cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Is there SNI support for inbound HTTPS inspection in R80.20?

Hi,on gws R80.20 can I do HTTPS inspection on inbound connections that require SNI since on the server there are some virtual hosts with different certificates? If yes how? Thanks in advance 

Threat Emulation (MTA+BCC) - multiple logs generated with the same event

Hi All, Currently I have TE (R80.20 version) and the management server (R80.30 version). The TE runs MTA with BCC mode. From the management server, I can see the email traffic has copied already to my gateway, but there a lot of logs are generated with the same event. After my short investigation, multiple logs represent the number of recipient. Does Threat Emulation will emulate every single recipient and made it as multiple sessions? or something unusual happens here? Please find below the capture. Thanks for your all kindness.    

Domain based IPS exception

Hello, could not find a solution for this. Some users need SSH access with a random port range to a domain based object. Reason is that domain can exist of 200+ IP addresses so domain object makes sense.  From a firewall perspective this works fine. But IPS SSH over Non Standard Ports protection is blocking the connection as it should. However, when I want to make an exception it does not allow the domain object as Destination. Is this indeed a limitation ? That would not make my very happy. Or is there another solution where I don't have to make an exception for Internet or configure all 200 IP addresses (which can change on regular basis)We are running R80.10 on gateways and R80.20 on Management server.kind regards,Mikel

IPS - Basics Protections

HelloI want to know if there are some specific information about basic IPS Signatures.We have an external IPS (Main) but we need to enable some signatures in CheckPoint Firewall to protect if any signature escaped from the main IPS.Thanks.Regards.

Automating IPS

In short, it would be great if Check Point could interface with a vulnerability scanner to automatically configure IPS rules based off various parameters. Wishful thinking, perhaps? For example, lets say anything with a CVSS of 1-4 is inactive, 5-7 is in detect, and 8-10 is protect. You could then run this against the Confidence and Performance Impact of the IPS rules. Say something is a CVSS of 9, Confidence of IPS rule is Low and Performance High, perhaps it will only be in detect mode and only apply to those machines that are vulnerable. Then, if you choose to override it yourself, you can. Over time, as updates are applied, IPS gets trimmed back automatically, and as new vulnerabilities are discovered, IPS also keeps up.  This would take things to that next level of enabling JUST what you need automatically. Are there any products out there that do this, or has anyone tinkered with the API for this?

Block email with specific " text"

Good day, I'm receiving emails with a specific text (ex. " dd/mm/yyyy - on this day I hacked your OS and got full access to your account aaa@bbbb.com  ,You can check it - I sent this message from your account. So, you can change the password, yes.. But my malware intercepts it every time.  Pay $900 in bitcoins....."  ).Is there a way to block emails with a specific text using checkpoint ? RegardsMauro       

IS there any tool or script to trigger IPS signature ?

Hi Team , IS there any tool or script to trigger IPS signature in order to check live if we receive IPS logs on SMS?

IP address and DDNS

Using the 730 checkpoint alliance and firmware is 77.20.86 1) When i am connecting via USA/Serial and IP Address is assign. May i know whose IP Address is this. This IP Address is changing randomly when i am disconnect and reconnect it. This is not my ISP Address. Is it Internal IP Address assign by checkpoint?     2) I am using the DDNS where an ip address is not updating automatic to NO-IP. I have to update manually IP address at No-IP. Is there any idea how much time take in DDNS for automatic update to NO-IP . I have been waited for 15minutes but no update automatic.
Employee

Check Point integration with Minemeld

Hi mates,   Does anyone used Minemeld as a IOC source in R80? I found information about how to use etknown, tor, bruteforce, talos, blocklistde, malwaredomainlist, sslabuse, zeus but Minemeld. Thanks in advance. Miguel.

Bock emails with specific Text message

Hi I've a checkpoint R80.10 and the blade "anti-spam and email security" is enable ( High Protection), but i'm receiving "Text" emails with undesired content ( ex." your account has bean hacked.... pay via bitcoin.....) and the email from and to are from the same internal email address ( ex. From : abcde@mydomain.com and To: abcde@mydomain.com) .I would like to know:1. Can checkpoint block all emails that came with a specific "TEXT" ( ex." your account has bean hacked.... pay via bitcoin.....) ?2.  How can i block internal emails with same  "From" and "To" ( ex. From : abcde@mydomain.com  To: abcde@mydomain.com) but coming from my  public ip address  ? Sorry for the EnglishRegards,Mauro  

Having issues with firewall dropping mail as spam

We have R80.10 and we do not have anti-spam turned on.  We are having issues with our firewall preventing mail for some reason.  The Anti-Bot blade is picking up the mail traffic.  The description is Malicious MAil activity and email control says Anti Maleware.   The email itself does not have antyhing in it but a few words.  I can have the email sent to my outside email account. Then I forward the same email inbound and it passes our firewall.  The only thing I noticed it that there is a proxied source IP in the log.  I am not sure how or why the firewall is preventing this email.  Has anyone seen this before?  Its happening to numerous different domain names.  a few of them are office 365 users.
AZORCA
AZORCA inside IPS, Anti-Virus, Anti-Bot, Anti-Spam 2 weeks ago
views 197 2

IPS Release

What is the most recent Check Point 5600 and Check Point 5200 IPS releases?  I need to verify that my systems are current and up to date.

Checkpoint application control & URL Filtering blades update failed

Application control & URL filtering blade update failed issue happens.

Geo Policy Blacklist

Hi,I have Geo protection configured in my setup and we are blocking traffic to & from certain countries in policy. Still I can observe traffic from those countries are getting permitted (ingress or egress). I have observed this behavior mainly post R80 upgrade. Looking at Smart log it is mainly permitting for process fw_ica but some other traffic as well i.e. for Skype for business etc.Can someone please guide what can be wrong here?

MTA on alias interface

Hello checkmates,has anyone an idea how we get MTA listen on an alias interface in a ClusterXL environment ?How to configure MTA to listen to an Alias Interface  shows perfect how to do it. But I need this for a cluster environment. We want to listen the MTA on another IP-address then one configured in the topology.Because alias interfaces are not supported in ClusterXL any other ideas are welcome.ThanksWolfgang