80.20 - Build 100kernel: R80.20 - Build 001[SecurePlatform]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CPinfo]No hotfixes..[DIAG]No hotfixes..[PPACK]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CVPN]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CPUpdates]BUNDLE_R80_20_JUMBO_HF_MAIN Take: 87
victor
victor inside General Topics yesterday
views 81 1

How to have a secondary public ip on lan interface

hi we want to allocate some servers in our network public ips. We have a block of xx.xxx.xxx.216/29 public ips whereby 217 is the gateway from the ISP and 218 is our public ip for the external facing (eth2) interface of the firewall.We have a server that we want to allocate the 220 ip however when i try giving any of the public ips say the 219 as a secondary ip to the internal afacing interface (eth7) connected to the LAN so that it can act as my servers' (220) gateway i get an error "xxx.xxx.xxx.219/29 conflicts with destination network of eth2." where eth2 is the external facing interface (218).kindly assit on how to go about it.
Di_Junior
Di_Junior inside General Topics Friday
views 63 2

Managed Security Service Provider using Check Point Solutions

Dear MatesWe wish to become a MSSP as such, we are in the process of looking into different solutions. Since we have a great sucess story with Check Point, we are considering to join this new journey with Check Point.I would like to know which Check Point Product/Technology we could use in order to start providing security services to our customers. I was thinking of VSX, and create different contexts for each customer.  Is there anything else we should look at? Thanks in advance
Gaurav_Pandya
Gaurav_Pandya inside General Topics Friday
views 4757 17 17

Healthcheck Script

Hi All,There is readily available script for Gaia based system on checkpoint. It checks almost all parameters. May be some are aware of this but who are unaware, it is very useful script.You can refer sk121447 and download the readily available Health check Script. It is very useful and measure all the required parameters.Hope This will be helpful.
Manoj_Tiwari
Manoj_Tiwari inside General Topics Friday
views 7154 21 2

ISP Redundancy (load sharing) issue in R80.10

Recently I have setup the checkpoint firewall 5400 series Gaia R80.10 in cluster environment. Where I have to configure the ISP redundancy in load sharing mode. But after it goes on live, we have faced the high CPU utilization issue, some traffic has been dropped without hitting in policy, first packet isn't sync packet  etc issues.I have configured the ISP redundancy with reference of R77.30 but I don't even find the any guide and documentation for the ISP redundancy in R80.10.My question is:-does anybody implemented the ISP redundancy in R80.10?-If checkpoint doesn't provide any documentation for that, is it supported or not in R80.10?Thanks,Manoj
Jessie_Rich
Jessie_Rich inside General Topics Friday
views 194 5

Internal firewall anti-spoofing

I have 2 networks separated by a firewall and then a internet facing firewall. I am getting anti-spoofing alerts on traffic passing through my internal firewall from the internet.Topology looks something like thisNetwork-A >>> InternalFW >>>> Network-B >>>>> internetFW >>>>>> InternetOn the Network-B facing interfaces on both firewalls I have only my Network-B networks defined in the topology. I assume on the InternalFW I need to add the internet to the topology on the interface connected to Network-B? To not mess up anti-spoofing on the internetFW I assume I would create separate network groups for my topology on the internal and internet firewalls?Thank you for any advice you can give.
Daniel_Taney
Daniel_Taney inside General Topics Friday
views 2057 11

Hyperthreading Best Practice Recommendation For Management / SmartEvent Open Servers?

Is there a best practice recommendation for whether Hyperthreading should be enabled on an R80.10 Open Server if it is solely used as a SMS or SmartEvent server? I found lots of tips when it comes to HT on Gateways, but didn't see anything regarding Management.Thank You!
Srinivasan_N
Srinivasan_N inside General Topics Friday
views 31272 7 3

Check Point Inspection points-iIoO

Hi Experts, Thank you all for helping us. Could you guys please assist on iIoO - Checkpoint Inspection points. Even Checkpoint doesn't provide much info (Shown below). Like where Anti-spoofing/Access-rule/NAT/Routing is applied @ each stage of iIoO. Please assist.
TD_Thorwald
TD_Thorwald inside General Topics Friday
views 68 2

Checkmates/Checkpoint websites password

How do I change my password for checkpoint checkmates, and the checkpoint website(s) in general?I don't find that option in the usual places.