cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
pedkha1
pedkha1 inside Policy Management 5 hours ago
views 7

web filtering with https inspection disabled

HelloI want to do web filtering for my wifi guest users and but it doesent work.https inspection disabled for the Guest subnet so how can i achieve it without https inspectionI added below rule to WF and still i can see traffic is passing through     
alessandrocons
alessandrocons inside Policy Management 6 hours ago
views 103 4

Export Mobile Access R77.30 Policues

Hello Forum! I have a little question for you!Our customer is using an R80.20 Management but he didn't migrate the Mobile Access policies so they are available in the old R77.30 Management (embedded in the R80.20 Smart Console). He asked if is it possible to export all the Mobile Access policies but I can't find a way to do it.I read the REST API reference but I didn't find any commands that can help me Do you have any suggestion for me? Thank yuo very very muchRegardsAlessandro
Blason_R
Blason_R inside Policy Management 11 hours ago
views 103 2

Checkpoint TE appliance

Hello Guys,I am integrating firewall with TE appliance. So need to know whether have to create different policy package  (network + threat) for TE appliance?
Christian_Benit
Christian_Benit inside Policy Management yesterday
views 21255 15 9

How do you rollback an old policy?

In previous versions, one could open the current policy, make 50 changes and then save it with a different name (usually, firewall.name.date). If there was an unforeseen issue (or management decision), one could rollback easily the old policy by installing the old version where everything was working as expected. How do you handle this situation in R80? I'm not seeing an easy way to save the current policy under another name to have a way to perform change management/revision control and restore it.
mbsm
mbsm inside Policy Management yesterday
views 116 2

Updatable Object with Application Control

Hi,Is the Updatable Objects only contains the IPs and Domains, or it comes with the services it needed?When using Updatable objects, should I use Application Control on the policy or Any is just fine?
alexc88
alexc88 inside Policy Management yesterday
views 117 8

commit simultaneously on various policy packages

Hi, is there a way to deploy the changes you do on an object simultaneously on all policy package where the object is involved? Every time I need to modify an object that's involved in about 30 policy packages I have to open the single policy package and install, it would be glad to push in one single command or single operation this kind of change.Thanks for your help
Miguel_Hernes
inside Policy Management Tuesday
views 585 2
Employee

Check Point integration with Minemeld

Hi mates,   Does anyone used Minemeld as a IOC source in R80? I found information about how to use etknown, tor, bruteforce, talos, blocklistde, malwaredomainlist, sslabuse, zeus but Minemeld. Thanks in advance. Miguel.
stallwoodj
stallwoodj inside Policy Management Monday
views 191 5 1

Install Policy doesn't select Threat Prevention by default?

Hi,I have a customer with R80.30, one manager and one gateway (FW, VPN, CPMOB, APCL, URL, IA, IPS).When the customer pushes their "Standard" policy, by default only the Network Access policy layer is ticked, not Threat Prevention.In R77 there used to be a customization that I now can't see in Global Properties. Is there a way of setting both layers to be ticked by default in the install dialog? ThanksJamie
Daniel_Collins
Daniel_Collins inside Policy Management Sunday
views 672 17 1

R80.20 Management Performance

Hello Check Mates!I hope you can help perhaps shed some light on an issue we're seeing with one of our customers. The customer is commercially sensitive due to some long-standing issues they've had with a 61k appliance and a recent code upgrade on the system (management at the moment) to R80.20 has degraded performance from the customer's perspective.What we're seeing is this:- A slowness in stacking and unstacking the subject headings in the rulebase - There is around 700 rules with 200 subject headings in the policy - What we see is you press the button to drop the subject headings and then the wire frames appear for the rules, a few seconds later the rule content pops into the console- Adding say objects to rules (clicking the *) that there is a good second or few seconds delay until the search box appears.The management server is on R80.20 with the latest T91 of the JHF installed. Very well specced, 16 cores / 18GB RAM / SSD based flash storage in VMware. The console is being run on a machine with 32 cores and 64GB of RAM, similar storage scenario. We observed the server via SSH while testing these issues and saw no noticable load on the system, use of swap or any %WA on I/O.From our perspective as a partner, the behaviour we see other than the rule stacking is as we'd expect from an R80.x install of management. I do not have a point of comparison for the rule stacking issue, all of the customers I have worked with as of late (in R80.x days) have significantly smaller rulebases or far fewer subject headings.The customer was on R77.30 before and has noticed that the server performances significantly worse in R80.20 than it did previously. We can replicate these issues through a database export into a lab server as well as exporting the policy via the python script into a fresh management server, it follows the policy.There is an element of expectation here, but this customer is commercially sensitive as we will be trying to ensure they continue to replace the 61k's with another Check Point appliance (something that's not SP based) so we're looking to see what we can do in terms of tuning up performance of the management server.We're not in a position to re-jig the policy (in terms of in-line layers, due to the 61k being on R76SP.50 and consultancy time needed to do so prior to a replacement solution) but the policy is very tidy. Some perhaps duplication but nothing severe.I've been through the VMware tuning guide on sk104848 and not had any noticeable difference..Any thoughts?
mbsm
mbsm inside Policy Management a week ago
views 251 3

Captive Portal Policy

Hi CheckMates,I currently enabled Browser-Based Authentication and i want to know how this will work.User1 is a Member of SecurityGroup2 & 3 on the AD ServerHere's the Access Roles details:-WebBrowsing_Access (Network: Any; User: SecurityGroup1; Machine: Any)-Youtube_Access (Network: Any; User: SecurityGroup2; Machine: Any)-Social_Networking_Access (Network: Any; User: SecurityGroup3; Machine: Any)Here's the Policies:1. Policy Name: Youtube; Src:Youtube_Access; Dst:Internet; Action:Accept2. Policy Name: SocialNetworking; Src:Social_Networking_Access; Dst:Internet; Action:Accept3. Policy Name: WebBrowsing_NoYoutubeSocialNet; Src:WebBrowsing_Access; Dst:Internet; Action:Accept(Captive Portal)When User1 access Youtube/Social Network Sites, is the traffic will hit the Policy #3 and redirected to Captive Portal? If yes, when User1 access Youtube or Social Network sites, is the traffic hit either policy #1 or #2?Thank you,
Chrono
Chrono inside Policy Management a week ago
views 218 1

Schedule Policy Setting

Hi Support, We need to schedule the time period for the policy/rule effective date, for example: 1st Oct to 1st Nov validity period. So, how to do that? Thanks!Regards,Chrono
Marcus_with_C
Marcus_with_C inside Policy Management 2 weeks ago
views 322 7 1

Change Match for Any Default value

Hi community,I am looking for a way to change the default value of "Match for Any" for new Service Objects. We have a R80.20 MDM and mostly have to use "basic" service objects (TCP/UDP, no Protocol-detection and default timeouts) for our policies, a Match for Any is not needed for 95% of our objects.Since every new object that is created has Match for Any enabled we get loads of warnings "Services port conflict. port X (udp/tcp) serves both <obejct1> and <object2>. Uncheck 'Match for Any' checkbox in the 'Advanced' dialogue for one of them." when installing the policy. A cleanup takes ages and after some months it starts all over again due to new objects having been created. Many ThanksMarcus
Tom_Cripps
Tom_Cripps inside Policy Management 2 weeks ago
views 567 16

Inline Layers vs Ordered Layers - Who's more efficient

Hi,Recent discussion here at the office, what is more efficient in regards to Layers. Is it better to more rules within a single layer, or use ordered layers to achieve the same goal.@Tomer_Sole do you have anything to add?
bob81
bob81 inside Policy Management 2 weeks ago
views 244 3

Referenced object removal

Hello,We've always been able to remove object that were still in rule. If it was the last object we were getting a warning saying that this is the last object and it will be changed to "Any". Since the update to R80.10 T203 we aren't able anymore to remove those object without removing it first from each rule were it is present.I've check with my teammate here and they all agree, it was working before the update.Is it supposed to work, should we be able to remove it when it's in a rule, or we are mixed up? Thanks Dave
RCCO
RCCO inside Policy Management 2 weeks ago
views 271 4

Bond subinterface and subnet is transposed between GAIA output and Smartconsole

Hi.We have a new installation of R80.30 in ClusterXL and while finalising documentation we noticed that there is a mismatch between what the Gaia tells us and the Smartconsole tells us for a pair of bonded subninterfaces.Bond1.2041  is subnet 10.1.1.0/24Bond1.2042 is subnet 10.1.2.0/24but in Smartconsole these are swapped around.I presume that this might have been done in error during setup (by an engineer that came and went) but how do we fix this?Should we delete the interfaces and start again or can we simply rename them in Smart console?