cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Di_Junior
Di_Junior inside General Topics a minute ago
views 23 3

URL Filtering acess to specific link

Hi Mates We are trying to allow a link to specific youtube video using custom application/site in Application and URL Filtering.What is happening is that when we copy the URL from the browser and create the custom application/site, use it in the rule with an Access role, the users in the access role are only able to play the video up to the minute/second when the link was copied from the browser. After reaching the time, the video no longer plays.Any help as to what could be the reason behind this behavior? Is there anything we are missing? The blade is enabled, HTTPS is enabled as well. We are using R80.20 Thanks in advance
Di_Junior
Di_Junior inside General Topics 3 hours ago
views 33 2

Check Point Clustering between two Datacenters

Dear Mates We are currently experiencing routing assymetry on our infrastructure, and we are trying to find possible solutions that could help us solve the problem.I would like to know whether there is a limitation in terms of creating a Check Point cluster over two geographically separeted Datacenters (Few Kilometers away from each other). Is there any distance constraints? If there is no a distance constraint, since the current version of GAIA we are using (R80.20) does not support Load-sharing, we do not intend to have 4 appliances in a cluster while only one is taking all the traffic.Can Maestro be used in order to take advantage of the 4 appliances?The rationale for this question is because we are thinking of turning the 4 Check Point Appliances into a single cluster. Thanks in Advance
Heath_Mote
Heath_Mote inside General Topics 3 hours ago
views 22 1

Support portal : Cannot view tickets

When I go to support center and click on 'My Service Requests' I get taken to https://help.checkpoint.com/Guest/. Which only looks like it wants me to open a new ticket. This is what happens when using Chrome. I get the same results with Edge.Is anyone else experiencing this? We have a couple of tickets opened and cannot currently track these issues. Thanks!
Valeri_Loukine
inside General Topics 4 hours ago
views 869 29 1
Admin

Propose your Idea of the Year!

Yes, this is this time of year, again. Same as one year ago, we turn to the community and ask you, good folks, to propose the idea of the year. Or, better: The Idea Of The Year! The rules are the same as before, it is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones. Do you think we miss something important or we should consider to expand our product portfolio, feature set, functionalities, get to a completely new playground, change the rules of the game? Tell us NOW! A few disclaimers/notes: There are no guarantees that any idea suggested will be developed, even the "Idea Of The Year", From the suggestions below, we will choose 3-5 ideas which will be put up for voting later on, Preference will be given to ideas that come from customers and partners, though employees are welcome to participate as well. "Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known! @Dorit_Dor and R&D leaders will choose the best ideas, and if you win, you will get a prize! What prize? We will tell you later. Get creative, use your imagination and PROPOSE!
Vikas_Arya
Vikas_Arya inside General Topics 8 hours ago
views 18

R80.20 - CCSA and CCSE learning modules

Hi,I am new in checkpoint and start learning from CCSA and CCSE. Please suggest the R80.20 CCSA and CCSE learning guide. RegardsVikas
JonWilliams
JonWilliams inside General Topics 8 hours ago
views 50 4

NAT through VPN

Hi, i am trying to setup a vpn to a asa and we are natting on our side. On their enc domain (crypto acl) they only have our nat address as their destination.Am i right in thinking that on our side i have to have the real and nat adress as the source on our side (Enc domain) ? If i only have the nat address, i have to add a normal acl to allow the real address through to talk to the destination and it will always use that rather than the enc domain rule ? Sorry, my Checkpoint exp is limited. Any help gratefully received.
JonWilliams
JonWilliams inside General Topics 10 hours ago
views 396 4

Nat through site to site vpn

Hi, I am trying to setup a nat through a site to site vpn. we have a weird setup where our internal source is a public ip /32 talking to a dest public ip /32. When i do a no nat rule it works ok. Issue being that our internal ip is a public ip address in italy so they cannot route to it.i then nat our internal to a spare public ip off our cp range and the tunnel breaks. no nat rule issource ip - dest ip - source nat to public spare ipdest ip - source ip (Public) - denat dest to real ipMy encruption domain is source (real and public) des(dest public) Any help, greatly received,, thanks
Alibi
Alibi inside General Topics yesterday
views 162

Error installation CP VPN E80.92

I can't install CP VPN E80.92 downloaded from https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk145092with error in logs:Error 1935. An error occurred during the installation of assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.42",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x8007054F. assembly interface: IAssemblyCacheItem, function: Commit, component: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}I execute it with admin privilegies from cmd with command like 'msiexec /i "C:\Work\E80_92_CheckPointVPN.msi" /L*V C:\CP_VPN_install.log /qb! USERINSTALLMODE=5' Full log attached to this post. Reinstallation redistributable packages of 2008, 2010, 2015/2017/2019 VC didn't resolve my issue
guyxgreen
guyxgreen inside General Topics yesterday
views 43 1

Passing SPAN (Port-Mirror) Through Firewall Appliance

Hi guys, I have the following topology:Switch A <-> Firewall <-> Switch B The firewall is running in Bridge-Mode. I want to configure SPAN on Switch A so that it will arrive to Switch B.Is it possible using Bridge-Mode? Is there any special configuration I need to create under the specific Bridge-Group or physical interfaces? Will I be able to apply security elements such as policy and IPS on this traffic?
MattDunn
MattDunn inside General Topics yesterday
views 252 3

Okta vs DUO?

Does anyone use or have an good/bad opinion on either Okta or DUO 2FA? I have a customer asking which is better suited for use with Capsule VPN. A quick Google search shows both are pretty neck and neck, so does anyone have any other real world input to offer?
Jan_Vejling1
Jan_Vejling1 inside General Topics yesterday
views 166 4

Checkpoint lab FW keeps using old DNS server

We have a LAB fw which - in vain - keeps trying to talk to a shut down DNS server.It asks for resolver(1-5).chkp.ctmail.comThe 1st, second and third Dns server (as seen typing show DNS in clish) are ok but nevertheless it keeps trying to talk to our old DNS server. We are on VSX mode so Web UI is not supported.I need to completely delete all reference to dns 10.46.46.46How can i do that, and where else (if not in DNS setup) coul the old server exist in the configuration? /Jan Vejling
PhoneBoy
inside General Topics yesterday
views 1389 12 10
Admin

R80.30 Technical Update TechTalk

Our 12 June 2019 TechTalk on R80.30 covered the following topics: New Check Point Appliances (16000 and 26000 Series) R80.30 OS Kernel 3.10 User Mode Firewall New in SSL Inspection Web Threat Extraction Presentation Materials are available for CheckMates members: Video (excerpt below) R80.30 Technical Overview Presentation Q&A from the session that we did not get answers for will added in the comments in the coming days. LITHIUM.OoyalaPlayer.addVideo('https:\/\/player.ooyala.com\/static\/v4\/production\/', 'lia-vid-Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhKw1600h900r6', 'Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhK', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"1600px","height":"900px"});(view in My Videos)
HEnRY
HEnRY inside General Topics yesterday
views 389 4

DHCP on Check Point 3200

Hello Mates, Kindly assist i have my device Gaia R80.10 device up and running in production. 1. At the moment i am using Static IP address config to assign ip addresses to end users. 2. I want to users to get DHCP addresses automatically. 3. I have used sk92768 but not successful.4. I dont have an external DHCP servderKindly assist.
Patricio_Gavila
Patricio_Gavila inside General Topics Friday
views 90 5

Messages of mux error on a cluster (active-standby) in r80.20

Hi all,I have a Lenovo System x3650 M5 (compatibility matrix) with GAIA r80.20 (jumboHF take 80) in distributed deployment. The server firmware is updated to the last level, and with the r77.30 version works great. I have many problems with the Internet, for example, images and Office 365 emails take too long to load, even when the user is in an unrestricted rule. This did not happen with r77.30. In active Gateway shows error messages in file /var/log/messages: Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc20085221670, app_id=1, mux_state=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20092970c00.Jun 12 14:19:57 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2008275e530, app_id=1, mux_state=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2005f6a5c00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_task_handler: ERROR: Failed to handle task. task=ffffc2011e77b7b0, app_id=1, mux_state=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200d97bfc00.Jun 12 14:19:58 2019 FW-NODO1 kernel: [fw4_4];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200a775bfb0, app_id=1, mux_state=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc2027cc1a420.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_task_handler: ERROR: Failed to handle task. task=ffffc200aa947b30, app_id=1, mux_state=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200dffa5810.Jun 12 14:19:59 2019 FW-NODO1 kernel: [fw4_3];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_task_handler: ERROR: Failed to handle task. task=ffffc2007f670b30, app_id=1, mux_state=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc200c6950420.Jun 12 14:20:00 2019 FW-NODO1 kernel: [fw4_2];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_task_handler: ERROR: Failed to handle task. task=ffffc20122ccdb70, app_id=1, mux_state=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];mux_soc_result_handler: ERROR: Failed to handle task queue. mux_opaque=ffffc20068218810.Jun 12 14:20:01 2019 FW-NODO1 kernel: [fw4_5];tls_main_send_record_layer_message: mux_soc_result_handler failedJun 12 14:20:02 2019 FW-NODO1 kernel: [fw4_5];cpas_newconn_ex : called upon something other than tcp SYN. Aborting My question is if anyone knows if it is possible to deactivate the mux?. Otherwise I will rollback to r77.30.My concern is: because Check Point sells a poorly tested product and even more wants to force customers to migrate from r77.30 to r80, knowing that the r77.30 version is the best they have had in many years. The r80 version has too many problems, but even in cluster, the truth is impressive the failures of the product. Thanks,Patricio G.
Wolfgang
Wolfgang inside General Topics Friday
views 104 2

2200 appliacne R80.20 failure

Dear folks,we are running R80.20 on an 2200 appliance since 2 month without problems.This week some problems occurs. We got a lot of errors like these:Jun 13 11:19:25 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=1 flags=1 opcode=15)Jun 13 11:19:26 2019 XXXXX kernel: [fw4_0];fwmutlik_do_sequence_accounting_on_entry: bad dir -1 (gconn_segment=0 flags=1 opcode=15)If we do a restart of the appliance they can't install policy (policy install failed) and default policy is loaded.A manual fw fetch after restart loads the actual policy, but the shown errors occurs again after some minutes.Any ideas or seen this error anywhere?Wolfgang