Showing results for 
Search instead for 
Did you mean: 
Create a Post
MP inside General Topics 3 hours ago
views 84 6

SmartView Logs Export

Hi, CheckMates, I'm new to checkpoint (3weaks of management now), we migrated from TMGs.We still have rules that we need to tune, I would like to export logs to excel day by day to be more easy to filter and study so I can see what new rules I need, and what rules I don't need. But I'm struggling to get the logs to CSV, I trying vi https://MGMT_IP/SmartView to be able to export up to 1 million log entries.This is what I am doing:-Open SmartView-Create the log range-Export logs to CSV option-And waitAnd it stays like this forever:The problem is I wait forever... I let the all weekend the job of export one day and on Monday it still not finish.What is Iam doing wrong? Can you help me?Thanks all in advance for the help.King Regards
6dd15084-b97a-4 inside General Topics 3 hours ago
views 20 3

Hotifix installtion 345 r77.30

I have 1 Management server with Gaia r77.30 which i wanted to install hotfix 345 can you help me what precation should i take before install this on Management and Cluster configured firewall.
TheRealDiZ inside General Topics 4 hours ago
views 2686 8 2

SecureXL R80.20 - Issue on ALL High TCP Ports

Hey guys, After upgrade from R77.30 to R80.20, I notice that I got issue on all connections with high TCP ports passing through a VPN tunnel.That was huuuge... Fortunately after the upgrade I have immediately tried to disable SecureXL acceleration as per and solved the issue. Anyone has experienced this issue before? I know that in R80.20 SecureXL was moved to Fw_Worker.Anyone can explain to me the difference from R77.30 in detail?I think that probably this mechanism change is causing issue on all connections with high tcp ports. BRLuca
inside General Topics yesterday
views 3845 15 10

R80.30 Technical Update TechTalk

Our 12 June 2019 TechTalk on R80.30 covered the following topics: New Check Point Appliances (16000 and 26000 Series) R80.30 OS Kernel 3.10 User Mode Firewall New in SSL Inspection Web Threat Extraction Presentation Materials are available for CheckMates members: Video (excerpt below) R80.30 Technical Overview Presentation Q&A from the session that we did not get answers for will added in the comments in the coming days. LITHIUM.OoyalaPlayer.addVideo('https:\/\/\/static\/v4\/production\/', 'lia-vid-Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhKw1600h900r756', 'Z5eGV5aDE6fnC-Agpm6LnD4j--S7jVhK', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"1600px","height":"900px"});(view in My Videos)
B_P inside General Topics yesterday
views 109 6

Windows Updates Blocked Without Firewall Log

HTTPS Inspection logs an inspectIPS logs a detectFirewall logs nothingClient gets a "couldn't connect" errortcpdump & fwmon shows some communicationHTTPS Inspection has "Bypass HTTPS ... for software update services" checkedR80.30?????
Yoni-Indeni inside General Topics yesterday
views 350 16

Are you in an R77.30 Upgrade Rush?

A few months ago, the vast majority of Check Point firewalls out there were still running R77.30*. As the time progressed, we slowly saw people upgrading their firewalls to R80.10 and later. However, in the month of August, we saw a massive acceleration in upgrades**, in anticipation of the End of Support for R77.30 in September.This raised a few questions:1. Why are so many people waiting for the last minute to upgrade? Some may even go beyond the Sep 30th date.2. What can be done to avoid this from happening again in the future? ---------------------------------* Our data comes from Indeni Insight, which receives non-confidential data about the devices in use by our customers. These are mostly large enterprises in North America, with deployments of at least 100 firewalls.** Massive acceleration: 40% of all upgrades to R80.20, up to Aug 15 2019, occurred in the first two weeks of August. Again, this is based on just our data.
Dave inside General Topics yesterday
views 160 9

Whatsapp taking long time "Connecting" and not receiving new notifications

We are providing guest wifi access and do application and url filtering.Most of the stuff we want to allow is working, only Whatsapp exhibits not fully functional behaviour.Every time you open the app on your phone, it will be "Connection" for quite some time, after being patient for a while you can start sending messages, but because of this behaviour users are not receiving any notifications when new messages arrive.This leads me to believe the connection gets cut when you push the app to the background or lock your phone and it needs to reestablished.Users now only see new messages when they are actively using Whatsapp.Is there a way to go around this and solve so new messages will pop up on your screen when arriving?
Khalid_Aftas inside General Topics yesterday
views 87 4

R80.20 Ipsec VPN issues

Hi, After upgrade to r80.20 in multiple gateway, we started having issue with a lot of VPN that were running without problem in 80.10 case 1 : VPN with partner down, i had to make him disable NAT-T option for it to work again.Case 2 (most critical) : Amazon Web Services, once phase 2 proposition from aws come, CP accept it, then decide to propose again another negotiation, during few minutes complete cut out of the traffic. Other cases in other GW with simlar issues. Opened a case in the TAC, they made me install some special hotfix, with no succes. What changed in R80.20 regarding vpn ? i hope there is a solution for these issues. [CPFC]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[MGMT]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[FW1]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87HOTFIX_R80_20_JHF_T87_190_MAINHOTFIX_R80_20_JHF_T87_174_MAINHOTFIX_R80_20_JHF_87_90_002_MAINFW1 build number:This is Check Point's software version R80.20 - Build 100kernel: R80.20 - Build 001[SecurePlatform]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CPinfo]No hotfixes..[DIAG]No hotfixes..[PPACK]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CVPN]HOTFIX_R80_20_JUMBO_HF_MAIN Take: 87[CPUpdates]BUNDLE_R80_20_JUMBO_HF_MAIN Take: 87
Nikolaos_Tsitso inside General Topics yesterday
views 88 5

Cluster Upgrade 77.30 to 80.20 with traffic handling problems

Hi @all, yesterday we have try to upgrade a cluster from 77.30 to 80.20.The connectivity upgrade works fine without any problems. After the upgrade the web servers behind the cluster was not reachable from the Iinternet.On the tcpdump we can see that the traffic can reach the firewall, but on fw monitor we cannot see any traffic that is handled by the firewall.Also we don't see any drops in the fw ctl zdebug + drop.We have also try to change the nat rules to automatic but the problem still exists.We have revert to prior version 77.30 and everything works again fine.Has anyone a idea?
inside General Topics yesterday
views 6618 20 9

White Paper - URL Filtering using SNI for HTTPS websites

Author @Kevin_Jones Abstract The document describes how to leverage Server Name Indication (SNI) when using URL Filtering Software Blade. For the full list of White Papers, go here.
Klapesh_3477 inside General Topics Wednesday
views 65 2

CheckPoint VPN Ipse VPN

Hi All, we have CheckPOint NXG 5400 Device With Cluster, we are Configure IPsec Vpn in Checkpoint With Dynamic ID Settings ( Email OTP ) , we are Successfully Getting Email OTP When We try to Connect From Windows Machin, but When we try to Connect Client With MAC OS 10.14 Version that Time User Will Directly Authentication Without asking OTP, is any Solution for that please guide me, Waiting for your appreciated Reaplys..
Marcelo_Fontana inside General Topics Wednesday
views 69 2

CheckPoint VE connectivity issues with standby cluster member

After migrating from cluster 80.10 (VSX) to 80.10 (VE), we have identified the following issue with the standby member.- Zabbix can't collect information.- Standby member cannot go to internet- Tacacs authentication does not work.- Does not receive routes via OSPFIn contact with our SE he reported that another customer who migrated from 77.30 (VE) to 80.10 (VE), started to have this same problem.We can solve almost all problems by creating no-NAT rules for interface IPs, the only problem that remains is OSPF.On the active member OSPF works normally, if we fail over the standby member works normally and the standby member has the above problems.I have already called calling with TAC, and this other client has also called but so far no answers.Has anyone faced this problem and managed to solve the problem with OSPF?The error you are experiencing on routerD cluster is due to OSPF.NOTE :::Everything works normally on either member since it was active in the cluster. fw verThis is Check Point's software version R80.10 - Build 068---------------------------------------------------------------------------------------------cphaprob statCluster Mode: High Availability (Active Up) with IGMP MembershipNumber Unique Address Assigned Load State1 100% Active2 (local) 0% DownLocal member is in current state since Wed Aug 21 08:48:55 2019---------------------------------------------------------------------------------------------cphaprob -l listDevice Name: routedRegistration number: 2Timeout: noneCurrent state: problemTime since last report: 2670.7 sec---------------------------------------------------------------------------------------------fw ctl pstatSystem Capacity Summary:Memory used: 10% (1561 MB out of 14950 MB) - below watermarkConcurrent Connections: 30 (Unlimited)Aggressive Aging is enabled, not activeHash kernel memory (hmem) statistics:Total memory allocated: 1564475392 bytes in 381952 (4096 bytes) blocks using 1 poolTotal memory bytes used: 0 unused: 1564475392 (100.00%) peak: 556701100Total memory blocks used: 0 unused: 381952 (100%) peak: 140227Allocations: 233296966 alloc, 0 failed alloc, 230282398 freeSystem kernel memory (smem) statistics:Total memory bytes used: 2672499956 peak: 2974774852Total memory bytes wasted: 5024683Blocking memory bytes used: 5970872 peak: 7632000Non-Blocking memory bytes used: 2666529084 peak: 2967142852Allocations: 449971 alloc, 0 failed alloc, 445902 free, 0 failed freevmalloc bytes used: 2660849364 expensive: noKernel memory (kmem) statistics:Total memory bytes used: 1372718648 peak: 1911725536Allocations: 233739921 alloc, 0 failed alloc230722602 free, 0 failed freeExternal Allocations: 0 for packets, 78677423 for SXLCookies:2052132 total, 0 alloc, 0 free,1827 dup, 1793398 get, 6635 put,3263543 len, 0 cached len, 0 chain alloc,0 chain freeConnections:25630 total, 7377 TCP, 17328 UDP, 3 ICMP,922 other, 0 anticipated, 0 recovered, 30 concurrent,6443 peak concurrentFragments:0 fragments, 0 packets, 0 expired, 0 short,0 large, 0 duplicates, 0 failuresNAT:5/0 forw, 0/0 bckw, 2 tcpudp,0 icmp, 2-167 allocSync:Version: newStatus: Able to Send/Receive sync packetsSync packets sent:total : 87662, retransmitted : 0, retrans reqs : 0, acks : 0Sync packets received:total : 0, were queued : 0, dropped by net : 0retrans reqs : 0, received 0 acksretrans reqs for illegal seq : 0dropped updates as a result of sync overload: 0Callback statistics: handled 6 cb, average delay : 2, max delay : 4 ---------------------------------------------------------------------------------------------show ospf summaryOSPF Router with ID Instance defaultSPF schedule delay: 2 secsHold time between two SPFs: 5 secsNumber of Areas in this router: 1Normal: 1 Stub: 0 NSSA: 0RFC1583 compability mode is onNumber of Virtual Links in this router: 0Number of UpEvents: 1 Number of DownEvents: 0Default ASE Cost: 1Default ASE Type: 1Area: backboneNumber of Interfaces in this area: 1Number of ABRs: 0 Number of ASBRs: 0Number of times SPF Algorithm executed: 2No Area Ranges ConfiguredNo Area Stubnets Configured ---------------------------------------------------------------------------------------------show ospf interfacesName IP Address Area ID State NC DR Address BDR Address Errorseth0.3346 DR 0 N/A 0 --------------------------------------------------------------------------------------------- show ospf errorsHello Protocol ErrorsBad Size 0 Network Mask Mismatch 0Dead Interval Mismatch 0 Hello Duplicate Router ID 0External Option Mismatch 0 NSSA Option Mismatch 0Runt 0 Hello Timer Mismatch 0Link State Update ErrorsRunt 0 LSU Duplicate Router ID 0LSU TooLow 0 BadCSum 0BadLSType 0 ASEinStub 0Type7inNonNSSA 0 LSU TooNew 0BadLSReq 0 SeqNumWrap 0Invalid SeqNum 0 SummaryinTotalStub 0BadRouterLSASize 0 BadNetworkLSASize 0BadSummaryLSASize 0 BadASELSASize 0BadType7LSASize 0Link State ACK ErrorsLSAck Duplicate Router ID 0 LSAck TooLow 0BadSize 0 QuestionAck 0BadLSType 0Link State Request ErrorsLSR Duplicate Router ID 0 BadSize 0BadState 0 Empty Request 0Database Description ErrorsASEinStub 0 Type7inNonNSSA 0MTU 0 BadLSType 0NotDuplicate 0 BadSize 0OptionsMismatch 0 DuplicateLSA 0DD Duplicate Router ID 0 InitSet 0Runt 0 MasterMismatch 0SlaveSeq 0 MasterSeq 0DD TooLow 0Protocol ErrorsBad Area ID 0 Area ID Mismatch 0AuthCryptoSeq 0 AuthKey 0AuthKeyId 0 AuthKeyTime 0AuthKeyType 0 BadDestination 0Checksum 0 NoNeighbor 0NoOspf 0 Size 0Version 0 NonLocal 0VirtualLink 0 NoVirtualNeighbor 0IfDown 0 PacketType 0Passive Interface 0 TX 0ZeroRID 0IP ErrorsProtocol 0 BadSource 0BadDestination 0 Size 0NoSuchIndex 0 OwnPacket 0
Jain_Raj inside General Topics Wednesday
views 1158 13 2

Zero Downtime Upgrade From R77.30 to R80.20

As this is a season of R80 Upgrade, just sharing my experience of recent upgrades in the live environment from R77.30 to R80.20 without any service down1.Upgrade the DA Agent to the latest version2.Upload the R80.20 Image through CPUSE and verify for any errors3. In CMA cluster Properties, Select Maintain current cluster Active member4.Upgrade on the current standby FW(CPUSE) and let it Reboot5. Once rebooted, Change the Gateway Object to R80.20 version(It will change for all 3 objects)6.Install policy(Uncheck the option- For gateway clusters, if installation on a cluster member fails, do not install on that cluster)7. Check the HA in new version FW,(HA module not started or it may be Ready)8. Now do the upgrade in another gateway, During a reboot, the other pair on HA not started/Ready will become Active9.No service Interruption and the other FW will take HA Active10.Reinstall policy by again (Uncheck) the optionNow verify both status and do a final Policy Installation by "Keep Check" the actions11. Now Install the Hotfix.R80.20 Jumbo Hotfix Accumulator General Availability(Take 87)
Srinivasan_N inside General Topics Wednesday
views 7952 13 2

Cluster-Interfaces down

Hi Experts We've configured cluster (HA) and we see 2 interfaces are down in Active and 4 interfaces are Down in standby firewall. Is this due to cabling problem in the switch. Please assist.Active Device:****************[Expert@FW]# cphaprob statCluster Mode: High Availability (Primary Up) with IGMP MembershipNumber Unique Address Assigned Load State1 (local) 100% Active Attention2 0% Down[Expert@FW]# cphaprob -a ifRequired interfaces: 8Required secured interfaces: 1Mgmt UP non sync(non secured), multicastSync UP sync(secured), multicastLan1 UP non sync(non secured), multicastLan2 UP non sync(non secured), multicastLan3 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast ---->>>Lan4 Inbound: UP Outbound: DOWN (16151.5 secs) non sync(non secured), multicast Lan5 Inbound: DOWN (16151.2 secs) Outbound: DOWN (16151.5 secs) non sync(non secured), multicast --->>>>Lan6 UP non sync(non secured), multicastStandby Device:******************[Expert@FW]# cphaprob statCluster Mode: High Availability (Primary Up) with IGMP MembershipNumber Unique Address Assigned Load State1 100% Active Attention2 (local) 0% Down[Expert@FW]# cphaprob -a ifRequired interfaces: 8Required secured interfaces: 1Mgmt UP non sync(non secured), multicastSync UP sync(secured), multicastLan1 UP non sync(non secured), multicastLan2 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast Lan3 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast ------->>>>Lan4 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast Lan5 Inbound: DOWN (16222.1 secs) Outbound: DOWN (16222.3 secs) non sync(non secured), multicast ------->>>>>Lan6 UP non sync(non secured), multicast
Josh_Wilson inside General Topics Wednesday
views 2371 19 2

Best Practices for Identity Collector Architecture

Is there a "best practices" doc available that gives coverage of proper IDC architecture, specifically in VSX environment with multiple VS running IDA? Should IDC agents be configured with each IDA enabled VS as a gateway (IDC agent side)? Should only VS0 run IDA and share out the database to each VS? I'm having a difficult time finding the best way to implement this IDC on VSX in regard to reliability first, redundancy second, and performance third.Thanks,Josh