cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
SMB Appliances and SMP

Have a question about our Small Business Security and Branch Office Security solutions? This is where to ask! This includes the 600, 700, 900, 1400, and 1500 Series appliances, Security Management Portal, and legacy SMB appliances (UTM-1 EDGE, Safe@).

tony1
tony1 inside SMB Appliances and SMP 7 hours ago
views 29 1

910 SMB random reboots/crashes

Hello everyone,I am here to try my luck. Can you suggest me the best way to debug 910 random crashes? It usually reboots/crashes and after logging to the CLI of the GW, it responds very slowly. The CPU and memory usage seems normal according to the TOP output. The /log/messages just says that i reboots. I cannot find some hints about the problem there. I have booted the GW in debug mode and I have the putty console output now. What should I focused on? I would appreciate any advice. I am new to this. Thank you.
tony1
tony1 inside SMB Appliances and SMP 8 hours ago
views 53 4

Editing the specific 1430 SMB interface cause deleting the route

Hello everyone,I am looking for help. We have 1430 which is in the 10.x.x.x/24 mgmt subnet. We manage it from smarconsole on the server from 192.168.x.x/24 subnet. There is route from 10.x.x.x/24 to 192.168.x.x/24 on the GW. I have explored that if I edit the mgmt interface (ip 10.x.x.x) on our 1430 using webUI. Or just click on the edit button, change nothing and click on Apply, the connectivity to the gw from 192.168.x.x/24 subnet will be lost(no WebUI, no CLI, no ping). I checked the routing table (expert->route) and found out that the route just disappears. It happens everytime. It seems like the "editing action" cause deleting the route. The problem can be fixed manually adding the route to the routing table of the GW. The GW has the newest firmware. I would appreciate any advice. Thank you.
HristoGrigorov
HristoGrigorov inside SMB Appliances and SMP 16 hours ago
views 59 3

S2S VPN connectivity issues

Hi, I have S2S VPN to another 5000 series appliance running R80.10. It happens every now and then that the tunnel is up and one host can SSH to a host on the other end but another one can't. The strange thing is that the host that can't SSH is able to ping the IP on the other end. Problem happens with any protocol (RDP, HTTP, etc). Only ICMP seems to always work.  Resetting VPN tunnel solves the problem but it started to annoy me already so I am looking for more permanent solution. We tried to switch tunnel sharing from per-net to per-host with no success.  Have you ever encountered such issue ? Is it possible to be TP policy on the other end that is causing this issue ? 
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP 19 hours ago
views 107 3

A new firmware version is available: 1500_R80.20.00_992000696

Device > System Operations show: A new firmware version is available: 1500_R80.20.00_992000696 But when searching in UserCenter, no such firmware is found... Only R80.20 Build 992000668 for 1500 Appliances is present. Why that ?
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP yesterday
views 180 4 1

1550 SMB IPS and TP troubles

Finally, i have a working IPS on the 1550 in my Dashboard. But still, some issues remain. Look at my GW list with enabled blades:                                   Looks good - but what about TP Updates ? TE lists all GWs with TE enabled:                                         But IPS, AV and ABOT do not list it, look at the IPS Update Statuses:                                         You will only see in Device & License Information of the 1550 (or CLI) that it is updated - it does show IPS not updated, but the Version is the newest one:                 Hard to explain this to customers...
Wolfgang
Wolfgang inside SMB Appliances and SMP yesterday
views 89 1

DNS forwarding for internal domain

Hello CheckMates, is it possible to configure a DNS forwarder on a SMB appliance for specific domains? Meaning, clients have the appliance configured as DNS server, and the appliacne forwards requests for internal domain to the central DNS at the central site over VPN and all other requests are forwarded to DNS-server from provider. Problem is that the remote sites can access internet via local appliance. Connectivity to the central site is done via VPN and all internal DNS-server are hosted only at the central site. If the VPN connection to central site is up everything is fine, but if the connection is lost the clients can't resolve DNS names. Other vendors have a feature to do this DNS forwarding like described, but I missed this on Check Point appliance.  Another option would be to have a local DNS-server, but we don't want run any servers local. All ideas are welcome Wolfgang
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP yesterday
views 73 1

1550 hosts encountered an exploit attempt

CheckPoint SmartView is a good tool for log reviews with its templates like Attacks Allowed by Policy. During IPS profile testing on the 1550 - you had to limit IPS protections in a special SMB profile with the older Embedded GAiA models while 1550 / R80.20 now has a TP policy like all GAiA GWs do - i also used SmartView. This gave me an odd encounter i would not have expected: hosts encountered an exploit attempt ! Have a look:             The 1550 FifteenFifty 😊 is managed by SMS7520 🙃 and set to send Security  Logs and Syslog there. Seems not to be easy with Syslog, though:                                         Matthaeus 5:30: And if thy right hand offend thee, cut it off, and cast it from thee 😎
junior_kakou
junior_kakou inside SMB Appliances and SMP Wednesday
views 115 6

Remote Access Client Authentication VPN SSL (R77.20.86)

Bonjour tout le monde J'ai configuré l'accès distant VPN avec SSL. Pour connecter les utilisateurs distants, ils fournissent un identifiant et un mot de passe. J'ai Active Directory et j'aimerais que les utilisateurs authentifiés sur le domaine puissent utiliser leur accès Active Directory pour se connecter à vpn. Comment puis-je y arriver? J'utilise le point de contrôle 1490 GTP Version: R77.20.86 (990172855) Merci
TOM_MORAN
TOM_MORAN inside SMB Appliances and SMP Wednesday
views 240 3

exclude services vpn Gaia embedded

Hi when setting up a VPN in R80.10 there is the option to exclude services from the VPN Community. My question if using Gaia embedded & administrating via the Webui is it possible to do the same?The firewall in question is a 1450 running R77.20.86 .Is this supported on GAIA embedded? all help is appreciated    
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP Wednesday
views 80

1550 / 1590 Jumbo Frames Support

I was not able to locate this in the new  features listing from sk159173 - but in sk111407 Jumbo Frames Support we read: Small and Medium Business Appliances 1550 / 1590 Starting from R80.30 Jumbo Hotfix Take 76    OK, in fact you will you need central management with R80.30 JT 111, but it is a real enhancement as: The following appliances do not support Jumbo Frames: 600 / 1100 / 1200R / 700 / 1400 / 900 Small and Medium Business Appliances But sk159772 Check Point R80.20 for 1500 Appliances Features and Known Limitations tells us that neither centrally nor locally managed 1500s do support Jumbo Frames... I have provided SK feedback to get at the truth in this.
Hugo_vd_Kooij
Hugo_vd_Kooij inside SMB Appliances and SMP Tuesday
views 169 6

Memory leak in 14xx appliances with IPS enabled

Hi, Do any of you have ticket(s) open in regard to memory leak issue in the 14xx appliances with IPS enabled? So far we have seen this in 2 distinct setups. In on of these it only happened on 1 of the 30 remote offices. But we have run about a dozen different firmware versions and the issue was never resolved. If anyone want to share their ticket number(s) in a private message we can join forces and make Check Point more aware of the problem. Regards, Hugo.
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP Tuesday
views 106 1

LED indicators on 1550 Embedded GAIA appliance

For the older models we have sk123865 LED indicators on Embedded GAIA appliance - but not for the 1550 !                 We have four LEDs, from right to left they are: - On / Alert LED : Will blink in red for alerts - Internet LED : Shows if the internet connection is working - Cloud LED : Shows if the SMB is managed from the cloud, else it is off - WLAN LED : Shows if SMB WLAN is enabled, else it is off The first two LEDs were called Power and System on the old UTM-1 Edge, WLAN LED was present as WLAN LED and this model also had a very valuable additional LED - the VPN LED reflecting the current VPN status ! That times are long gone, we now have the Cloud LED that will light up when connected to Cloud management and be off if managed centrally or locally. Initially, i thought this will light up if all TP services are updated to the current version - might be a helpful feature, but this LED only cares for cloud...

SMB 1470 centraly managed and management throught VPN

Hello,i have in production 2 1470 SMB appliances that are locally managed. One 1470 is at  site A and the other one is at  site B. Both 1470 SMB are DAIP gateways and we are using NoIP DDNS.There is site-to-site VPN. The customer is imlementing Remote desktop service  for thin clients and wants to be able to implement firewall rules specific for a specific user and because with RDS the connection is comming always from the same IP adress i have to install MUH (Multi user agent) ond the RDS server. When the SMB appliance is managed locally there is no possibility to use the identity agents but for the centrally managed SMB the agents are supported based on the sk97751.  In this SK it is not clear if MUH agent is supported. I have few questions:1. If i install Secure management R80.10 in site A can i import a configuration from a locally managed device to the SM server and if yes how?2. When i connect SMB 1470 on site A with the SM R80.10 and configure the S2S VPN with  locally managed 1470 on site B how can i configure Firewall B to be managed by the SM that is on the siteA? If i change on the firewall B the option security management from local to central i presume it will clear all the configuration and i will lose the VPN and cut off myself from the fireall B.     
Sanja_Rakic
Sanja_Rakic inside SMB Appliances and SMP a week ago
views 233 7

Cluster of two 1200 R devices in bridge mode

Hello everybody,I have two Check Point 1200R devices and they have just one bridge made of two LAN interfaces connected to the rest of the network. I want to create HA cluster and I constantly fail. These gateways are being centrally managed.All interfaces are up, but once I try to get the topology, I constantly see just one of the LAN interfaces making cluster.Do you have any idea how to troubleshoot it?Best regards, Sanja
Patrick_Tuttle1
Patrick_Tuttle1 inside SMB Appliances and SMP a week ago
views 374 4

SMB Questions (management & fetching policy)

Hello CheckMates;We have some questions regarding the SMB platform. We were under the impression that these device could call home ang grad policy  from centrally managed check point.  We are testing this in our lab with R77.20 and 1200R R7720.81Looking at /var/log/log/sfwd.elg  we see it calling out but then saying "Local security policy is up to date" "same policy as already on module"   We are also considering deploying these in our SCADA environment in the field over very slow links and were hoping the policy install would be a quicker process compared to a regular gateway running full Gaia. Not sure this would be a smaller file resulting in a faster (lass bandwidth intensive) policy install. And our other question is whats the differences between using Smart Provisioning (LSM) or the newer product SMP?  Are there any advantages?  One thing We would need in our environment is to keep all management local on Prem as opposed to being in the cloud.  We are told this due to NERC-CIP guidelines. Thanks and appreciate any direction / experience anyone can share.