cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Kim_Moberg
Kim_Moberg inside General Topics yesterday
views 74 3

R80.30 GA Installation experience

Hi CheckMates,I just want to share my positive experience after upgrade to R80.30 GA and when talking with TAC support they provided a very professional and competent as well fast resolution to issues found.First Gateway Mgmt server was upgraded from R80.20 GA to R80.30 GA first release.Was unable to login with admin Gaia user but administrative users worked.Solution was fast - tried to recreate admin account using CLI 'cpconfig'.Endpoint Mgmt server upgraded from R80.20 GA to R80.30 GA.no issues with the upgrade everything worked fine.Upgraded a cluster running R80.20 GA with JHF to solve SK147493 - " After Upgrade to R80.30 -Unable to connect to the Standby Cluster member from a non-local subnet via SSH or WebUI" After running R80.30 GA problem came back again.Reached our to TAC and very fast an update was ready and problem solved.Any one else experience any issues after the upgrade or just a possible experience with TAC support?Looking forward to hear from you.
Takashi_Suzuki
Takashi_Suzuki inside General Topics yesterday
views 40 1

About automatic update of a license signature

Hi, Team.Although who was operating nothing on UserCenter, the signature part of the license installed in the appliance currently operation had changed.Is there any function in which the license installed in the appliance is updated automatically?* This signatures is the thing of the part of a license like [aTFvAfpKy-tf8...].*[IPaddress / expiration / Features] had not changed.In this case, isn't off-line environment affected?* In an off-line environment, the contract is periodically outputted from UserCenter and imported by the file format manually.Doesn't inconsistent occur in a license and a contract?
ashish_verma
ashish_verma inside General Topics yesterday
views 2652 5

Natting to an IP range not directly connected

I am trying to do natting by creating object with IP address which is in subnet not connected to firewall-1 and natting it to an IP address that is also not connected. In fw monitor it is only showing pre-in. how can I do so?Thanks in advance.
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics yesterday
views 4135 9 2

R80.10 User-Mode Firewall and performance impact

A question to the R&D. When I switch a firewall from kernel mode to user mode has this a performance impact. Is it better for the performance to enable user mode on a firewall or not? Does it make sense to enable user mode even for a few cores? Enable user mode: > cpprod_util FwSetUsermode 1> reboot More to user mode here: How to enable USFW (User-Mode Firewall) on a 23900 appliance
Martin_Oles
Martin_Oles inside General Topics yesterday
views 189 5

Duplicate services - which will be used?

Hi,recently I came across behavior, where supposedly permitted traffic is dropped by protocol handler. In my case I do do have defined duplicated service objects for snmp, udp/161. First is default service object snmp, port udp/161 with no Protocol Type set. Second service object is also port udp/161 with Protocol Type: SNMP_V3 , both objects are set "Match for Any", And both objects are used in a rule, which permits SNMP for monitoring.Some SNMPv2 packets are permitted when matching rule, but dropped by protocol handler:;[cpu_2];[fw4_3];fw_log_drop_ex: Packet proto=17 10.20.30.40:47940 -> 20.30.40.50:161 dropped by fwpslglue_chain Reason: PSL Drop: ASPII_MT;Being aware, that such is not ideal situation, but still I am wonder, how INSPECT will decide, which service parameters will be used for traffic? How then is handling traffic in situation, where is duplicity in service objects exists and in a rule is used "any" for service?Thank you for tips to documentation or SKs related.
Oscar_David_Gom
Oscar_David_Gom inside General Topics yesterday
views 24 1

Tunnel sharing option for VPN

Hi, This is a fast question, which do you consider as the best option to configure tunnel sharing on a VPN between Google cloud and on premise checkpoint appliance. Thanks.
CCL_TAC
CCL_TAC inside General Topics yesterday
views 31 2

Smart event report doesn't display resolved names

Hello ,The reports generated by Smart event in R80.10 doesn't display the DNS names and only show the IP addresses. DNS server is configured on the Smart event object on the dashboard. Is there any other setting i need to modify ?Thanks
GreyOwl
GreyOwl inside General Topics yesterday
views 18

AppControl do not block Teamviewer

Hello,we have a very strange problem. I created AppControl rule blocking TeamViewer. After policy installation, it shows in logs that TeamViewer is blocking successfully. But it continues to work! In other words, TeamViewer is blocked only in logs. We tried to drop block other apps for testing (WhatsApp for ex) and everything is working OK.Does anyone has any idea, what's happening and how to solve it?Thanks.
Danny
Danny inside General Topics yesterday
views 5378 39 30

DiagnosticsView - CPInfo Viewer

DiagnosticsView is a new Support Debug Tool for Check Point Support Engineers.It's a Windows application that replaces InfoView and offers a graphical representation of collected data from CPInfo.It's layout is highly adjustable and features the general R80 style. Panels can be re-sized, dragged and re-arranged.Thanks Check Point for developing such helpful tools for everydays support routines. InfoView was long outdated.
Wang
Wang inside General Topics yesterday
views 46 6

This error was encountered while restoring SystemBackup in R77.30's GUI

Hello, engineers, can someone help me with this problem?Thank you very much!
Wang
Wang inside General Topics Monday
views 98 8

Number of VPN tunnel connections

Hello, engineers, which engineers can help me solve this problem? The tunnel that the user establishes through the VPN client, does a user have only one tunnel?Thank you very much!
Fedor_Agafonov1
Fedor_Agafonov1 inside General Topics Monday
views 10

Threat Emulation Terminating VM due to error: failed to start tap interface

Hi,After update image on sandblast appliance T250 gaia R80.20, VM not start. Error: Terminating VM due to error: failed to start tap interfaceEmulator log:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244', Run: 1, Priority: normal (0 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d', Run: 1, Priority: normal (1 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '5e5de275-a103-4f67-b55b-47532918fa59', Run: 1, Priority: normal (2 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} Adding emulation request on Image: '5e5de275-a103-4f67-b55b-47532918fa59HPS', Run: 1, Priority: normal (3 requests in queue, 0 running emulation VMs)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 12 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 12 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 12 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason: Failed to create VM for Win7 64b,Office 2010,Adobe 11[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 13 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 13 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 13 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 1, reason: Failed to create VM for Win7,Office 2013,Adobe 11[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59HPS' () by: 40, reason:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: creation. is_hps=1[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 14 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 14 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 14 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59HPS' () by: 1, reason: Failed to create VM for[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 40, reason:[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} investigator 'emulator' reporting back (status: still working)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: creation. is_hps=0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMloader::CreateTapInterface: failed to set IP address '169.254.0.1' to interface 'vm-if0, netmask: 255.255.255.252)[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::VmResources::ConsumedRes::StartTap: failed to create tap vm-if0 169.254.0.1/255.255.255.252[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::EmulatingVM::TerminateWithError: VM 15 (Creation In Process): Terminating VM due to error: failed to start tap interface[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: Terminating (error occured? 1, detected events: 0 malicious, 0 benign)[18146 4076272128][21 May 1:40:24] [TE_TRACE]: VM 15 KeyPoint: destroying. max number of files: 0. life time: 0[18146 4076272128][21 May 1:40:24] [TE (TD::Surprise)] te::Emulation::VMrepository::CreateNewVM: VM 15 failed to start[18146 4076272128][21 May 1:40:24] [TE_TRACE]: {E5FDCED7-A838-5743-B9A0-59E0701233E1} verdict 'Error' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason: Failed to create VM for Win10 64b,Office 2016,Adobe DC Thanks.
sajin
sajin inside General Topics Monday
views 35 2

IPS Blade is preventing but not enabled

I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades. Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.Firewall- R80.10
Miguel_Barrios
Miguel_Barrios inside General Topics Monday
views 24 1

How to check ThreatCloud URL Reputation?

Is there a webpage to check Check Point ThreatCloud URL, IP or domain reputation online?
Serhii_Yaholnyt
Serhii_Yaholnyt inside General Topics Monday
views 539 5

Route Injection Mechanism and its features(bugs?)

Hi all. I am trying to configure RIM in Site-to-Site VPN. I have a remote peer with VPN domain 10.248.0.0/24. I am trying to advertise remote peer's VPN domain to local OSPF. I have enabled Route Injection Mechanism in my VPN community and got such a result:S 0.0.0.0/0 via 10.0.1.2, eth0, cost 0, age 8119C 10.0.1.0/24 is directly connected, eth0K 10.248.0.1/32 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.2/31 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.4/30 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.8/29 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.16/28 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.32/27 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.64/26 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.128/29 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.136/30 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.140/32 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.142/31 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.144/28 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.160/27 via 10.0.1.59, eth0, cost 0, age 559K 10.248.0.192/26 via 10.0.1.59, eth0, cost 0, age 559C 10.249.0.0/24 is directly connected, eth2C 127.0.0.0/8 is directly connected, loI can redistribute these routes to OSPF but why Checkpoint shows all these networks instead of 10.248.0.0/24?To reduce number of routes I have agregated them to a 10.248.0.0/24 and redistributed routes to OSPF from agregation. But on my Checkpoint gateway agregated route has a 'is a reject route' description:S 0.0.0.0/0 via 10.0.1.2, eth0, cost 0, age 8873C 10.0.1.0/24 is directly connected, eth0K 10.248.0.1/32 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.2/31 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.4/30 via 10.0.1.59, eth0, cost 0, age 40K 10.248.0.8/29 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.16/28 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.32/27 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.64/26 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.128/29 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.136/30 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.140/32 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.142/31 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.144/28 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.160/27 via 10.0.1.59, eth0, cost 0, age 41K 10.248.0.192/26 via 10.0.1.59, eth0, cost 0, age 41A 10.248.0.0/24 is a reject routeC 10.249.0.0/24 is directly connected, eth2C 127.0.0.0/8 is directly connected, loWhat does it mean? Is such work of RIM correct? It looks very strange...