cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
KWD
KWD inside General Topics 28m ago
views 5

Site to Site VPN between 2 Checkpoint Gateways and a Checkpoint SMS

Hello,I am trying to connect two gateways, a 3200 (remote) and a 12400 local to the SMS (virtual) by a site to site VPN. Phase 1 IKE appears to succeed from the 12400 to the 3200. Phase 2 fails. The ike.elg file states INVALID-CERTIFICATE. We tried renewing the certificate, modifying the $FWDIR/conf/masters file on the remote gateway and adding a rule from the remote gateway to the SMS for FW1_ica_services. None of these have fixed the problem. Does anyone know what the problem is?Thanks
Yoni-Indeni
Yoni-Indeni inside General Topics 3 hours ago
views 206 6

Are you in an R77.30 Upgrade Rush?

A few months ago, the vast majority of Check Point firewalls out there were still running R77.30*. As the time progressed, we slowly saw people upgrading their firewalls to R80.10 and later. However, in the month of August, we saw a massive acceleration in upgrades**, in anticipation of the End of Support for R77.30 in September.This raised a few questions:1. Why are so many people waiting for the last minute to upgrade? Some may even go beyond the Sep 30th date.2. What can be done to avoid this from happening again in the future? ---------------------------------* Our data comes from Indeni Insight, which receives non-confidential data about the devices in use by our customers. These are mostly large enterprises in North America, with deployments of at least 100 firewalls.** Massive acceleration: 40% of all upgrades to R80.20, up to Aug 15 2019, occurred in the first two weeks of August. Again, this is based on just our data.
Furil
Furil inside General Topics 3 hours ago
views 21

R80.20-R80.30 ClusterXL vlan monitoring

Hello,I cannot find any discussion about the fact that in OS R80.20 and R80.30 admin guide in the section "vlan support in clusterXL" monitor all vlan id is no longer supported. I would like to understand why 🙂Any other way to monitor all vlan then ?Can someone help ? Thank you Best regards;Furil
Kamiar_Sh
Kamiar_Sh inside General Topics 5 hours ago
views 33 3

upgrading security gateways in a cluster from R77.30 to R80.20

Hi All,I have upgraded my cluster R77.30 to R80.20 last week and I faced an issue after upgrading as follow:Unix server couldn`t send files to FTP server via FTP passive mode and after 2, 3 hours troubleshooting I disabled the SecureXL and issue resolved so do you have any suggestion or thought?Thanks
sajin
sajin inside General Topics 5 hours ago
views 46 3

Traffic from FW takes External IP

HI,We need to configure all firewall in the remote location with Centralized NTP. NTP is in HO and we are connecting remote sites only through VPN. Remote Firewalls are not able to connect to NTP and not able to ping. In the tracker we identified the Remote Firewall takes its External Public IP as the source and is dropped in the HO FW, as encryption domain IP is only allowed.The firewall is configured with HO DNS and nslookup from the Remote FWs is resolving with the HO DNS .All other communication other than nslookup is taking the Public IP to reach HO DNS.
Jain_Raj
Jain_Raj inside General Topics 6 hours ago
views 771 10 2

Zero Downtime Upgrade From R77.30 to R80.20

As this is a season of R80 Upgrade, just sharing my experience of recent upgrades in the live environment from R77.30 to R80.20 without any service down1.Upgrade the DA Agent to the latest version2.Upload the R80.20 Image through CPUSE and verify for any errors3. In CMA cluster Properties, Select Maintain current cluster Active member4.Upgrade on the current standby FW(CPUSE) and let it Reboot5. Once rebooted, Change the Gateway Object to R80.20 version(It will change for all 3 objects)6.Install policy(Uncheck the option- For gateway clusters, if installation on a cluster member fails, do not install on that cluster)7. Check the HA in new version FW,(HA module not started or it may be Ready)8. Now do the upgrade in another gateway, During a reboot, the other pair on HA not started/Ready will become Active9.No service Interruption and the other FW will take HA Active10.Reinstall policy by again (Uncheck) the optionNow verify both status and do a final Policy Installation by "Keep Check" the actions11. Now Install the Hotfix.R80.20 Jumbo Hotfix Accumulator General Availability(Take 87)
Patricio_Gavila
Patricio_Gavila inside General Topics 9 hours ago
views 1459 7

Messages of mux error on a cluster (active-standby) in r80.20

Hi all,I have a Lenovo System x3650 M5 (compatibility matrix) with GAIA r80.20 (jumboHF take 80) in distributed deployment. The server firmware is updated to the last level, and with the r77.30 version works great. I have many problems with the Internet, for example, images and Office 365 emails take too long to load, even when the user is in an unrestricted rule. This did not happen with r77.30. In active Gateway shows error messages in file /var/log/messages: Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc20085221670, app_id=1, mux_state=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2008275e530, app_id=1, mux_state=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2011e77b7b0, app_id=1, mux_state=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200a775bfb0, app_id=1, mux_state=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200aa947b30, app_id=1, mux_state=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_task_handler: ERROR: Failed to handle task. task=ffffc2007f670b30, app_id=1, mux_state=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_task_handler: ERROR: Failed to handle task. task=ffffc20122ccdb70, app_id=1, mux_state=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:02 2019 FW-NODO1 kernel: [fw4_5];cpas_newconn_ex : called upon something other than tcp SYN. Aborting My question is if anyone knows if it is possible to deactivate the mux?. Otherwise I will rollback to r77.30.My concern is: because Check Point sells a poorly tested product and even more wants to force customers to migrate from r77.30 to r80, knowing that the r77.30 version is the best they have had in many years. The r80 version has too many problems, but even in cluster, the truth is impressive the failures of the product. Thanks,Patricio G.
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics 11 hours ago
views 299 9 8

Update R80.20+ Security Gateway Architecture (Logical Packet Flow)

Flowchart news in R80.20 and above SecureXL has been significantly revised in R80.20. This has also led to some changes in "fw monitor". There are new fw monitor chain (SecureXL) objects that do not run in the virtual machine. Now SecureXL works in part in user space. The SecureXL driver takes a certain amount of kernel memory per core and that was adding up to more kernel memory than Intel/Linux was allowing. The packet flow in R80.20+ is a little bit different from the flow lower than R80.20. Now it is possible to use async SecureXL and other new functions. This figure shows the new features with the reinjection of SecureXL packages. SecureXL supportes now also Async SecureXL with Falcon cards. That's new in acceleration high level architecture (SecureXL on Acceleration Card): Streaming over SecureXL, Lite Parsers, Scalable SecureXL, Acceleration stickiness... More informations here: R80.x Security Gateway Architecture (Logical Packet Flow) Whats new in R80.20+: Now there are several SecureXL instances possible. As a result, packets are reinjected with the new SecureXL ID into the correct SecureXL instance again after they have been allowed by access template or rule set. After the packet has been reinjected, the SecureXL ID is added to the SecureXL connetion table and the packet is forwarded to the correct SecureXL instance. Therefore the flow is slightly different to older version before R80.20. This new mechanism also offers the possibility to transfer packets into a new SecureXL instance on Falcon cards. PXL vs. PSLXL - Technology name for combination of SecureXL and PSL. PXL was renamed to PSLXL in R80.20. This is from my point of view the politically correct better term. For the new acceleration Falcon card architecture with R80.20+ and SecureXL offloading read this article: R80.x Security Gateway Architecture (Acceleration Card Offloading):
Carlos_Arzate
Carlos_Arzate inside General Topics 14 hours ago
views 115 6

Vsx R80. 30

We have an environment with 2 12000 in Ha and they are VSX. It has 5 virtual instances. Ii it advisable to instala R80. 30 to improve performance? Keep in mind that every 12K has only 4 cores. Regards
Antony
Antony inside General Topics yesterday
views 79 2

application control can't block chrome remote desktop

Recently, We want to block all remote administration applications like chrome remote desktop. We enabled the application control blade in existing 4210 R77.30 and block all remote administration applications. But it seem not work.Antony
Valeri_Loukine
inside General Topics yesterday
views 70
Admin

TechTalk - Utilizing the Check Point API to Automate Operations

Join our next TechTalk on September 11, 2019. In this session, Rafi Zvi will talk about use of Check Point APIs for automation, covering the following topics: Learn how to work with the Check Point API to push configuration changes, automate upgrades and jumbo fix installs and manipulate the security policy. Understand how to work with the new Smart Dashboard Extensions to populate relevant 3rd party data. Monitor and query the CPView database to visualize critical resource and performance data over time. Register here Rafi Zvi brings over 20 years of experience in the technology sector to the BackBox leadership. He has grown BackBox to become a global player and a leading provider of solutions for automated backup and recovery software for network and security devices.
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics yesterday
views 2983 6 1

When does the R80.40 EA phase start?

Is there any information about R80.40 EA? When does the EA80.40 EA phase start? Regards Heiko
Shirleyh
inside General Topics yesterday
views 1698 12 5
Employee

R80.30 – default version (widely recommended)

As of today, R80.30 take 200 with Jumbo Hotfix Accumulator take_19 (as described in sk153152) is the default version (widely recommended) for all deployments. This version is available for download via CPUSE and from the R80.30 home page (sk144293). Thanks, Release Management group.
Jessie_Rich
Jessie_Rich inside General Topics Saturday
views 90 3

Internal firewall anti-spoofing

I have 2 networks separated by a firewall and then a internet facing firewall. I am getting anti-spoofing alerts on traffic passing through my internal firewall from the internet.Topology looks something like thisNetwork-A >>> InternalFW >>>> Network-B >>>>> internetFW >>>>>> InternetOn the Network-B facing interfaces on both firewalls I have only my Network-B networks defined in the topology. I assume on the InternalFW I need to add the internet to the topology on the interface connected to Network-B? To not mess up anti-spoofing on the internetFW I assume I would create separate network groups for my topology on the internal and internet firewalls?Thank you for any advice you can give.
Valeri_Loukine
inside General Topics Saturday
views 9756 8 16
Admin

White Papers Publishing Project

Hi CheckMaters, As you may have mentioned, we are currently in the process of publishing white papers created by our Security Engineers around the globe. These documents cover various products, implementation scenarios, features and configuration details. Here is the list: Name Link A deeper dive into FQDN Objects https://community.checkpoint.com/t5/General-Management-Topics/Domain-Objects-FQDN-An-Unofficial-ATRG/td-p/40789 CDT and Blink https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/White-Paper-Central-Deployment-Tool-CDT-and-Blink/td-p/52503 Guide to configure logging to SolarWinds LEM SIEM https://community.checkpoint.com/t5/Logging-and-Reporting/White-Paper-Integrating-Check-Point-SMS-with-SolarWinds-LEM/td-p/52505 Configuring R80.10 GW to send logs to Log Analytics https://community.checkpoint.com/t5/Logging-and-Reporting/White-Paper-Configuring-R80-10-GW-to-send-logs-to-Log-Analytics/m-p/52506#M3244 Restoring a large MDS environment in VMware from mds backup https://community.checkpoint.com/t5/Multi-Domain-Management/White-Paper-Restoring-a-large-enterprise-MDM-environment-in/td-p/52507 Recovering a file from Gaia Snapshot https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/White-Paper-Extracting-a-file-from-a-GAIA-Snapshot/td-p/52520 Integrating Custom IOC Feeds https://community.checkpoint.com/t5/Developers-API-CLI/White-Paper-Integrating-Custom-IOC-Feeds/td-p/52522 RulebaseExporter/RulebaseImporter https://community.checkpoint.com/t5/Developers-API-CLI/RulebaseExporter-RulebaseImporter/td-p/39126 Cloud Guard: Automated firewall Cluster Deployment with auto-scaling option https://community.checkpoint.com/t5/Developers-API-CLI/Cloud-Guard-Automated-firewall-Cluster-Deployment-with-auto/td-p/39480 Log cleaning rule https://community.checkpoint.com/t5/Developers-API-CLI/Log-cleaning-rule/td-p/38385 Deploying Auto Scaling CloudGuard gateways in Azure using VM Scale Sets https://community.checkpoint.com/t5/CloudGuard-IaaS/Deploying-Auto-Scaling-CloudGuard-gateways-in-Azure-using-VM/td-p/39967 Tufin integration with Check Point R80 https://community.checkpoint.com/t5/General-Management-Topics/Tufin-integration-with-Check-Point-R80-docx/td-p/40351 Integration of Gemalto’s MobilePass+ Secure MFA and Managed Identities with the Check Point Firewall Mobile Access Blade as an IT Automator https://community.checkpoint.com/t5/SandBlast-Mobile/Integration-of-Gemalto-s-MobilePass-Secure-MFA-and-Managed/td-p/40370 Protecting IoT (Internet of Things) implementations with R80.10 and later Unified Policy, Protocol Signature, and Segmentation https://community.checkpoint.com/t5/General-Management-Topics/White-Paper-Protecting-IoT-Internet-of-Things-implementations/td-p/38405 Integration with Splunk Phantom https://community.checkpoint.com/t5/General-Management-Topics/Integration-with-Splunk-Phantom/td-p/19539 Check Point and LogRhythm: Integrated Enterprise Security https://community.checkpoint.com/t5/General-Topics/Check-Point-and-LogRhythm-Integrated-Enterprise-Security/td-p/41386 ClearPass & Checkpoint utilizing RESTful API and RADIUS Accounting https://community.checkpoint.com/t5/General-Topics/Integration-with-ClearPass-by-utilising-RESTful-API-and-RADIUS/td-p/41385 Azure Deployment https://community.checkpoint.com/t5/CloudGuard-IaaS/White-Paper-CloudGuard-Deployment-in-Microsoft-Azure/td-p/52649 Leveraging Capsule Docs and DLP to provide IRM https://community.checkpoint.com/t5/Capsule-Docs/White-Paper-Using-Check-Point-s-Capsule-Docs-with-Data-Loss/m-p/52656 Advanced Migration to R80.x Quick Guide https://community.checkpoint.com/t5/General-Management-Topics/White-Paper-R80-x-Advanced-Migration-Quick-Guide/td-p/52671 Updating Legacy DHCP Relay To Be R80.10 Ready https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/White-Paper-Updating-Legacy-DHCP-Relay-To-Be-R80-10-Ready/td-p/52672 Protect ICS SCADA https://community.checkpoint.com/t5/SCADA-Solutions/Protect-ICS-SCADA-Network-Whitepaper/m-p/40878 URL Filtering using SNI for HTTPS websites https://community.checkpoint.com/t5/General-Topics/White-Paper-URL-Filtering-using-SNI-for-HTTPS-websites/td-p/52675 Using AD certificates for outbound SSL inspection https://community.checkpoint.com/t5/Policy-Management/White-Paper-Using-Microsoft-Active-Directory-Certificate-for/m-p/52738#M3170 Deploying CP GW/MGMT with gcloud shell https://community.checkpoint.com/t5/CloudGuard-IaaS/White-Paper-Deployment-of-a-Check-Point-gateway-management-in/m-p/52739#M1148 Publishing SmartConsole as a RemoteApp https://community.checkpoint.com/t5/General-Management-Topics/White-Paper-Publishing-SmartCconsole-as-a-RemoteApp/m-p/52749#M8686 Reducing False Positive DLP CGSaaS https://community.checkpoint.com/t5/CloudGuard-SaaS/White-Paper-Reducing-False-Positives-with-DLP-in-CloudGuard-SaaS/m-p/52753#M85 CloudGuard SaaS Threat Prevention https://community.checkpoint.com/t5/CloudGuard-SaaS/White-Paper-CloudGuard-SaaS-Threat-Extraction/td-p/52758 Managing Threat Prevention IoCs https://community.checkpoint.com/t5/General-Management-Topics/White-Paper-Managing-Threat-Prevention-IoCs/td-p/52761 Introduction to Management CLI and JQ https://community.checkpoint.com/t5/Check-Point-for-Beginners-CP4B/White-Paper-Introduction-to-Management-API-and-JQ/ba-p/52867#M90 Endpoint Policy Server in DMZ https://community.checkpoint.com/t5/Endpoint-Security-Products/White-Paper-R80-20-Endpoint-Policy-Server-in-DMZ-for-External/m-p/52865#M1129 Deploying Endpoint clients via GPO https://community.checkpoint.com/t5/Endpoint-Security-Products/White-Paper-Deploying-an-Endpoint-Client-via-Group-Policy/m-p/52874#M1130 Adding a CloudGuard Cluster into an existing AWS Environment https://community.checkpoint.com/t5/CloudGuard-IaaS/White-Paper-Adding-a-CloudGuard-cluster-into-an-existing-AWS/m-p/52876#M1153 AAD compared to NIST https://community.checkpoint.com/t5/SCADA-Solutions/White-Paper-Securing-Industrial-Control-Systems-Check-Point-AAD/m-p/52881#M150 Logging OSPF transitions with syslog https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/Logging-OSPF-FULL-transition-events-to-syslog/m-p/32093#M2573 Deploying SMS & a cluster on Azure https://community.checkpoint.com/t5/CloudGuard-IaaS/White-Paper-Deploying-an-R80-20-SMS-and-R80-10-Cluster-on-Azure/m-p/52886#M1155 Management upgrade workbook https://community.checkpoint.com/t5/General-Management-Topics/White-Paper-Security-Management-Server-Upgrade-Workbook/m-p/52890#M8702 Azure Service Principal Configuration https://community.checkpoint.com/t5/CloudGuard-SaaS/White-Paper-Azure-Service-Principal-Configuration/m-p/53142#M90 Phantom integration https://community.checkpoint.com/t5/General-Management-Topics/Integration-with-Splunk-Phantom/td-p/19539 Custom SmartEvent Reports https://community.checkpoint.com/t5/Logging-and-Reporting/White-Paper-Custom-SmartEvent-Reports/m-p/53238#M3258 Updating Endpoint Client Version from EndPoint Management Server https://community.checkpoint.com/t5/Endpoint-Security-Products/White-Paper-Updating-Endpoint-Client-Version-from-EndPoint/m-p/53283#M1144 Healthcare: Mobile Security https://community.checkpoint.com/t5/SandBlast-Mobile/White-Paper-Healthcare-Mobile-Security/m-p/53288#Healthcare: Mobile Security Configuring NAT64 for Internet Access in R80.20 https://community.checkpoint.com/t5/General-Topics/White-Paper-Configuring-NAT64-for-Internet-Access-in-R80-20/td-p/53315 Importing Custom IOC’s in Smart Console R80.20 https://community.checkpoint.com/t5/General-Topics/White-Paper-Importing-Custom-IOC-s-in-SmartConsole-R80-20/m-p/53323#M10628 URL Filtering Best Practices for Large Scale Deployment https://community.checkpoint.com/t5/General-Topics/White-Paper-URL-Filtering-Best-Practices-for-the-Large-Scale/m-p/53330#M10630 SMB Technology Guide https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/White-Paper-Check-Point-Small-Medium-Business-Technology-Guide/m-p/53334#M2093 Deploying 1200R Security Gateway with Zero Touch Cloud Service https://community.checkpoint.com/t5/SCADA-Solutions/White-Paper-Deploying-1200R-Security-Gateway-with-Zero-Touch/m-p/53344#M153 SandBlast Cloud Office 365 to CloudGuard SaaS for Office 365 Migration https://community.checkpoint.com/t5/CloudGuard-SaaS/White-Paper-SandBlast-Cloud-Office-365-to-CloudGuard-SaaS-for/m-p/53387#M95 TWC/Spectrum VOIP with SMB appliances https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/White-Paper-TWC-Spectrum-VOIP-with-SMB-appliances/m-p/53392#M97 Customer User Center Basics and Strategy https://community.checkpoint.com/t5/General-Topics/White-Paper-UserCenter-Basics-and-Strategy/m-p/53405#M10639 How to Batch Categorize URLs https://community.checkpoint.com/t5/General-Topics/White-Paper-How-to-Batch-Categorize-URLs/m-p/53411 Security Zones https://community.checkpoint.com/t5/General-Topics/White-Paper-Security-Zones/m-p/53415#M10641 How to configure Client Authentication in R80.20 https://community.checkpoint.com/t5/General-Topics/White-Paper-Configuring-Client-Authentication-in-R80-20/m-p/53419#M10642 HTTPS Inspection with Cisco Umbrella https://community.checkpoint.com/t5/General-Topics/White-Paper-HTTPS-Inspection-with-Cisco-Umbrella-How-To/m-p/53421#M10643 Integration of Check Point Identity Collector and Cisco ISE https://community.checkpoint.com/t5/General-Topics/White-Paper-Integration-of-Check-Point-Identity-Collector-and/td-p/53429 SMS and EPM log integration using SmartLog https://community.checkpoint.com/t5/Logging-and-Reporting/White-Paper-SMS-and-EPM-log-integration-using-SmartLog/m-p/53478#M3265 Getting out of CPUSE Jumbo Jail https://community.checkpoint.com/t5/Enterprise-Appliances-and-Gaia/White-Paper-Getting-out-of-CPUSE-Jumbo-Jail/m-p/53493#M4054 Distributed IPS Integration with Extreme Networks Network Access Control (NAC) https://community.checkpoint.com/t5/IPS-Anti-Virus-and-Anti-Bot/White-Paper-Distributed-IPS-Integration-with-Extreme-Networks/m-p/53494#M1393 Configuring Check Point Security Gateway with an IPv6 Tunnel Broker https://community.checkpoint.com/t5/General-Topics/White-Paper-Configuring-Check-Point-Security-Gateway-with-an/m-p/53496#M10666 Updating 1200R Firmware with a USB Stick https://community.checkpoint.com/t5/SMB-Appliances-and-SMP/White-Paper-Updating-1200R-Firmware-with-a-USB-Stick/m-p/53502#M2097 Security Management Server Migration from R65 to R80.20 https://community.checkpoint.com/t5/General-Topics/White-Paper-Security-Management-Server-Migration-from-R65-to-R80/m-p/53506#M10671 Ansible Deployment Guide for Check Point https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/White-Paper-Ansible-Deployment-Guide-for-Check-Point/m-p/53514#M3465 Minimizing SBA Notifications with Check Point GuiDBedit https://community.checkpoint.com/t5/SandBlast-Agent/White-Paper-Minimizing-SBA-Notifications-with-Check-Point/m-p/53655#M471 Using RADIUS Authentication for Remote Access VPN https://community.checkpoint.com/t5/Remote-Access-Solutions/White-Paper-Using-RADIUS-Authentication-for-Remote-Access-VPN/m-p/53659#M1655 Check Point Compliance Checking with Secure Configuration Verification https://community.checkpoint.com/t5/Remote-Access-Solutions/White-Paper-Check-Point-Compliance-Checking-with-Secure/m-p/57123#M1737 Check Point Configuration with Radware (Alteon) SSL Decrypt & URL/UserCheck https://community.checkpoint.com/t5/General-Topics/White-Paper-Check-Point-Configuration-with-Radware-Alteon-SSL/m-p/57126#M11489 Logging & Monitoring, Events & Reports with R80.10 https://community.checkpoint.com/t5/Logging-and-Reporting/White-Paper-Logging-amp-Monitoring-Events-amp-Reports-with-R80/m-p/57128#M3472 VSX Migration - Moving one VS at a Time https://community.checkpoint.com/t5/VSX/White-Paper-VSX-Migration-Moving-one-VS-at-a-Time/m-p/57273#M169 R80.20 Endpoint initial Configuration and Setup (CP4B Series) https://community.checkpoint.com/t5/Check-Point-for-Beginners-CP4B/White-Paper-R80-20-Endpoint-initial-Configuration-and-Setup/ba-p/57333#M98 Absolute Beginner’s Guide to R80.x https://community.checkpoint.com/t5/Check-Point-for-Beginners-CP4B/White-Paper-Absolute-Beginner-s-Guide-to-R80-x/ba-p/57420#M99 Site to Site VPN in R80.x https://community.checkpoint.com/t5/Check-Point-for-Beginners-CP4B/White-Paper-Site-to-Site-VPN-in-R80-x/ba-p/57425#M101 Implementing Non-FQDN Domain Objects https://community.checkpoint.com/t5/Access-Control-Products/White-Paper-Implementing-Non-FQDN-Domain-Objects/td-p/57743 Utilizing GeoProtection and Updatable Objects Within the R80.20 Rulebase https://community.checkpoint.com/t5/Access-Control-Products/White-Paper-Utilizing-GeoProtection-and-Updatable-Objects-Within/td-p/57738 Inline Layer Policy Best Practice https://community.checkpoint.com/t5/Access-Control-Products/White-Paper-Inline-Layer-Policy-Best-Practice/td-p/57740 More documents to come!