cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics 46m ago
views 4570 15 2

R80.10 User-Mode Firewall and performance impact

A question to the R&D. When I switch a firewall from kernel mode to user mode has this a performance impact. Is it better for the performance to enable user mode on a firewall or not? Does it make sense to enable user mode even for a few cores? Enable user mode: > cpprod_util FwSetUsermode 1> reboot More to user mode here: How to enable USFW (User-Mode Firewall) on a 23900 appliance
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics 5 hours ago
views 6899 12 20

R80.20 - IP blacklist in SecureXL

Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses. The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets. This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level. For example, the traffic from and to IP 1.2.3.4 should be blocked at SecureXL level. On gateway set the IP 1.2.3.4 to Secure XL blacklist: # fwaccel dos blacklist -a 1.2.3.4 On gateway displays all IP's on the SecureXL blacklist: # fwaccel dos blacklist -s On gateway delete the IP 1.2.3.4 from Secure XL blacklist: # fwaccel dos blacklist -d 1.2.3.4 Very nice new function in R80.20! Furthermore there are also the Penalty Box whitelist in SecureXL. The SecureXL Penalty Box is a mechanism that performs an early drop of packets that arrive from suspected sources. The purpose of this feature is to allow the Security Gateway to cope better under high traffic load, possibly caused by a DoS/DDoS attack. The SecureXL Penalty Box detects clients that sends packets, which the Access Control Policy drops, and clients that violate the IPS protections. If the SecureXL Penalty Box detect a specific client frequently, it puts that client in a penalty box. From that point, SecureXL drops all packets that arrive from the blocked source IP address. The Penalty Box whitelist in SecureXL lets you configure the source IP addresses, which the SecureXL Penalty Box never blocks. More under this link: Command Line Interface R80.20 Reference Guide Regards, Heiko
John_Pinegar
John_Pinegar inside General Topics 8 hours ago
views 82 2

High PEPD CPU After Upgrading to R80.10 HFA 189

Has anyone else seen high CPU on the PEPD process after upgrading to HFA take 189 on R80.10? I had to uninstall and revert back to my previous HFA (take 121). I was seeing 50-60% increased CPU usage overall and dropped traffic to my VPNs (although the VPNs themselves seemed to be staying up).
Jason_Carrillo
Jason_Carrillo inside General Topics 8 hours ago
views 191 3

Identity Agent - Distributed Configuration

Hey Checkmates,Anybody out there have any experience configuring and deploying SSO capable Identity Agents for Check Point? The documentation is leaving a little to be desired.We think we have AD set up and ready for the pertinent firewalls, but I'm at a loss as to what the "Identity Servers" are and how to actually create the installer that I can deploy that is ready to go.Thanks!
GreyOwl
GreyOwl inside General Topics 9 hours ago
views 41 1 1

AppControl do not block Teamviewer

Hello,we have a very strange problem. I created AppControl rule blocking TeamViewer. After policy installation, it shows in logs that TeamViewer is blocking successfully. But it continues to work! In other words, TeamViewer is blocked only in logs. We tried to drop block other apps for testing (WhatsApp for ex) and everything is working OK.Does anyone has any idea, what's happening and how to solve it?Thanks.
Kim_Moberg
Kim_Moberg inside General Topics yesterday
views 100 3

R80.30 GA Installation experience

Hi CheckMates,I just want to share my positive experience after upgrade to R80.30 GA and when talking with TAC support they provided a very professional and competent as well fast resolution to issues found.First Gateway Mgmt server was upgraded from R80.20 GA to R80.30 GA first release.Was unable to login with admin Gaia user but administrative users worked.Solution was fast - tried to recreate admin account using CLI 'cpconfig'.Endpoint Mgmt server upgraded from R80.20 GA to R80.30 GA.no issues with the upgrade everything worked fine.Upgraded a cluster running R80.20 GA with JHF to solve SK147493 - " After Upgrade to R80.30 -Unable to connect to the Standby Cluster member from a non-local subnet via SSH or WebUI" After running R80.30 GA problem came back again.Reached our to TAC and very fast an update was ready and problem solved.Any one else experience any issues after the upgrade or just a possible experience with TAC support?Looking forward to hear from you.
Takashi_Suzuki
Takashi_Suzuki inside General Topics yesterday
views 44 1

About automatic update of a license signature

Hi, Team.Although who was operating nothing on UserCenter, the signature part of the license installed in the appliance currently operation had changed.Is there any function in which the license installed in the appliance is updated automatically?* This signatures is the thing of the part of a license like [aTFvAfpKy-tf8...].*[IPaddress / expiration / Features] had not changed.In this case, isn't off-line environment affected?* In an off-line environment, the contract is periodically outputted from UserCenter and imported by the file format manually.Doesn't inconsistent occur in a license and a contract?
ashish_verma
ashish_verma inside General Topics yesterday
views 2660 5

Natting to an IP range not directly connected

I am trying to do natting by creating object with IP address which is in subnet not connected to firewall-1 and natting it to an IP address that is also not connected. In fw monitor it is only showing pre-in. how can I do so?Thanks in advance.
Martin_Oles
Martin_Oles inside General Topics yesterday
views 203 5

Duplicate services - which will be used?

Hi,recently I came across behavior, where supposedly permitted traffic is dropped by protocol handler. In my case I do do have defined duplicated service objects for snmp, udp/161. First is default service object snmp, port udp/161 with no Protocol Type set. Second service object is also port udp/161 with Protocol Type: SNMP_V3 , both objects are set "Match for Any", And both objects are used in a rule, which permits SNMP for monitoring.Some SNMPv2 packets are permitted when matching rule, but dropped by protocol handler:;[cpu_2];[fw4_3];fw_log_drop_ex: Packet proto=17 10.20.30.40:47940 -> 20.30.40.50:161 dropped by fwpslglue_chain Reason: PSL Drop: ASPII_MT;Being aware, that such is not ideal situation, but still I am wonder, how INSPECT will decide, which service parameters will be used for traffic? How then is handling traffic in situation, where is duplicity in service objects exists and in a rule is used "any" for service?Thank you for tips to documentation or SKs related.
Oscar_David_Gom
Oscar_David_Gom inside General Topics yesterday
views 27 1

Tunnel sharing option for VPN

Hi, This is a fast question, which do you consider as the best option to configure tunnel sharing on a VPN between Google cloud and on premise checkpoint appliance. Thanks.
CCL_TAC
CCL_TAC inside General Topics yesterday
views 32 2

Smart event report doesn't display resolved names

Hello ,The reports generated by Smart event in R80.10 doesn't display the DNS names and only show the IP addresses. DNS server is configured on the Smart event object on the dashboard. Is there any other setting i need to modify ?Thanks
Danny
Danny inside General Topics yesterday
views 5419 39 30

DiagnosticsView - CPInfo Viewer

DiagnosticsView is a new Support Debug Tool for Check Point Support Engineers.It's a Windows application that replaces InfoView and offers a graphical representation of collected data from CPInfo.It's layout is highly adjustable and features the general R80 style. Panels can be re-sized, dragged and re-arranged.Thanks Check Point for developing such helpful tools for everydays support routines. InfoView was long outdated.
Wang
Wang inside General Topics yesterday
views 47 6

This error was encountered while restoring SystemBackup in R77.30's GUI

Hello, engineers, can someone help me with this problem?Thank you very much!
Wang
Wang inside General Topics Monday
views 101 8

Number of VPN tunnel connections

Hello, engineers, which engineers can help me solve this problem? The tunnel that the user establishes through the VPN client, does a user have only one tunnel?Thank you very much!
sajin
sajin inside General Topics Monday
views 42 2

IPS Blade is preventing but not enabled

I enabled Threat Prevention Blade and later disabled all Threat Prevention Blades from Policies and Layers and General properties of the Firewall but could see IPS and AB traffic in the logs which is DETECT and PREVENT. In SSH , "enabled_blades" it doesn't show the Threat Prevention Blades. The logs shows the OPTIMIZED profile is being blocked but there is no Threat Prevention in the policies. When i click OPTIMIZE profile in the log it takes me to READ ONLY MODE where in the Threat Prevention i could see the OPTIMIZED profile is enabled with all Blades. Closed the READ ONLY page and enabled back the THREAT PREVENTION Blade with IPS, AV, AB and created a new profile disabling all the Blades and installed policy. Later again disabled Threat Prevention. Now am not able to see any Threat prevention Logs.In the CPVIEW i could see the Threat prevention Blades enabled but not in "enabled_blades". Myself stimulated the same scenario in a VM and ended up with the same situation.Kindly assist whether the IPS Blades will inspect traffic based on the Blades enabled in the General profile or profile inside the Threat prevention.Firewall- R80.10