cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Baasanjargal_Ts
Baasanjargal_Ts inside Policy Management 4 hours ago
views 52 4

I cannot delete gateway object

I cannot delete gateway object. Because it is used on the Objects (gatewayStaticprofilesConfiguration ->Assignment Profiles).I don't know how to delete that object.
Luis_Miguel_Mig
Luis_Miguel_Mig inside Policy Management 7 hours ago
views 43 3

Policy Package operations in R77.30

We are planning to consolidate to different firewalls running R77 in one firewall. Each of the firewalls have a different policy package attached. So we are thinking of merging both policy packages with cp_merge and replacing the existent policy package by the new policy package (the merge of the two policy packages). So at some stage we will do something like the following below at the SmartDashboardOld policy package:Policy -> Uninstall (included implied rules)Policy -> Policy Package Installation targets -> Unbind the targetNew policy packagePolicy -> Policy Package Installation targets -> Bind the targetPolicy -> InstallDoes it make sense? Is there any risk when you do this operation? At some stage the firewall will have no policy package installed (included implied rules). Will the firewall permit or deny everything ? I assume that it will allow everything until we progress to the second step when we install the new policy. Is there any other way of doing it? I was also wondering if a gateway could have two different policy packages installed?
Muhammad_Ansour
Muhammad_Ansour inside Policy Management yesterday
views 44 5

Converting from Juniper SSG

Hi, I have 5 sites with Juniper firewall to migrate to new Checkpoint firewall using only one Smart-1 to manage firewall. I will have to convert all 5 the policies and import to the Smart-1.I have converted the first site and successfully import to Smart-1, however subsequent import from second site is not successful as the policy didn't appear on the Smart-1. Is there anything that I have to change on the second xx.sh file? I've already tried changing ID.txt to ID2.txt, but still the same.
Eric_Davis
Eric_Davis inside Policy Management yesterday
views 71 2

Best practices for inline layers

Hi, we're running R80.10 and would like to start cleaning up our policy that has become cluttered and outdated and inline layers look like they could assist in keeping things organized as we clean up the old clutter but I can't find a lot of info about best practices for them. Should you try to limit how many inline layers/rules you use in a policy? Is there a preferred method for crafting the parent rule? Should it be vague and then get more particular with each inline layer rule? Or should the parent rules be crafted very specifically as well? I've read a few of the threads here on CheckMates and any relevant SK's but was just wondering if there was any specific guidance on the best way to utilize inline layers.
Tomer_Sole
inside Policy Management yesterday
views 28015 17 27
Mod

Layers in R80

I would like to clarify the use of layers in R80 Management Server and SmartConsole.A layer is a set of rules, or a rule-base. R80 organizes the policy with ordered layers. For example, Gateways that have the Firewall and Application control blades enabled, will have their policies split into two ordered layers: Network and Applications. Another example is Gateways that have the IPS and Threat Emulation blades enabled, will have their policies split into two ordered layers: IPS and Threat Prevention. For Pre-R80 Gateways, this basically means the same enforcement as it always was, only in a different representation in the Security Management.Ordered layers are enforced this way: When the Gateway matches a rule in a layer, it starts to evaluate the rules in the next layer. The layers concept opens more options for policy management:Setting different view and edit permissions per layer for different administrator roles.Re-using a layer in different places: The same application control layer in different policy packages ( Sharing a layer across different policies ), or the same inline layer for different scopes.Explaining global and local policies in Multi-Domain with the same feature set of layers: A domain layer will be the set of rules that are added in each domain by the domain administrator.R80.10 Gateways and above will have the ability to utilize layers in new ways:Unifying all blades into a single policy (How to use the unified policy? )Segregating a policy into more ordered layers, not necessarily by bladesAllowing sub-policies inside a rulebase, with the use of inline layers (How do I define diffrent policies to diffrent users? )Message was edited by: Tomer Sole
CHINMAYA_NAIK
CHINMAYA_NAIK inside Policy Management yesterday
views 9

Failed to delete OLD Cluster object Error "gatewayStaticProfilesConfiguration" after migrate import

We are doing migration from IPSO 75.40 to GAIA R80.20.Migrate import is successfully done.But when we are going to delete the OLD cluster object then unable to delete that object getting error "gatewayStaticProfilesConfiguration". Already follow the sk140372 but as per the we unable to see any gateway object. Pls help. #Chinmaya
Mike_Jones
Mike_Jones inside Policy Management yesterday
views 38 2

SmartMove Cisco ASA to Checkpoint without layers

I'm converting an ASA verision 9.2 policy to CheckPoint using SmartMove. It has create the new policy as a layered one, which I understand. However, let's say, for whatever reason, I want a flat policy. It seems this could be as simple as importing the SmartMove objects and policy per the provided instructions, and then copying/pasting the rules into another policy. Am I missing something?
Luis_Filipe
Luis_Filipe inside Policy Management Tuesday
views 2016 7 2

How can I create a new policy?

Hello guys,Anyone can explain to me what happens with my firewall?I cannot see the tab FIREWALL from the smartdashboard and I cannot create a new Policy, neither I have one...New is gray, I cannot create!Thanks in advance.
joc
joc inside Policy Management Monday
views 41 3

Policy Installation

Hi, We have noticed that during a policy installation our incoming traffic from the internet is not getting through the firewall. We then receive alerts from site 24x7 that they are unable to connect/monitor our website.We have also seen our internal monitoring server getting timeouts when trying to perform its checks (ping, telnet, etc,) against our web servers, again only during a policy install on the FW's We are running version 80.10 on all FW's Thanks,John
Jerry
Jerry inside Policy Management Monday
views 39

R80.30 - Updatable Objects - Country (Grouping)

hi chaps (shekh-m8s) 🙂 quick one: has any of you figured out how to GROUP Countries together in R80.30? I'm referring to "updatable objects" as based on the sk126172 I cannot figure ... can I group such "network objects" or not ... very confusing + my customer thinks that Countries can be grouped together as net-obj but I don't believe it applies to R80.30. can someone clarify this please? see enclosed. and then ... trying to group them out ...and have error when clicked OK 🙂
AdaCoul
AdaCoul inside Policy Management Monday
views 55 2

R80.20 : Policy verification failed

Hi Everyone, I have some errors when installing policy on my Gateway.Errors :Layer 'fratmat_opt': Rule 3 Hides rule 4 for Services & Applications: smtp.Rule 3 Hides rule 5 for Services & Applications: https ,http.Rule 3 Hides rule 6 for Services & Applications: telnet ,icmp-proto .Rule 3 Hides rule 8 for Services & Applications: TCP_25897 ,TCP_7865Policy verification failed. How to solve this issue ? Need assistance please !!!Thanks, Adam
Flaver1078
Flaver1078 inside Policy Management Sunday
views 53 1

Pre-Migration Warning R80.20

Hello, i am planning to migrate my company's SMS R77.30 to R80.20. After running the pre-migrate check i have an error and 4 warning messages. However i was able to resolve the error message but the warning message (Legacy DHCP Relay Services - Change in behavior in R80 and higher) is still giving trouble to resolve. I have about 9 rule packages with Legacy DHCP Relay services. Am i going to running into issue when i migrate to R80.20?
Sagar_Manandhar
Sagar_Manandhar inside Policy Management Sunday
views 151179 8

Application and Url filtering not working

Hi,i am using 5600 appliance and there i have written different application and url filtering policy in which pornography and media stream(category) is at top and is block. But all the client are being able to access the porn site and media.when i see the log of application and url it show allow but when i click to "Go to policy" tab there comes the error "the rule does not exist anymore". What may be the reason?.
Tomer_Sole
inside Policy Management Saturday
views 3045 9 13
Mod

Did you know? SmartConsole Tags

R80 and R80.10 provide a new feature for ease of security management: Tags.We have presented it in Check Point conventions dating back to 2013 - it's time that we discuss them at CheckMates as well The purpose with tags is to ease the searches and associations of objects. You can tag any object from its Object Editor, as well as with the Security Management CLI or API. You can then search for all objects that belong to a specific tag.In the Object Explorer:When picking objects in places like security policies:In addition of simplified user experience, Tags have good value in the world of automation and orchestration.
Publicis_Networ
Publicis_Networ inside Policy Management Friday
views 43 1

Enabled Https inspection but getting certificate warning for few URLs only

Hi I Have enabled https inspection for the application control. Most of the URLs its working fine but for few URLs it is showing certificate error ( Site is not secured ). And from outside internet these URLs are working fine with proper client certificate. what could be the reason. --Mayank