cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
HeikoAnkenbrand
HeikoAnkenbrand inside General Topics 2 hours ago
views 8513 15 21

R80.20 - IP blacklist in SecureXL

Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses. The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets. This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level. For example, the traffic from and to IP 1.2.3.4 should be blocked at SecureXL level. On gateway set the IP 1.2.3.4 to Secure XL blacklist: # fwaccel dos blacklist -a 1.2.3.4 On gateway displays all IP's on the SecureXL blacklist: # fwaccel dos blacklist -s On gateway delete the IP 1.2.3.4 from Secure XL blacklist: # fwaccel dos blacklist -d 1.2.3.4 Very nice new function in R80.20! Furthermore there are also the Penalty Box whitelist in SecureXL. The SecureXL Penalty Box is a mechanism that performs an early drop of packets that arrive from suspected sources. The purpose of this feature is to allow the Security Gateway to cope better under high traffic load, possibly caused by a DoS/DDoS attack. The SecureXL Penalty Box detects clients that sends packets, which the Access Control Policy drops, and clients that violate the IPS protections. If the SecureXL Penalty Box detect a specific client frequently, it puts that client in a penalty box. From that point, SecureXL drops all packets that arrive from the blocked source IP address. The Penalty Box whitelist in SecureXL lets you configure the source IP addresses, which the SecureXL Penalty Box never blocks. More under this link: Command Line Interface R80.20 Reference Guide Regards, Heiko
Hugo_Marques
Hugo_Marques inside General Topics 3 hours ago
views 3630 5 1

R80.20 SecureXL drop template support

Hi,I was reading the "Performance Tuning Administration Guide R80.20" and pass by something that made me think about some upgrades that i will need to do on the next's months to R80.20 and push them forward until this is supported, at least on 2 of them that have a good amount of traffic droped by the SXL.The drop template feature on SXL still not supported. Does anyone know when it will be supported? mid 2019?Regards
ThaiHoang
ThaiHoang inside General Topics 4 hours ago
views 298 1

I can't Isomorphic download

HI!My checkpoint has fail with terminal:+==============================================================================+| CPU T: Intel(R) Celeron(R) M processor Base Memory : 640K || CPU I: 06D8/20D Extended Memory :1038336K || CPU C: 1.50GHz Cache Memory : 1024K ||------------------------------------------------------------------------------|| Diskette Drive A : None Display Type : EGA/VGA || Diskette Drive B : None Serial Port(s) : 3F8 2F8 || Pri. Master Disk : None Parallel Port(s) : None || Pri. Slave Disk : None DDR2 at Bank(s) : 0 2 || Sec. Master Disk : None || Sec. Slave Disk : None |+==============================================================================+ PCI device listing ...Bus No. Device No. Func No. Vendor/Device Class Device Class IRQ--------------------------------------------------------------------------------0 2 0 8086 2592 0300 Display Cntrlr 50 29 0 8086 2658 0C03 USB 1.0/1.1 UHCI Cntrlr 150 29 1 8086 2659 0C03 USB 1.0/1.1 UHCI Cntrlr 150 29 2 8086 265A 0C03 USB 1.0/1.1 UHCI Cntrlr 10Verifying DMI Pool Data ...........I want download ISOmorphic but i can't. Website notifice :"You are not entitled to download this file."Pls, help me!!!Thanks for your help
Junior
Junior inside General Topics 5 hours ago
views 94 1

botnet activity detection

Hello dear, The checkpoint firewall detected botnet activity on one of our DNS servers, and another on a computer network. To my knowledge the firewall is supposed to block such activity? How to get rid of this infection, I launched the ESET ENDPOINT Security antivirus but nothing found.
Pedro_Roure
Pedro_Roure inside General Topics 5 hours ago
views 120 1

Captive Portal and HTTPS

Hi, I created a rule to redirect the traffic destined to http e https ports from a specific network segment to the captive portal (identity awareness blade). The rule was created using an Acess Role as source (the access role was configured only with the specific network segment). The redirect to the captive portal works perfectly when the user access a HTTP (clear-text) site, but when the users access an HTTPS (encrypted) site, the redirect does not work (browser tries to connect until timeout). Is there any way to the redirect to the captive portal works with HTTPS sites? PS: The HTTPS Inspection is enabled for all traffic originated from the specific network segment mentioned above.
Thomas_Allen
Thomas_Allen inside General Topics 5 hours ago
views 174 1

Manage users with Centrify

Is anyone using Centrify to manage their Gaia deployments? We are going to have a POC with Centrify later this month for our servers, databases, etc., and I'm sure there will be a push to also manage the firewalls. I have only started reading about Centrify and Gaia, but it sounds like there are a lot of "gotchas", and not so much benefit. The Centrify deployment would be managed outside of security team, I'm not very fond of giving up control over gateways to another system/group that is not in the security team.
Michael_Carson
Michael_Carson inside General Topics 6 hours ago
views 261 2

License CheckPoint 4400

Good Morningsince I expired my license, when creating a rule for example to restrict bandwidth, it does not work.my question is, if the expired license has something to do?
Maik
Maik inside General Topics 7 hours ago
views 1748 9 5

TCP SACK PANIC - Kernel vulnerabilities | Check Point affected?

Hello, Just wanted to ask for a statement from Check Point regarding CVE-2019-11477, CVE-2019-11478 & CVE-2019-11479. As redhat posted a statement and mentioned several releases are affected my guess is, that Check Point with GAiA is affected too (as based on RH Linux...).Details can be read below:https://access.redhat.com/security/vulnerabilities/tcpsack Regards,Maik
MattDunn
MattDunn inside General Topics 9 hours ago
views 905 4

Okta vs DUO?

Does anyone use or have an good/bad opinion on either Okta or DUO 2FA? I have a customer asking which is better suited for use with Capsule VPN. A quick Google search shows both are pretty neck and neck, so does anyone have any other real world input to offer?
Maik
Maik inside General Topics 13 hours ago
views 671 5

Question regarding R80.20 software release

Hello guys, I have a quite basic qustion which got me confused so far.It is related to a gateway upgrade from R80.10 to R80.20 - for that I used the upgrade wizard which pointed me to the file "Check_Point_R80.20_T101_Fresh_Install_and_Upgrade_Security_Gateway.tgz", linked here.That's fine and the installation can be accomplished via cpuse - CLI or WebUI. However, what I do not unserstand is, the related jumbo hotfix package, that is included - or not included.The file name itself mentions "T101", but this can't be related to the latest jumbo hotfix release which is release take 80 - or GA just take 47.The package itself for the fresh install or upgrade (within cpuse) was updated on the 30th April - which roughly translates to the latest jumbo hotfix release (which was released on the 25th).So my question is - does the install/upgrade come with a jumbo hotfix or do I need to install one on top? Thanks and best regards,Maik
Heath_Mote
Heath_Mote inside General Topics 13 hours ago
views 380 3

Support portal : Cannot view tickets

When I go to support center and click on 'My Service Requests' I get taken to https://help.checkpoint.com/Guest/. Which only looks like it wants me to open a new ticket. This is what happens when using Chrome. I get the same results with Edge.Is anyone else experiencing this? We have a couple of tickets opened and cannot currently track these issues. Thanks!
bllackpython
bllackpython inside General Topics 13 hours ago
views 470 2

Strange behaviour after R80.20 upgrade

Ever since upgrading our Checkpoints to R80.20 (from R80.10) we are having some issues with receiving mail from certain sources (which so far seems to be Microsoft).For instance if I try the following test:https://testconnectivity.microsoft.com/I get:Attempting to resolve the host name X in DNS. -The host name resolved successfully.Testing TCP port 25 on host X to ensure it's listening and open. -The port was opened successfully. Analyzing SMTP Capabilities for server X:25 -SMTP Capabilities were analyzed successfuly. 250-X 250-PIPELINING 250-SIZE 26214400 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSNAttempting to send a test email message to X@X using MX X. -Delivery of the test email message failedThe server returned status code -1 - Failure sending mail.Exception details:Message: Failure sending mail.Type: System.Net.Mail.SmtpExceptionStack trace:at System.Net.Mail.SmtpClient.Send(MailMessage message)at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()Exception details:Message: Unable to connect to the remote serverType: System.Net.WebExceptionStack trace:at System.Net.ServicePoint.GetConnection(PooledStream PooledStream, Object owner, Boolean async, IPAddress& address, Socket& abortSocket, Socket& abortSocket6)at System.Net.PooledStream.Activate(Object owningObject, Boolean async, GeneralAsyncDelegate asyncCallback)at System.Net.ConnectionPool.GetConnection(Object owningObject, GeneralAsyncDelegate asyncCallback, Int32 creationTimeout)at System.Net.Mail.SmtpConnection.GetConnection(ServicePoint servicePoint)at System.Net.Mail.SmtpClient.GetConnection()at System.Net.Mail.SmtpClient.Send(MailMessage message)Exception details:Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond x.x.x.x:25Type: System.Net.Sockets.SocketExceptionStack trace:at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)Elapsed Time: 21010 ms Microsoft seem to be the only connections coming in with the ECN,CWR flags set. If we trace the external Interface we can see SYN,ECN,CWR packets come in from Microsoft:10:28:46.056526 IP mail-oln040092068072.outbound.protection.outlook.com.52849 > x.x.x.x.smtp: SWE 3702938783:3702938783(0) win 8192If we trace the internal interface we see a RST packet going to the Load Balancer:10:02:52.605181 IP mail-oln040092066014.outbound.protection.outlook.com.24619 > x.x.x.x.smtp: R 3928789066:3928789066(0) ack 0 win 0 We do not have MTA setupAny ideas?
Valeri_Loukine
inside General Topics 15 hours ago
views 5115 30 1
Admin

Propose your Idea of the Year!

Yes, this is this time of year, again. Same as one year ago, we turn to the community and ask you, good folks, to propose the idea of the year. Or, better: The Idea Of The Year! The rules are the same as before, it is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones. Do you think we miss something important or we should consider to expand our product portfolio, feature set, functionalities, get to a completely new playground, change the rules of the game? Tell us NOW! A few disclaimers/notes: There are no guarantees that any idea suggested will be developed, even the "Idea Of The Year", From the suggestions below, we will choose 3-5 ideas which will be put up for voting later on, Preference will be given to ideas that come from customers and partners, though employees are welcome to participate as well. "Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known! @Dorit_Dor and R&D leaders will choose the best ideas, and if you win, you will get a prize! What prize? We will tell you later. Get creative, use your imagination and PROPOSE!
Sigbjorn_Eik
Sigbjorn_Eik inside General Topics 15 hours ago
views 426 1

External Monitoring system

How are people monitoring their infrastructure and gateways today?Our infrastructure has a good mix of cloudguard, appliances and open servers. The biggest clusters being VSLS VSX on Open Server.We're looking to get a monitoring system to monitor and correlate events over all over firewalls, including the bare metal the open server is running on, cisco switches and routers etc.Zenoss just presented their system, which on paper looks very good. But does anyone have experience monitoring Check Point with it?In particular VSX VSLS Open Server clusters with more then two nodes? (So you have Active/Standby/Backup state, where some monitoring systems present the backup nodes as down.)
Di_Junior
Di_Junior inside General Topics 16 hours ago
views 1915 14

Check Point Clustering between two Datacenters

Dear Mates We are currently experiencing routing assymetry on our infrastructure, and we are trying to find possible solutions that could help us solve the problem.I would like to know whether there is a limitation in terms of creating a Check Point cluster over two geographically separeted Datacenters (Few Kilometers away from each other). Is there any distance constraints? If there is no a distance constraint, since the current version of GAIA we are using (R80.20) does not support Load-sharing, we do not intend to have 4 appliances in a cluster while only one is taking all the traffic.Can Maestro be used in order to take advantage of the 4 appliances?The rationale for this question is because we are thinking of turning the 4 Check Point Appliances into a single cluster. Thanks in Advance