Showing results for 
Search instead for 
Did you mean: 
Create a Post
Markus_Malits inside Policy Management yesterday
views 907 6 3

Smart Console filtered rule export, including resolved object details

Hi,one of my customers is having a challenge with exporting filtered rules to CSV. This is AFAIK not possible at the moment in Check Point R8x SmartConsole - and I think it should be low hanging fruit to develop, and a feature that adds to reputation as the premium gold standard GUI in firewall management.What are your opinions to that one? Quick set of screenshots to make the problem clear:In demomode filter for a subnetuse export to csvrealize the export is containing all rules, and that there is no "export filtered rulebase" optionWhen this would be considered to be developed by R&D, it would be nice to have a possibility to export the relevant list of objects / groups as well.The usecase for this customer is to report all relvant rules (and have the details about srcs/dsts) for a tenant, while rules are spread across the rulebase of this perimeter firewall.Looking forward to your commentsBest regardsMarkus
TAEKBOM_Kim inside Policy Management yesterday
views 62 2

URL regular expression in Threat Emulation Exceptions

HiI want to make an exception for access to the <Event Log>Resource->> ( ( ( ( ..... ... .. <I did it this way, but I failed to make an exception.>* disabled URLs defined as Regular Expression Anyone knows how to make an exception?
emre inside Policy Management yesterday
views 66 2

how to find conflicts rules in firewall

Hi,How can i find conflicts or matched rules in firewall rules. I looked at in Compliance blade but I didn't find anything about this. for example, it can told me you can matched rule2 and rule3. Skybox algosec etc. applications can do but I want to do in with checkpoint management
inside Policy Management Tuesday
views 9490 26 18

SmartMove: Convert Cisco ASA Policy to Check Point

Check Point SmartMove tool enables you to convert 3rd party database with firewall security policy and NAT to Check Point database.At the moment, the tool handles Cisco ASA (version 8.3 and above) configuration file and converts its objects, NAT and firewall policy to a Check Point R80.10 policy. The tool is planned to support additional vendors in the future.Source is available on GitHub: SmartMove
Clement inside Policy Management Monday
views 93 2

Verify Access Control Policy and Sub-policies usage

I have an Access Control Policy which is made of the follwing:- Global Policies- Multiple Sub-policies, used for zone-to-zone purpose (we migrated from Juniper, which used zones) Unfortunately, I realized that the Verify Access Control Policy tool is not comparing rules across sub-policies. Is there a way to force the tool to verify global policies against sub-policies ?
Christoph inside Policy Management Friday
views 1027 8 1

Windows UI Scaling breaking R80.20 UI

I'm using the latest SmartConsole for R80.20 on Windows 10 and there are multiple areas where the UI breaks.I run a dual monitor setup. 4k 3840x2160 on a 42" with recommended 150% scaling and 2736x1824 with on a 13" with the recommended 200% scaling.Doing a few tests it looks like most, if not all problems are in the 150% scenario. The 200% feels ok.Reading checkmates it sounds like there shouldn't be problems with R80.10 regarding to windows scaling but with R80.20 there are problems all over the place.A few examples:Compliance blade:- Regulatory Compliance graphs are out of the screen with no scroll bars or only a hint of text is recognizable and overlaps with graphs.Cluster object:- Network ManagementNot all networks are shown. No scroll bar. You can still reach and alter these networks blind with cursor and enter keys.- GeneralOpening a dialog with a scaling of X on one monitor and moving the dialog to another screen with a different scaling keeps the initial scaling. Maybe a Windows feature.
Gerrard_Leach inside Policy Management Friday
views 5058 19 1

Error installing SmartConsole R80

Hello, I am attempting to install SmartConsole R80 and R80.10 on a Windows 2012 server.The installer gets to about 90% and then fails.I receive an error log and it shows in can't find SmartConsolePreInstall.bat and yet I see it in the folder[10-3-2017 15:25:05] OnInstallingFile: File=C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM\ExternalPackages\.NetframeworkInstaller.msi[10-3-2017 15:25:05] OnInstallingFile: File=C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM\ExternalPackages\DotNetSetup.exe[10-3-2017 15:25:05] OnInstallingFile: File=C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM\ExternalPackages\dotnetconf.txt[10-3-2017 15:25:05] OnInstallingFile: File=C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM\ExternalPackages\WindowsInstaller31.exe[10-3-2017 15:25:05] OnFirstUIAfter: Function Start[10-3-2017 15:25:05] Call_SmartConsolePostInstall: Could not find C:\Program Files (x86)\CheckPoint\SmartConsole\R80\PROGRAM\SmartConsolePreInstall.bat[10-3-2017 15:25:05] WriteProgressBarValuesToRegistry...[10-3-2017 15:25:05] | SOFTWARE\CheckPoint\Check Point Product Suite\ProgressBar ,percent ,70 | was set[10-3-2017 15:25:05] WriteProgressBarValuesToRegistry - END[10-3-2017 15:25:05] ProgramAfter: Function Start[10-3-2017 15:25:05] UpdateRegistry: Function Start[10-3-2017 15:25:05] SetComponentsReg: COMPONENT1 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT3 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT7 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT10 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT4 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT5 NOT Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT6 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT9 NOT Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT11 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT12 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT13 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT2 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT14 Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT15 NOT Installed[10-3-2017 15:25:05] SetComponentsReg: COMPONENT16 Installed[10-3-2017 15:25:06] ProgramAfter: Vc8 already installed[10-3-2017 15:25:06] WriteProgressBarValuesToRegistry...[10-3-2017 15:25:06] | SOFTWARE\CheckPoint\Check Point Product Suite\ProgressBar ,percent ,75 | was set[10-3-2017 15:25:06] WriteProgressBarValuesToRegistry - END[10-3-2017 15:25:06] CPLaunchApp: Failed to load DLL - C:\Users\gleach\AppData\Local\Temp\2\{9F8DC9EF-F853-4FB6-BC6F-13C202BEDFC0}\{F29C8957-4268-4505-A717-C0F75F6B075E}\system.dll[10-3-2017 15:25:06] OnAbort: Installation aborted.[10-3-2017 15:25:06] WriteProgressBarValuesToRegistry...[10-3-2017 15:25:06] | SOFTWARE\CheckPoint\Check Point Product Suite\ProgressBar ,percent ,75 | was set[10-3-2017 15:25:06] | SOFTWARE\CheckPoint\Check Point Product Suite\ProgressBar ,status ,failed | was set[10-3-2017 15:25:06] | SOFTWARE\CheckPoint\Check Point Product Suite\ProgressBar ,prevStatus ,failed | was set[10-3-2017 15:25:06] WriteProgressBarValuesToRegistry - END
Jake_Williams inside Policy Management Thursday
views 101 1

Inline layer vs separate rules

I finally got my firewalls all updated to R80.20 so now I'm looking at taking advantage of the layer options. One thing that occurred to me and I haven't been able to find an answer so far is how to best optimize rules when taking the inline layers into account.For example, say I have a firewall management rule section that allows certain traffic to the firewall. One rule for SSH/HTTPS from managers, one for DHCP requests to the firewalls, one for SNMP from our monitoring servers, etc. Is there a reason not to make those an inline policy with the main policy just src: Any dst: Firewalls svc: Any? Would doing it as an inline layer speed up the firewall itself, or does it split it out into the separate layers when it pushes policy (the inline layers are just for management ease of use/reuse)?Thanks!Jake
inside Policy Management a week ago
views 5084 15

Firewall allowing traffic without Access Policy

Hello, I am new here. I am having an Issue with an R80.30 Gateway that is allowing inbound traffic on 443 without an access policy in place. I think it is based on NAT, I do have a DNAT in place for 443 traffic, I thought Access policy must be matched in order to allow traffic ? The said traffic is not showing up on any logs either. Fw monitor I can see the traffic hit the WAN side not I cant see any other details after that. I am filtering based on source IP. fw monitor -m iIoO -l 56 -T -e '{accept(((src=,dport=443) or (sport=443,dst=,[9:1]=6);}'
Feridun_ÖZTOK inside Policy Management a week ago
views 3787 20 3

SmartConsole object problem on Windows 1903

Hello everyone,I formatted my computer Windows 10 1903 version and install latest SmartConsole R80.10 and R80.20 . I found a cosmetics bug. This bug in object panel and object explorer. Item name dubliated or wrong display. Otherwise description true in object explorer. Clicked object and i saw true value. Problem not just in hosts. Service, application category etc. same problem. My computer language and regional setting English, my friends computer language and regional setting Turkish, He has same problem. Sorry for my bad English. I'm uploading screenshots. Does anyone else have this problem?
Tom_Cripps inside Policy Management a week ago
views 72 5

Certificate validity time hours after creation time

Hi,I've recently recreated our HTTPS inspection certificate due to it expiring soon but it created the certificate with a valid from time 3 hours after creation?Is this normal behaviour or has something gone wrong in the creation process? Due to this issue we've had to turn off HTTPS inspection until after the valid from time.Any help is appreciatedTom
Daniel_Hainich inside Policy Management a week ago
views 88 4

Policy Verification

Hi,iam using R80.20 with SmartConsole Version 055.Within "Verify Access Control Policy" there is no Error. When i start to install Policy, this ends with Error.Is it an Bug or is the Verify not able to check inside sub-layers? ThanksDaniel
Daniel_Westlund inside Policy Management a week ago
views 6098 13 6

R80.20 and Database Revision

I have heard from several customers asking for a return of Database Revision Control in R80.X. I know every policy is backed up, but once and object is deleted, it can no longer be recovered with anything short of a full restore from backup since DB Revision is gone. My question is this. I'd heard that there were plans to bring it back in a future version. As it's not there in R80.20, does anyone know if there are plans to bring it back, and if so, at which future version?
VFO inside Policy Management a week ago
views 74 2

[ISSUE] Smartconsole : View Changes

Hello everyone. We are facing a problem with the Smartconsole in R80.10. Every time, when we do a "View Changes" before an Install Policy, the Smartconsole reboot. We can see any delta before the push. Someone have encounter this issue ? Thanks in advance. Kévin
Steve_Payne1 inside Policy Management 2 weeks ago
views 554 4 3

Centrally managed HA pair over a VPN

we are running r77.30 (cant find a group for that) we have a centrally managed pair of firewalls, and looking to deploy another pair of centrally managed checkpoints, but they will be connected back to the central manager via a vpn through the existing checkpoint pair, and will connect via the public ip of the remote pairwe are able to get them sic, but once we start add rules we lose connectivityis there a guide to do this setupsee basic picture,