Showing results for 
Search instead for 
Did you mean: 
Create a Post
SMB Appliances and SMP

Have a question about our Small Business Security and Branch Office Security solutions? This is where to ask! This includes the 600, 700, 900, 1400, and 1500 Series appliances, Security Management Portal, and legacy SMB appliances (UTM-1 EDGE, Safe@).

John_Fleming inside SMB Appliances and SMP 5 hours ago
views 29 1

SMP Portal configuring remote syslog hosts

So this seems.. odd.. I signed up my 1550 into the SMP portal, which i'm not sure if i'm digging so far but thats another story.I was poking around in syslog configuration and ran across this. $ModLoad$LocalHostName |stuff|$DefaultNetstreamDriverCAFile /opt/fw1/bin/ca-bundle.crt$ActionSendStreamDriver ossl$ActionSendStreamDriverMode 1$ActionSendStreamDriverAuthMode x509/name$ActionSendStreamDriverPermittedPeer *.Syslog$template format,"%$YEAR% %timegenerated% %HOSTNAME% %syslogfacility-text%.%syslogpriority-text% %programname%: %msg%\n"$outchannel msg_rotation,/var/log/messages, 204800,/pfrm2.0/bin/ /var/log/messages$outchannel ntf_rotation,/logs/notifications, 204800,/pfrm2.0/bin/ /logs/notifications*.info;mail.!* :omfile:$msg_rotation; :omfile:$ntf_rotation;format*.info;mail.!* @mysyslogserver:514*.info;mail.!* @*.info;mail.!* @*.info;mail.!* @*.info;mail.!* @*.info;mail.!* @ I never configured the firewall to send syslog events to those addresses. I get the need for logs but OS logs? Again maybe its part of SMP and thats fine I guess.. but udp syslog? That just seems a bit strange. I sure hope there is some dynamic filtering going on and that those addresses aren't just open to the public at large.
sasac inside SMB Appliances and SMP 11 hours ago
views 81 4

sk100610-Error has occurred while applying the Firewall settings (error 00351)

I am trying to SNMP poll a checkpoint 600 from a LibreNMS (connected to local LAN of the applicance) and even with the firewall policy switched off the firewall log reports the SNMP traffic is "Blocked on rule 0 Outgoing policy violation".Any changes to the appliance cause a system Notification pop-up with  "Error has occurred while applying the Network Objects settings (error 00362). If the problem persists, contact Check Point Technical Assistance Center"The Check Point 600 appliance (L50) is running factory default firmware version: R75.20.40 (983003847), with firewall blade license expiration=Never.It is EOL hardware, and it is not under any maintenance agreement, and there is no plan to put it under support as it was planned to be donated to a volunteer organisation to replace their even older 500 appliance......if it would actually work normally.The assumption is the blocking issue and the cause of the pop-up is linked and the solutions would be explained by sk100610, but without support I don't have access to the document.Any suggestions? 
John_Fleming inside SMB Appliances and SMP 11 hours ago
views 259 7

What is supported for SNMP?

Hi so I'm having a hard time understanding what is supported for polling. I was going through the mib file located on the SMB device and found OIDs for pulling licensing info. Snmpwalk of the tree returns nothing. Like empty strings (I guess that is technically something).. its not saying the OID doesn't exist, its just returning a empty string. I opened a ticket with support and they're telling me the only thing supported on the SMB is what is listed on the snmp page. I pointed out everything listed there is a snmptrap which is different then a polled OID. I was told to file a RFE, which I think is basically the generic go way message. :). I did open like 6 other tickets so its possible they're getting a bit tired of me.  
John_Fleming inside SMB Appliances and SMP yesterday
views 91 3

no way to view switch mac address database

I think in cisco terms this is called the CAM table (show mac address-table address $MAC), but since checkpoint is making SMBs with many switch ports (really even with 4 this should be possible) they really need to show the user where MACs. As in port 1, port 2, port 3 etc.  For example out of the box you will have LAN1_Switch. Its currently impossible to know what port a given mac address is attached to. All you will get back is "LAN1". In the event a bad actor on the internal switch the only option is to shutdown everything and then enable them one by one to find the port.I seem to remember checkpoint making fun of some vendor for bringing this up as a solutions to some short coming that vendor had.
jh00nbr inside SMB Appliances and SMP Saturday
views 120 1

Checkpoint SMB locally managed 1490 - VPN SITE-TO-SITE - Two ISPs Links HA

      Hey Guys I'm closing a S2S VPN with a Sonicwall, and I'm having some problems with the SMB 1490 Locally managed when closing the tunnel with two ISPs Links enabled, it just doesn't close. When I disable the second link (DMZ) the VPN closes the tunnel normally, when it is connected it does not work.I have already set up a static route forcing it to exit through the VPN peer remote gateway, even so it didn't work. What can be happening? 
lbcadenco10 inside SMB Appliances and SMP Friday
views 72 1

Gaia Embedded Syslog Severity

Anyone know how to change the syslog severity on Gaia Embedded appliances? I've seen sk92798 but this appears to only apply to Gaia appliances. I edited /etc/syslog.conf to only send warning and higher level logs to our remote syslog servers but "logger -p info2" and "tcpdump" shows informational level logs still being sent. I'm guessing syslogd needs to be restarted in order for the changes to go into effect, but "service syslog restart" is not a valid command in expert mode.

Modbus traffic on 1200R

Hi, I got a question from a customer: Is it possible to filter modbus traffic and would this also work in transparent mode?   Does anyone have experience running this?

Show Configuration - 1490 Appliance

Good Afternoon Team,Question I´m going to revert an 1490 appliance to a fabric status and I need the "show configuration" of this device. Into it I see all the objects policies... Question, When I reset to a fabric status. Is it possible I can export this configuration in order to create again objects and so on. Thanks BRLenin
inside SMB Appliances and SMP Thursday
views 536 3 2

Central management support for the 1500 series

Hi All, We want to remind those of you who asked about management options for the 1500 series, R80.40 The 1500 series can be managed by R80.40 (which is now GA) it is supported on R80.40 Security Management Server and R80.40 SmartProvisioning (LSM)   R80.30 JHF The 1500 series can also be managed by R80.30 JHF (Take 107 and above) (SmartConsole (build 36 or higher), R80.30 JHF does not support SmartProvisioning (LSM) we are planning to add such support on Q1 2020.   The support is for the entire 1500 series. Please manage 1530/1550 as 1550 Please manage 1570/1590 as 1590 And 1570R (Rugged appliance (soon to be launched)  as 1590.   We of course also support Local management via WebUI vSMP (Security Management Portal for SMB) MaaS (as EA) WatchTower (for status, monitoring and alerts)   Thanks
HristoGrigorov inside SMB Appliances and SMP Wednesday
views 295 8 1

Software Release Notes

Just few random (but good) links about why it is important to write software release notes:   The Importance of Writing Release Notes  How to make release notes count  The Benefit of Software Release Notes    With that said guys please update sk151574 accordingly. Thank you.
Krolik inside SMB Appliances and SMP Wednesday
views 509 12

GPL source code for ROUTER CHECK POINT 600 L-50WD SG-80A

Hello everybody,Where I can find Your GPL sources? I bought ROUTER CHECK POINT 600 L-50WD SG-80A and I would like to obtain FOSS source code for embedded software.Can You help me?Regards,Pawel
Oliver-Hamel inside SMB Appliances and SMP Wednesday
views 465 12

Problems with multiple 1550 appliance behind NAT device (same external IP) and VPN

Hi,we are facing problems with central managed 1550 devices (LSM & Provisioning) behind NAT device (several 1550 coming from same public IP to VPN center).The IKE phase I in center is mapped to the public IP of the peer (1550 behind NAT) instead of another identifier like internal ID or DN.Therefore only one 1550 can have a valid IKE phase I.The next 1550 with the same public IP is overwriting the exisiting phase I with a new phase I (which is only valid for this device).[Central Security Gateway] --- (VPN) --- [NAT Device] --- Satellite 1550                                                --- (VPN) --- [NAT Device] --- Satellite 1550Is there a solution to connect several 1550 connecting to VPN Center with same public IP?ThanksOliver  
John_Fleming inside SMB Appliances and SMP Wednesday
views 467 26 1

SMB syslog doesn't log action

So I'm rather shocked by this but I've just learned syslog from a SMB (and possibly none SMB as well) will not log the action field to syslog. I was pointed to sk164514 which I can't seem to access. Not sure if this is internal or not. I don't even know what to say about this. I have a firewall that isn't logging via syslog if anything is accepted or denied. Its just saying.. stuff happened... I'm going to take a stab at a log exporter but I have no idea if thats possible without a management server. This is @%^$@#% ridiculous. I sure am glad all these items below are getting logged instead of action. I don't know what I would do without knowing where the start or end of the table is (or what that even means). Good to know that the snid is unknown.Awesome. user="" src_user_name="" src_machine_name="" src_user_dn="" snid="" dst_user_name="" dst_machine_name="" dst_user_dn="" UP_match_table="TABLE_START" ROW_START="0" match_id="5" layer_uuid="9fced3b3-5da9-494d-b7f1-3242694d99f8" layer_name="internal" rule_uid="00000780-0000-0000-0000-000000000000" rule_name="Incoming/Internal Default Policy" ROW_END="0" UP_match_table="TABLE_END"  I  
HristoGrigorov inside SMB Appliances and SMP Wednesday
views 132

SMB behind proxy

Hi, Anyone that put their centrally managed R77.20-ed SMB behind proxy ? Anything I should be aware of ? And where do I specify it - in Smart Console -> Global prop. -> Proxy or in WebUI ?
John_Fleming inside SMB Appliances and SMP Tuesday
views 171 2

End point connect connectivity issues - DPD - Negotiation with site failed

So its a day ending with the word day so I've stumbled across another issue with my 1500.After bringing up the 1550 I noticed my remote access users didn't work anymore with end point connect but did with SNX and IOS end point connect.Some debugging on the client and I found  [ 4132 4180][11 Feb 13:17:07][IKE] **** MM6PacketHandler: Receive packet 6: Main Mode packet, cookies 7c27174af0bb8d93,e6a0f06ab07e931d, length 1997, 5 payloads[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: A Identification payload (total 1)[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: A Certificate payload (total 1)[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: A Certificate payload (total 2)[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: A Signature payload (total 1)[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: A Vendor ID payload (total 1)[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: Found 1 payloads of type Identification, need one exactly[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: Found 2 payloads of type Certificate, need one or more[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: Found 1 payloads of type Signature, need one exactly[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: Found 0 payloads of type Notification, need zero or one exactly[ 4132 4180][11 Feb 13:17:07][IKE] payloads_count: FAILED: Extra payloads left in packet (found 1 Vendor ID's)[ 4132 4180][11 Feb 13:17:07][IKE] MM6PacketHandler: Packet parse failed (expecting 1 ID, 1-2 certs, 1 sig)[ 4132 4180][11 Feb 13:17:07][IKE] send_notification: NOT IMPLEMENTED YET[ 4132 4180][11 Feb 13:17:07][negs] [WARNING] [Negotiation::process_event] (0x03B64198): *** Negotiation failed! ***[ 4132 4180][11 Feb 13:17:07][tunnel] [COVERAGE] [IkeV1Tunnel::negotiationEnded] (0x03BA2058): __start__ which led me to sk121736 - "Gateway sends DPD to client during phase 1 negotiation, resulting in "Negotiation with site failed" error for Remote Access Client trying to connect to a R80.XX Security Gateway". Funny thing on the vpn page VPN -> Advanced -> Tunnel health monitoring method -> Tunnel Test (Check Point proprietary is selected) Use DPD responder mode checked with no way to uncheck (greyed out)I changed tunnel health monitoring to DPD and unchecked use DPD responder mode..and it worked... So...uh...  End Point Connect with checkpoint's own internal tunnel monitoring is broken but the RFC version works?  ..SR opened..