cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Greg_Galowitz
Greg_Galowitz inside SMB Appliances and SMP 3 hours ago
views 1968 4 1

WatchTower app Enterprise support

Hello, I have 2200, 3200 and 15600 firewalls. I was exited to learn about the watchtower app, but found out its only for small business.  Will these enterprise firewall get supported in the app?  Thank you, Greg
yishaia
yishaia inside SMB Appliances and SMP 6 hours ago
views 24 1

Checkpoint 1490 FTP backup

Hello, I'm trying to set up PERIODIC BACKUP SETTINGS on checkpoing 1490,on backup server path i use : ftp://ftpserver/fw/backups/when i set up the ftp server hostname only "ftpserver" its work but go to the root dir of the ftp server.another question,my ftp server is on port 2100, when i set it up its trying only on port 21, anyway to change it? Thanks
HunterMathews
HunterMathews inside SMB Appliances and SMP Thursday
views 69 1

User Check Page only showing up for some devices

I am currently configuring URL Filtering on a Check Point 1430.  I have 2 LANs coming in. Comcast Network (CN) and Plant Network (PN). There is also a DMZ configuring on the firewall. There is a Domain running on the networks. The DC sits solely on PN. For example, I'm trying to block https://www.netflix.com and https://www.9gag.com On my phone 1, going through CN WiFi, I get the User Check Page when accessing either page.On Desktop 1, not on domain, using a local user account, and hardwired into CN, I get the User Check Page when accessing 9gag. When accessing Netflix, I get Connection Failed screen.On  desktop 2, not on domain, using a local Admin account, using CN WiFi, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.On desktop 2, not on domain, using a local Admin account, hardwired into CN, Netflix is blocked with secure connection failed. 9gag is NOT blocked at all.On a VM 1, on domain, using an Admin account for Domain, Hard Wired into either PN or DMZ, both sites are blocked with the User Check Page Priority is making sure things are blocked on WiFi, specifically phones and iPads, so the works can't access sites they shouldn't be with them.   
Mathias_Weidner
Mathias_Weidner inside SMB Appliances and SMP Thursday
views 146 3

Analyze firewall config on checkpoint appliance

Hi all, I want to analyze the configuration on older firewall appliances (1450) with R77.20.80.In expert mode I found a lua script that seemed to export the whole configuration as CSV, that I can call as# lua /pfrm2.0/bin/cli/showConfig.luaThe output looks good so far except for the port forwarding on a server definition:add server name "JTBCK01" ipv4-address "a.b.c.d" dhcp-exclude-ip-addr "on" dhcp-reserve-ip-addr-to-mac "off" dns-resolving "false" set server server-ports "JTBCK01" web-server "off" mail-server "off" dns-server "off" ftp-server "off" citrix-server "off" pptp-server "off" custom-server "on" set server server-access "JTBCK01" access-zones "all-zones" allow-ping-to-server "on" log-blocked-connections "on" log-accepted-connections "on" set server server-nat-settings "JTBCK01" nat-settings "port-forwarding" port-address-translation "off" force-source-hide-nat "on"This server uses a non-standard port and I can see the port definition in the web interface but nowhere in the output of the above mentioned script.Is there anything I am missing or are there better ways to analyze configurations from older firewalls.Thanks for your help.Kind regards,Mathias
Albe87
Albe87 inside SMB Appliances and SMP a week ago
views 138 7

error after reset L-50WD

Hi to everyone, a friend of mine gave me a checkpoint L-50WD which he no longer uses.It was previously set for his office, so when i taken it, the first thing i've done was a reset by pushing the reset switch on the bottom of the router.Unfortunately the result was an error in the end of the procedure, and the router falled in a loop of reboots.The only way found for see what happened is plug a console cable rs232 and open a console view whit putty.The log file saved after the failed procedure show the problem, or better, at least a couple of problems:- one block of memory cannot be write (bypassed automatically)- the router OS fail the boot when it try to create a certificate authority.The questions are:- there is any chance of repair of the second issue?or- there is any chance to overwrite the entire software with a clean image in case the recory is damaged?or- have any sense (if the point one and two of my request are not possibles) try to save the router by installing a third part OS via Gaia boot menù? Thank's for your attention and sorry for my monkey english (with no disrespect for the monkey's XD) Albep.s. attached the copy of the clipboard with the boot and the log file.
Gaetano_Nicosia
Gaetano_Nicosia inside SMB Appliances and SMP a week ago
views 157 5

Rule for traffic between two vlan

Good MorningI have this "scenario" on my Firewall 730.On LAN1 Ihave created the VLAN 5, 10, 20On DMZ  I have created the VLAN 30, 40,50Now, for example, I need to create a policy so that only the VLAN 10 can reach VLAN 30 and vice versa.Since I'm new ino CP, can someone explain to me how to create this policy?Thanks and best regardsGaetano
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP 2 weeks ago
views 657 11

R77.20.87 Jumbo Hotfix Accumulator

They did it again - in addition to sk151574: R77.20.87 for Small and Medium Business Appliances, we now have the fresh new sk153433: R77.20.87 Jumbo Hotfix Accumulator with the new firmware image Build 2960. Nice to have a new build and a list of resolved issues - but for what reason name it Jumbo HF (which it is not, just a plain installation image containing fixed components) ? Or will R77.20.87 stay as a kind of final version for 7x0/9110/14x0 models that will get updated this Jumbo HF way from now on ?
vitaliyb
vitaliyb inside SMB Appliances and SMP 2 weeks ago
views 2676 11

Check Point 1450 Appliance Several External IP

Hi, all.I am a newbie with Check Point products.I have Check Point 1450 in my company. ISP bring us a network with /29 mask.Now I can assign only one IP to External interface.How can I let to work another 4 IP's?  
Suspend
Suspend inside SMB Appliances and SMP 2 weeks ago
views 108 4

750 Appliance with a DMZ'ed FTP Server

Hello, I was hoping to get some help setting up an FTP server on the DMZ port of a 750 Series Appliance.  I guess I'm actually looked for a "best-practice" technique because I'm not sure what I've done is the "proper" way.We have a static IP address for our internet connection and also have an additional static IP available for the FTP server, if desired.  I'd be happy using either.So, I have the 750 setup and working.  I activated the DMZ port and gave it an internal IP.  I setup an FTP machine on that subnet, plugged it into the DMZ port.  Then setup a "server" object to forward the FTP ports to the FTP server's IP.  I currently have the NAT for the server object set to "Hide Behind Gateway (port forwarding).Now, this setup works by accessing our main IP address BUT the FTP server software sees all incoming FTP connections as coming from our main (external) IP address.  Not the actual originating IP address of the client.  So it seems to me like the incoming traffic is getting "NAT"ed to our internet IP.  (Is that possible?)At this point I don't know what I'm doing wrong.  What I'd like is for the FTP Software to see incoming FTP connections with the originating IP address.  This way I could block/ban certain IP's.  Right now I can't block any IP's because everything is coming in with our public IP address.I've love an explanation of the correct way to do this. Thanks....
Bjorn_Tore_Gard
Bjorn_Tore_Gard inside SMB Appliances and SMP 3 weeks ago
views 5320 31 4

Gaia Embedded - R80.10

Hi.I am not finding any information on when R80.10 is to be released for installation on the Gaia Embedded gateways ? (1450).Does anyone have any information ?Thank You.
Rafal_NIedbala
Rafal_NIedbala inside SMB Appliances and SMP 3 weeks ago
views 4672 8 2

1400 - VLAN trunk on LAN ports?

I can't find way how to configure multiple ports to that same VLANs. Is it possible?I want to have two first ports configured for exmaple in vlan 2 and vlan 3.
G_W_Albrecht
G_W_Albrecht inside SMB Appliances and SMP 3 weeks ago
views 496 2

sk156933: Wireless LAN configuration fails if it includes diacritic characters

A new sk156933: Wireless LAN configuration fails if it includes diacritic characters has been released. Afaik, Passwords are restricted to 7-Bit ASCII, minus some special chars, see sk109148: List of allowed ASCII characters for passwords on Gaia OS|. sk156933 gives the simple fact that you are unable to set a password with diacritic characters (e.g. Umlauts) because your session will be terminated after clicking Apply and you will be logged out. But you can use them in autoconf.clish ! This will set a password with diacritic characters successfully. As a result, you are unable to edit wireless settings - your session will be terminated after clicking Apply and you will be logged out. After Reset to Default Settings, manually trying to set the same forbidden password makes that your session will be terminated after clicking Apply and you will be logged out. Also see this list SMB documents for more. 
Pedro_Espindola
Pedro_Espindola inside SMB Appliances and SMP 3 weeks ago
views 2196 5 3

How to see WAN interface speed

Hello everyone,I am unable to see the speed of WAN interface in 1400 appliances. I tried this:# clish -c 'show interface WAN'Failed to find the requested interface# ethtool WANSettings for WAN:No data available# cat /sys/class/net/WAN/speedcat: read error: Invalid argumentSNMP using IF-MIB::ifspeed, returns 0.All these commands work for DMZ, which is also set for internet.How can I check the WAN interface speed?
Amir_Ayalon
inside SMB Appliances and SMP 3 weeks ago
views 348 2 4
Employee

UTM-1 Edge support on R80.30 And R80.40

Hi All, If you are using UTM-1 Edge devices and are managing them centrally, please be advised that R80.30 is the last management version to support such edge devices. UTM-1 Edge devices will not be supported in R80.40. Check Point believe that it is essential to keep security current and up to date. Part of the this process it to refresh our appliances. During 2016 Check Point released new line of appliances delivering the latest security replacing the 1100 series and UTM-1 Edge series. We urge all our customers to upgrade to the latest security appliances. The central management of UTM-1 Edge is no longer possible starting R80.40 and above. For management users who plan an upgrade to R80.40 we recommend that you also upgrade your Edge gateways to a newer model. While still using Edge, do not upgrade your management to R80.40.   Thanks     Amir Ayalon | SMB Project Management Team LeaderCheck Point SW Technologies. | ( +972-733-79-8629 amiray@checkpoint.com
Pedro_Espindola
Pedro_Espindola inside SMB Appliances and SMP a month ago
views 2377 10 1

Version R77.20.87 Build 990172938 not documented

Hello everyone, Does anybody know anything about version R77.20.87 Build 990172938 for SMB appliances? It is not documented but it has a download page and is available in the Firmwares page of the SMP.