cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
packetintransit
packetintransit inside SMB Appliances and SMP 8 hours ago
views 39 2

What is the latest/recommended firmware version for CP 1430 appliance?

Hi guys,I received my CP 1430 appliance and i am wondering what is the latest/recommended firmware version for CP 1430 appliance? I am currently running below: Appliance:Check Point 1430 Appliance (Checkpoint1430)Security Management:Locally managedVersion (Firmware):R77.20.75 (990172321) Another question is: What is the best scenario to configure appliance behind cisco router? Cheers D
Shehan_Wickrama
Shehan_Wickrama inside SMB Appliances and SMP 8 hours ago
views 1540 7

Use a LAN SWITCH as an internet interface in Checkpoint 1450 appliance?

Hello folks,Is there a way to use one of the LAN port for internet ? in Checkpoint 1450 when I try to add an internet connection it only shows type as WAN and DMZ so i want to know whether there's a way to add/use a LAN port interface for an additional internet connection?Thanks in advance,Shehan
Greg_Galowitz
Greg_Galowitz inside SMB Appliances and SMP 16 hours ago
views 1975 4 1

WatchTower app Enterprise support

Hello, I have 2200, 3200 and 15600 firewalls. I was exited to learn about the watchtower app, but found out its only for small business.  Will these enterprise firewall get supported in the app?  Thank you, Greg
yishaia
yishaia inside SMB Appliances and SMP 18 hours ago
views 43 1

Checkpoint 1490 FTP backup

Hello, I'm trying to set up PERIODIC BACKUP SETTINGS on checkpoing 1490,on backup server path i use : ftp://ftpserver/fw/backups/when i set up the ftp server hostname only "ftpserver" its work but go to the root dir of the ftp server.another question,my ftp server is on port 2100, when i set it up its trying only on port 21, anyway to change it? Thanks
HunterMathews
HunterMathews inside SMB Appliances and SMP Thursday
views 69 1

User Check Page only showing up for some devices

I am currently configuring URL Filtering on a Check Point 1430.  I have 2 LANs coming in. Comcast Network (CN) and Plant Network (PN). There is also a DMZ configuring on the firewall. There is a Domain running on the networks. The DC sits solely on PN. For example, I'm trying to block https://www.netflix.com and https://www.9gag.com On my phone 1, going through CN WiFi, I get the User Check Page when accessing either page.On Desktop 1, not on domain, using a local user account, and hardwired into CN, I get the User Check Page when accessing 9gag. When accessing Netflix, I get Connection Failed screen.On  desktop 2, not on domain, using a local Admin account, using CN WiFi, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.On desktop 2, not on domain, using a local Admin account, hardwired into CN, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.On a VM 1, on domain, using an Admin account for Domain, Hard Wired into either PN or DMZ, both sites are blocked with the User Check Page Priority is making sure things are blocked on WiFi, specifically phones and iPads, so the works can't access sites they shouldn't be with them.   
Mathias_Weidner
Mathias_Weidner inside SMB Appliances and SMP Thursday
views 146 3

Analyze firewall config on checkpoint appliance

Hi all, I want to analyze the configuration on older firewall appliances (1450) with R77.20.80.In expert mode I found a lua script that seemed to export the whole configuration as CSV, that I can call as# lua /pfrm2.0/bin/cli/showConfig.luaThe output looks good so far except for the port forwarding on a server definition:add server name "JTBCK01" ipv4-address "a.b.c.d" dhcp-exclude-ip-addr "on" dhcp-reserve-ip-addr-to-mac "off" dns-resolving "false" set server server-ports "JTBCK01" web-server "off" mail-server "off" dns-server "off" ftp-server "off" citrix-server "off" pptp-server "off" custom-server "on" set server server-access "JTBCK01" access-zones "all-zones" allow-ping-to-server "on" log-blocked-connections "on" log-accepted-connections "on" set server server-nat-settings "JTBCK01" nat-settings "port-forwarding" port-address-translation "off" force-source-hide-nat "on"This server uses a non-standard port and I can see the port definition in the web interface but nowhere in the output of the above mentioned script.Is there anything I am missing or are there better ways to analyze configurations from older firewalls.Thanks for your help.Kind regards,Mathias
Albe87
Albe87 inside SMB Appliances and SMP a week ago
views 138 7

error after reset L-50WD

Hi to everyone, a friend of mine gave me a checkpoint L-50WD which he no longer uses.It was previously set for his office, so when i taken it, the first thing i've done was a reset by pushing the reset switch on the bottom of the router.Unfortunately the result was an error in the end of the procedure, and the router falled in a loop of reboots.The only way found for see what happened is plug a console cable rs232 and open a console view whit putty.The log file saved after the failed procedure show the problem, or better, at least a couple of problems:- one block of memory cannot be write (bypassed automatically)- the router OS fail the boot when it try to create a certificate authority.The questions are:- there is any chance of repair of the second issue?or- there is any chance to overwrite the entire software with a clean image in case the recory is damaged?or- have any sense (if the point one and two of my request are not possibles) try to save the router by installing a third part OS via Gaia boot menù? Thank's for your attention and sorry for my monkey english (with no disrespect for the monkey's XD) Albep.s. attached the copy of the clipboard with the boot and the log file.
Gaetano_Nicosia
Gaetano_Nicosia inside SMB Appliances and SMP a week ago
views 159 5

Rule for traffic between two vlan

Good MorningI have this "scenario" on my Firewall 730.On LAN1 Ihave created the VLAN 5, 10, 20On DMZ  I have created the VLAN 30, 40,50Now, for example, I need to create a policy so that only the VLAN 10 can reach VLAN 30 and vice versa.Since I'm new ino CP, can someone explain to me how to create this policy?Thanks and best regardsGaetano
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP 2 weeks ago
views 658 11

R77.20.87 Jumbo Hotfix Accumulator

They did it again - in addition to sk151574: R77.20.87 for Small and Medium Business Appliances, we now have the fresh new sk153433: R77.20.87 Jumbo Hotfix Accumulator with the new firmware image Build 2960. Nice to have a new build and a list of resolved issues - but for what reason name it Jumbo HF (which it is not, just a plain installation image containing fixed components) ? Or will R77.20.87 stay as a kind of final version for 7x0/9110/14x0 models that will get updated this Jumbo HF way from now on ?
vitaliyb
vitaliyb inside SMB Appliances and SMP 2 weeks ago
views 2676 11

Check Point 1450 Appliance Several External IP

Hi, all.I am a newbie with Check Point products.I have Check Point 1450 in my company. ISP bring us a network with /29 mask.Now I can assign only one IP to External interface.How can I let to work another 4 IP's?  
Suspend
Suspend inside SMB Appliances and SMP 2 weeks ago
views 108 4

750 Appliance with a DMZ'ed FTP Server

Hello, I was hoping to get some help setting up an FTP server on the DMZ port of a 750 Series Appliance.  I guess I'm actually looked for a "best-practice" technique because I'm not sure what I've done is the "proper" way.We have a static IP address for our internet connection and also have an additional static IP available for the FTP server, if desired.  I'd be happy using either.So, I have the 750 setup and working.  I activated the DMZ port and gave it an internal IP.  I setup an FTP machine on that subnet, plugged it into the DMZ port.  Then setup a "server" object to forward the FTP ports to the FTP server's IP.  I currently have the NAT for the server object set to "Hide Behind Gateway (port forwarding).Now, this setup works by accessing our main IP address BUT the FTP server software sees all incoming FTP connections as coming from our main (external) IP address.  Not the actual originating IP address of the client.  So it seems to me like the incoming traffic is getting "NAT"ed to our internet IP.  (Is that possible?)At this point I don't know what I'm doing wrong.  What I'd like is for the FTP Software to see incoming FTP connections with the originating IP address.  This way I could block/ban certain IP's.  Right now I can't block any IP's because everything is coming in with our public IP address.I've love an explanation of the correct way to do this. Thanks....
Bjorn_Tore_Gard
Bjorn_Tore_Gard inside SMB Appliances and SMP 3 weeks ago
views 5323 31 4

Gaia Embedded - R80.10

Hi.I am not finding any information on when R80.10 is to be released for installation on the Gaia Embedded gateways ? (1450).Does anyone have any information ?Thank You.
Rafal_NIedbala
Rafal_NIedbala inside SMB Appliances and SMP 3 weeks ago
views 4674 8 2

1400 - VLAN trunk on LAN ports?

I can't find way how to configure multiple ports to that same VLANs. Is it possible?I want to have two first ports configured for exmaple in vlan 2 and vlan 3.
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP 3 weeks ago
views 496 2

sk156933: Wireless LAN configuration fails if it includes diacritic characters

A new sk156933: Wireless LAN configuration fails if it includes diacritic characters has been released. Afaik, Passwords are restricted to 7-Bit ASCII, minus some special chars, see sk109148: List of allowed ASCII characters for passwords on Gaia OS|. sk156933 gives the simple fact that you are unable to set a password with diacritic characters (e.g. Umlauts) because your session will be terminated after clicking Apply and you will be logged out. But you can use them in autoconf.clish ! This will set a password with diacritic characters successfully. As a result, you are unable to edit wireless settings - your session will be terminated after clicking Apply and you will be logged out. After Reset to Default Settings, manually trying to set the same forbidden password makes that your session will be terminated after clicking Apply and you will be logged out. Also see this list SMB documents for more. 
Pedro_Espindola
Pedro_Espindola inside SMB Appliances and SMP 3 weeks ago
views 2197 5 3

How to see WAN interface speed

Hello everyone,I am unable to see the speed of WAN interface in 1400 appliances. I tried this:# clish -c 'show interface WAN'Failed to find the requested interface# ethtool WANSettings for WAN:No data available# cat /sys/class/net/WAN/speedcat: read error: Invalid argumentSNMP using IF-MIB::ifspeed, returns 0.All these commands work for DMZ, which is also set for internet.How can I check the WAN interface speed?