Showing results for 
Search instead for 
Did you mean: 
Create a Post
HeikoAnkenbrand inside General Topics 5 hours ago
views 119 7 5

Update R80.20+ Security Gateway Architecture (Logical Packet Flow)

Flowchart news in R80.20 and above SecureXL has been significantly revised in R80.20. This has also led to some changes in "fw monitor". There are new fw monitor chain (SecureXL) objects that do not run in the virtual machine. Now SecureXL works in part in user space. The SecureXL driver takes a certain amount of kernel memory per core and that was adding up to more kernel memory than Intel/Linux was allowing. The packet flow in R80.20+ is a little bit different from the flow lower than R80.20. Now it is possible to use async SecureXL and other new functions. This figure shows the new features with the reinjection of SecureXL packages. SecureXL supportes now also Async SecureXL with Falcon cards. That's new in acceleration high level architecture (SecureXL on Acceleration Card): Streaming over SecureXL, Lite Parsers, Scalable SecureXL, Acceleration stickiness... More informations here: R80.x Security Gateway Architecture (Logical Packet Flow) Whats new in R80.20+: Now there are several SecureXL instances possible. As a result, packets are reinjected with the neu SecureXL ID into the correct SecureXl instance again after they have been allowed by access template or rule set. After the packet has been reinjected, the SecureXL ID is added to the SecureXL connetion table and the packet is forwarded to the correct SecureXL instance. Therefore the flow is slightly different to older version before R80.20. This new mechanism also offers the possibility to transfer packets into a new SecureXL instance on Falcon cards. PXL vs. PSLXL - Technology name for combination of SecureXL and PSL. PXL was renamed to PSLXL in R80.20. This is from my point of view the politically correct better term. For the new acceleration Falcon card architecture with R80.20+ and SecureXL offloading read this article: R80.x Security Gateway Architecture (Acceleration Card Offloading):
MattDunn inside General Topics yesterday
views 292 9 4

R80.30 - A Good News Story

A few days ago I upgraded a customer from R80.10 to R80.30. They are very pleased with the improvements in SmartView, and also shared this SNMP graph with me of the difference in gateway CPU utilisation. I thought it was worth sharing with you all. See if you can spot what time I completed the upgrade? Quite remarkable! 😀
Antony inside General Topics yesterday
views 33 1

application control can't block chrome remote desktop

Recently, We want to block all remote administration applications like chrome remote desktop. We enabled the application control blade in existing 4210 R77.30 and block all remote administration applications. But it seem not work.Antony
Jessie_Rich inside General Topics yesterday
views 41 2

Internal firewall anti-spoofing

I have 2 networks separated by a firewall and then a internet facing firewall. I am getting anti-spoofing alerts on traffic passing through my internal firewall from the internet.Topology looks something like thisNetwork-A >>> InternalFW >>>> Network-B >>>>> internetFW >>>>>> InternetOn the Network-B facing interfaces on both firewalls I have only my Network-B networks defined in the topology. I assume on the InternalFW I need to add the internet to the topology on the interface connected to Network-B? To not mess up anti-spoofing on the internetFW I assume I would create separate network groups for my topology on the internal and internet firewalls?Thank you for any advice you can give.
inside General Topics yesterday
views 5098 12 12

Identity Awareness Agents SK with direct links - published!

Hi CheckMates,I have published a new SK for Identity Awareness agents with direct links and list of resolved issues for your use.The SK is sk134312.It includes the following agents:Identity CollectorIdentity Agent – FullIdentity Agent – lightIdentity Agent for MACTerminal Server Agent.We will update this SK from time to time with new versions after they will be QAed.In case you have remarks or any clarification is needed - I'm here to answer.Thanks,Royi PriovTeam Leader, Identity Awareness R&D.
Yoni-Indeni inside General Topics yesterday
views 54

Are you in an R77.30 Upgrade Rush?

A few months ago, the vast majority of Check Point firewalls out there were still running R77.30*. As the time progressed, we slowly saw people upgrading their firewalls to R80.10 and later. However, in the month of August, we saw a massive acceleration in upgrades**, in anticipation of the End of Support for R77.30 in September.This raised a few questions:1. Why are so many people waiting for the last minute to upgrade? Some may even go beyond the Sep 30th date.2. What can be done to avoid this from happening again in the future? ---------------------------------* Our data comes from Indeni Insight, which receives non-confidential data about the devices in use by our customers. These are mostly large enterprises in North America, with deployments of at least 100 firewalls.** Massive acceleration: 40% of all upgrades to R80.20, up to Aug 15 2019, occurred in the first two weeks of August. Again, this is based on just our data.
inside General Topics yesterday
views 9585 7 16

White Papers Publishing Project

Hi CheckMaters, As you may have mentioned, we are currently in the process of publishing white papers created by our Security Engineers around the globe. These documents cover various products, implementation scenarios, features and configuration details. Here is the list: Name Link A deeper dive into FQDN Objects CDT and Blink Guide to configure logging to SolarWinds LEM SIEM Configuring R80.10 GW to send logs to Log Analytics Restoring a large MDS environment in VMware from mds backup Recovering a file from Gaia Snapshot Integrating Custom IOC Feeds RulebaseExporter/RulebaseImporter Cloud Guard: Automated firewall Cluster Deployment with auto-scaling option Log cleaning rule Deploying Auto Scaling CloudGuard gateways in Azure using VM Scale Sets Tufin integration with Check Point R80 Integration of Gemalto’s MobilePass+ Secure MFA and Managed Identities with the Check Point Firewall Mobile Access Blade as an IT Automator Protecting IoT (Internet of Things) implementations with R80.10 and later Unified Policy, Protocol Signature, and Segmentation Integration with Splunk Phantom Check Point and LogRhythm: Integrated Enterprise Security ClearPass & Checkpoint utilizing RESTful API and RADIUS Accounting Azure Deployment Leveraging Capsule Docs and DLP to provide IRM Advanced Migration to R80.x Quick Guide Updating Legacy DHCP Relay To Be R80.10 Ready Protect ICS SCADA URL Filtering using SNI for HTTPS websites Using AD certificates for outbound SSL inspection Deploying CP GW/MGMT with gcloud shell Publishing SmartConsole as a RemoteApp Reducing False Positive DLP CGSaaS CloudGuard SaaS Threat Prevention Managing Threat Prevention IoCs Introduction to Management CLI and JQ Endpoint Policy Server in DMZ Deploying Endpoint clients via GPO Adding a CloudGuard Cluster into an existing AWS Environment AAD compared to NIST Logging OSPF transitions with syslog Deploying SMS & a cluster on Azure Management upgrade workbook Azure Service Principal Configuration Phantom integration Custom SmartEvent Reports Updating Endpoint Client Version from EndPoint Management Server Healthcare: Mobile Security Mobile Security Configuring NAT64 for Internet Access in R80.20 Importing Custom IOC’s in Smart Console R80.20 URL Filtering Best Practices for Large Scale Deployment SMB Technology Guide Deploying 1200R Security Gateway with Zero Touch Cloud Service SandBlast Cloud Office 365 to CloudGuard SaaS for Office 365 Migration TWC/Spectrum VOIP with SMB appliances Customer User Center Basics and Strategy How to Batch Categorize URLs Security Zones How to configure Client Authentication in R80.20 HTTPS Inspection with Cisco Umbrella Integration of Check Point Identity Collector and Cisco ISE SMS and EPM log integration using SmartLog Getting out of CPUSE Jumbo Jail Distributed IPS Integration with Extreme Networks Network Access Control (NAC) Configuring Check Point Security Gateway with an IPv6 Tunnel Broker Updating 1200R Firmware with a USB Stick Security Management Server Migration from R65 to R80.20 Ansible Deployment Guide for Check Point Minimizing SBA Notifications with Check Point GuiDBedit Using RADIUS Authentication for Remote Access VPN Check Point Compliance Checking with Secure Configuration Verification Check Point Configuration with Radware (Alteon) SSL Decrypt & URL/UserCheck Logging & Monitoring, Events & Reports with R80.10 VSX Migration - Moving one VS at a Time R80.20 Endpoint initial Configuration and Setup (CP4B Series) Absolute Beginner’s Guide to R80.x Site to Site VPN in R80.x Implementing Non-FQDN Domain Objects Utilizing GeoProtection and Updatable Objects Within the R80.20 Rulebase Inline Layer Policy Best Practice More documents to come!
inside General Topics yesterday
views 96 2

A new GA SmartConsole (Build #08) for R80.30 is available.

A new GA SmartConsole (Build #08) for R80.30 is available. Please refer to sk153153. Release Highlights: Resolved issue - On Windows 10 with .Net framework 4.8, the view is not properly updated after scrolling up or down the name column in lists, combo box, pickers etc. For full content - Please refer to sk153153. Thanks, Release Management Group
inside General Topics yesterday
views 1226 2 1

White Paper - Security Management Server Migration from R65 to R80.20

Author @Michael_Massa Abstract: Customers with legacy versions of Check Point still exist and the reasons for this can be as varied as the customers themselves. Whatever the reason the security implications of not upgrading are too great to ignore. The document is providing steps by step instructions for migrating R65 Security Management Server to R80.x. For the full list of White Papers, go here.
Wolfgang inside General Topics yesterday
views 47 1

Policy Based routing, NAT issue

Hello checkmates,I had a problem with PBR (plicy based routing) and hide NAT.We defined an automatic hide NAT on a network object with option hide behind gateway. Hide NAT works as expected,Depending the routing configuration, IP-address from interface eth0 or eth1 is used as NAT address.But if we use PBR for this network the IP-address of the interface regarding the default route is used as NAT address. Does the option "hide behind gateway" uses the outgoing interface IP as NAT address or depends this NAT address of the configured static-routes and the interface this route is directed?Is there something different with PBR and hide behind gateway NAT? ThanksWolfgang
ED inside General Topics yesterday
views 237 2

Sandblast agent for schools

Hi,I came across this one just now and thought I would share it. I have not heard about it before so maybe it's new. Have anyone tried it? SandBlast for Schools offers an easy-to-install Chrome browser-extension with G-suite integration capabilities that integrates seamlessly into the school's current cyber security infrastructure.Link to usercenter SandBlast Agent For Schools
witherford inside General Topics Thursday
views 91 2

Checkpoint Firewall for Home Lab

Hi everyone,Apologies i have put this post in the wrong place, i am completely new to checkpoint firewalls and have experience with Fortinet and Cisco, looking around at Jobs quite allot of employers i see now require experience with checkpoint firewalls.What would be a good budget firewall to purchase to use a in a Lab at home? my lab is quite straight forward at the moment it has a few Cisco switches and a Cisco Router, maybe I could throw a checkpoint firewall in and get it working to gain some experience.Any help would be much appreciated.
kingdavid_akubu inside General Topics Thursday
views 85 2

Enabling TLS inspection on security gateway

Hello Checkmates,Please how do i enable TLS inspection on a Security Gateway?Is there a guide or sk anyone can share with me?Best Regards.
HeikoAnkenbrand inside General Topics Thursday
views 616206 25 129

R80.x Architecture and Performance Tuning - Link Collection

I wrote my first article on R80.x firewall architecture a year ago. After many hours in the lab with R80.10, R80.20 and R80.30 and many long evenings, another approximately 40 articles were added. Because I lost the overview of my articles, here is a list of links to the most interesting articles with the topics:- R80.x performance tuning- R80.x architecture- R80.x new CoreXL, SecureXL and ClusterXL functions I hope I can help you with interesting information about R80.x! Thanks to everyone who contributed to the Checkmates forum and to the Check Point R&D guys as well as the Chackmates team. Architecture - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Logical Packet Flow) - Update R80.20+- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - Security Gateway Architecture (Acceleration Card Offloading)- R80.x - Ports Used for Communication by Various Check Point Modules- R80.x - How does the Medium Path (PXL) and Content Inspection work with R80- R80.x - ClusterXL CCP Encryption (R80.30+) Performance tuning - R80.x - Performance Tuning Tip - Intel Hardware- R80.x - Performance Tuning Tip - AES-NI- R80.x - Performance Tuning Tip - SMT (Hyper Threading)- R80.x - Performance Tuning Tip - Multi Queue- R80.x - Performance Tuning Tip - Connection Table- R80.x - Performance Tuning and Debug Tips - fw monitor- R80.x - Performance Tuning and Debug Tips - TCPDUMP vs. CPPCAP- R80.x - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“- R80.x - High Performance Gateways and Tuning- R80.x - Falcon Modules and R80.20- R80.x - Performance Tuning - Link Collection Cheat sheets - R80.x - cheat sheet - fw monitor- R80.x - cheat sheet - ClusterXL ClusterXL - R80.20 - new ClusterXL commands- R80.20 - More ClusterXL State Information- R80.30 - ClusterXL CCP Encryption SecureXL - R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor CoreXL - R80.x - Security Gateway Architecture (Logical Packet Flow)- R80.x - Security Gateway Architecture (Content Inspection)- R80.x - More then 40 Cores for CoreXL- R80.x - User-Mode Firewall and performance impact Management Server and SmartConsole - R80.20 - Portable SmartConsole + Tips and Tricks- R80.10 - Syslog Exporter- R80.20 - Multiple SmartConsole sessions- R80.x - Debug policy installation on gateway Sandblast and TEX - Fortigate Firewall ICAP and Sandblast (TEX)- Symantec (Bluecoat) SG ICAP and Sandblast (TEX)- ICAP and Sandblast Appliance R80.10+ - R80.10 - Syslog Exporter- R80.10 - Bash script to show IP ranges for countrys from GeoProtection (new version)- R80.10 - GEO Location Objects in Firewall Policy (with Dynamic Objects)- R80.10 - User-Mode Firewall and performance impact R80.20+ - R80.20 - new interesting commands- R80.20 - Performance Tuning Tip - DDoS „fw sam“ vs. „fwaccel dos“- R80.20 - New FW Monitor inspection points- R80.20 - SYN Defender on SecureXL Level- R80.20 - IP blacklist in SecureXL- R80.20 - New Chain Modules?- R80.20 - SecureXL + new chain modules + fw monitor- R80.20 - SecureXL - new names in "/proc/ppk/statistics"?- R80.20 - Portable SmartConsole + Tips and Tricks- R80.20 - New daemon or processes under R80.20!- R80.20 - New SecureXL path in R80.20 (CPASXL)- R80.20 - More then 40 Cores for CoreXL - R80.20 - Updatable Domain Objects and CLI Commands R80.30+ - R80.30 - new interesting commands- R80.30 - ClusterXL CCP Encryption CLI - GAIA - Easy execute CLI commands from management on gateways- GAIA - Easy execute CLI commands on all gateways simultaneously- GAIA - Create snapshots or backups on all gateways with one CLI command.- GAIA - Backup all clish configs from all gateways with one CLI command- CLISH Commands in Expert Mode easier- Show VPN Routing on CLI- Show Address Spoofing Networks via CLI- Interface speed and duplex as list- "fw ctl zdebug" Helpful Command Combinations- Check Inbound and Outbound TCP Sequece Numbers on R80.20+- R80.20 - new interesting commands- R80.30 - new interesting commands- ccp_analyzer - what is it!- Check Point - HEX to IP Converter Tool? Script - Bash script to show IP ranges for countrys from GeoProtection (new version)- GEO Location Objects in Firewall Policy (with Dynamic Objects) More - Appliance model from CLI and dmidecode with full model list- VoIP Issue and SMB Appliance (600/1000/1200/1400)- Password reset - Collection- One-liner collection- Check and config SSHv1 or SSHv2 on GAIA Copyright by Heiko Ankenbrand 1994-2019
HeikoAnkenbrand inside General Topics Thursday
views 68 1 2

R80.x Performance Tuning - Link Collection

Firewall Performance Performance Tuning R80.10 Administratio GuidePerformance Tuning R80.20 Administration GuidePerformance Tuning R80.30 Administration GuideBest Practices - Security Gateway PerformanceR80.10 Management Performance Guide Modul and XL Performance Best Practices - Security Gateway PerformanceCoreXL Dynamic Dispatcher in R77.30 / R80.10 and aboveCoreXLSecureXLVPN CoreMultiCore Support for IPsec VPN in R80.10 and aboveSMT (HyperThreading) Feature GuideNAT TemplatesDynamic NAT port allocation featureMulti-Queue does not work on 3200 / 5000 / 15000 / 23000 appliances when it is enabled for on-board ...DDoS attacks on Check Point Security GatewayHow Connections Table limit capacity behaves in CoreXLHow to create and view Suspicious Activity Monitoring (SAM) Rules What is the SecureXL penalty box mechanism for offending IP addresses?Relative speeds of algorithms for IPsec and SSL vSEC Virtual Edition (VE) Gateway support for AES-NI on VMware ESX Blade Performance SecureKnowledge: Application Control SecureKnowledge: URL Filtering SecureKnowledge: Content Awareness (CTNT) SecureKnowledge: IPS SecureKnowledge: Anti-Bot and Anti-Virus SecureKnowledge: Threat Emulation SecureKnowledge: Threat Extraction SecureKnowledge: Check Point Active Streaming (CPAS) and Passive Streaming Layer (PSL)SecureKnowledge: HTTPS Inspection FAQ Download Center: R80.10 Next Generation Threat Prevention Platforms VSX Performance VSX comming soon... Architecture R80.10 Next Generation Threat Prevention PlatformsInfinity NGTP architecture