Showing results for 
Search instead for 
Did you mean: 
Start an article


Looking forward to becoming a master of Identity Awareness? 


Read more
4 0 122

When VPN tunnel establishment fails on IKE negotiation, "site is not responding error" may mean different things. SecureKnowledge Article Troubleshooting "site is not responding" Issues describes twelve different scenarios when this message can appear and provides advanced guidance on how to resolve them.

Read more
2 0 143

Most of you have heard already about our new ground breaking product: Check Point Maestro Hyperscale .


But did you know we already have a SecureKnowledge article about it? It describes the solution and provides you references to its Maestro documentation, downloads, guides and notes, and further resources. 

Whether you have decided using this technology already or are just curious, add sk138233 to your bookmarks. 

Read more
5 0 272

Do you want to know how Check Point IPS works? What's its architecture, structure, logic of operations, CoreXL dependencies? How to troubleshoot it the most effectively?

All these topics are discussed in IPS Advanced Technical Reference Guide

Read more
5 0 239

This week we feature yet another Advanced Technical Reference Guide - Gaia Embedded Appliances

The article references all appliance product pages, describes troubleshooting and monitoring techniques, and lists other SecureKnowledge articles that might be useful when working with SMB appliances.  

Read more
5 0 202

CPUSE - Check Point Upgrade Service Engineis an advanced and intuitive mechanism
for software deployment on Gaia OS, which supports deployments of single Hotfixes (HF), Hotfix Accumulators (HFA), and Major Versions.

SecureKnowledge article sk92449 describes CPUSE architecture, principles, collection of "how-to" tips and troubleshooting techniques.

It is worth having it included in your bookmarks, just in case.

Read more
6 0 454

Whether you are already using Check Point Scalable Platforms Appliances in your data center or just consider them as a next step, this Advanced Technical Reference Guide will be extremely useful.

It describes principles of architecture, best practices, tuning recommendations and also has links to further SecureKnowledge articles and documentation for the matter.

Read more
7 3 184

Looking to extend your automation and orchestration and include day to day routines of managing OS and product settings of your Security Gateways? We now have the perfect tool for you. 

GAIA REST API was released last week and it is generally available for all R80.x flavors, gateway or management alike.

For more information click here.

Read more
4 8 344

If you are tired of jumping between CLISH and Expert shell when configuring and tuning your Gaia based security devices, take a look at Dynamic CLI: Dynamic CLI: Enhancing CLISH with new Expert mode commands  

Also, if you are attending one of CPX360 events, come to Valeri Loukine‌'s sessions to see some demos.

Read more
18 35 1,181

Provisioning can be a challenge, especially if you need to deploy multiple Security Gateways remotely. If this is one of your tasks, you may want to learn how to perform it with Check Point Zero Touch Cloud Service for Gaia OS and Gaia Embedded SMB appliances 

Read more
6 0 247

Working with Application Control Software Blade can be challenging sometimes. How to build an effective AC policy rules? What categories should be blocked unconditionally? How to deal with unknown applications? What about HTTPs inspection, is that required or not?

These and many other questions are answered in Best Practices - Application Control  SecureKnowledge article.

Read more
3 2 362

Check Point Multi-Domain Security Management (MDSM) is a centralized management solution for large-scale, distributed environments with many discrete network segments, each with different security requirements. This solution lets administrators create Domains based on geography, business units or security functions to strengthen security and simplify management.

Each Domain has its own Security Policies, network objects and other configuration settings. You use the Global Domain for common security Policies that apply to all or to specified Domains. The Global Domain also includes network objects and other configuration settings that are common to all or to specified Domains.

MDSM is a complex environment and it can be overwhelming sometimes, especially if one has a limited understanding of its structure, dependencies and troubleshooting techniques.

To help you out, there is ATRG: Multi-Domain Security Management R80.x document describing the architecture, data flow and structure, inter-process communication, synchronization, and troubleshooting tools.

Read more
4 0 218

Are you still running standard Linux tcpdump on your Firewalls? Did you know it can cause high CPU utilization?

For better results, use CPPCAP - Check Point specialized traffic capture utility. For more information, read this SecureKnowledge Article: sk141412

Read more
6 3 469

Have you ever dreamed about having all the useful tools at the same place? 

Here is your ultimate collection of support tools and more: Support Debug Tools 

Read more
5 4 601

Did you know that there is a way to connect one of your Security Gateways to a switch mirror (span) port on a switch to run security inspection of the traffic without interfering?

This type of deployment is called Monitor Mode.

Monitor Mode on Check Point Security Gateway interface is usually configured to monitor and analyze network traffic without affecting the production environment.

You can use mirror ports in the following scenarios:

  • As a permanent part of your deployment, to monitor the use of applications in your organization.
  • As an evaluation tool for the capabilities of the Application Control and Threat Prevention blades before you decide to purchase them.

Benefits of a mirror port include:

  • There is no risk to your production environment.
  • It requires minimal set-up configuration.
  • It does not require TAP equipment, which is much more expensive.

Read the following article for more information: Monitor Mode on Gaia OS and SecurePlatform OS.

Read more
8 1 393

In case you missed the November SET Newsletter we released last week, here it is again:
Security Expert Technical Newsletter (SET November2018) .

Read more
11 0 155

Arguably, the most popular tool to troubleshoot traffic crossing a Security Gateway is fw monitor. However, not all security engineers and administrators are familiar with the full potential of fw monitor.

The tool is extremely powerful, flexible and versatile.

To unleash its full potential, please look into the article of the week: What is FW Monitor? 

Read more
19 6 2,656

One of the classic yet not so commonly used features of ClusterXL is the ability to configure cluster IP addresses in a manner where physical IP addresses and VIPs are on different network subnets.

 The advantage of this is that it:

  • Enables a multi-machine cluster to replace a single-machine gateway in a pre-configured network, without the need to allocate new addresses to the cluster members.
  • Makes it possible to use one routable address only, for the ClusterXL Gateway Cluster.

Article sk32073 explains the configuration, implications and limitations of this feature. 

Read more
6 2 6,413

The Threat Emulation RESTful API is available on any Check Point appliance with enabled Threat Emulation blade. It allows you to:

  • Query for emulation results
  • Download reports
  • Upload files for emulation/extraction

For more details and usage examples, look into the following SK article: Threat Prevention API for Security Gateway 

Read more
4 0 8,146

Our featured SecureKnowledge article of the week is SecureXL Penalty Box

Protecting your networks from DDoS attacks is a challenge. With SecureXL Penalty Box, your Security Gateway can start dropping IPs frequently reported by IPS, without decreasing performance.

To learn more about this feature, please read the article.

Read more
8 4 10K

This week we feature the Advanced Technical Reference Guide for R80.x Multi-Domain Security Management.

As you know, Check Point management server architecture has been completely changed after R77.30. Understanding the new structure, data flows, dependencies and troubleshooting techniques is vital for maintaining a stable and reliable security system.

If you are interested to learn how the new MDSM servers process data, synchronize databases, interact with elements of SmartConsole GUI clients, treat logs, etc., this article is for you.    

Read more
10 0 15.3K

Today we feature SandBlast Mobile 3.0 release. 

SandBlast Mobile 3.0 release adds Anti-Phishing and more protections to a light-weight iOS or Android app which integrates with leading UEM (Unified Endpoint Management) vendors like VMware AirWatch, BlackBerry, IBM MaaS360, MobileIron, Microsoft Intune and Ctirix XenMbobile.

Find the latest integration guides, release notes, videos and more in the SandBlast Mobile‌ space.

Also, you can read Check Point Press Release about SandBlast Mobile 3.0 and download SandBlast Mobile 3.0 release Notes PDF

Read more
5 0 19.6K

Whether you work on improving performance of your Security Gateways or Management Servers, OS cumulative statistics are important for understanding the issue in hands and identifying a bottleneck. 

Gaia OS uses standard Linux instrument sar to provide such information. With sar command one can look into statistics about disk operations, system interrupts, network utilization, CPU times and memory usage.

For the comprehensive details about usage of the command sar, look into the following SecureKnowledge article: How to collect System Activity Report using the "sar" command 

Read more
4 0 19.1K

Somehow missed this in the discussion of the Unified Policy Column-based Rule Matching discussion, but encountered it recently when testing IPS. The drop log Access Rule Name is CPEarlyDrop and the log points to sk111643 Early drop of a connection before the final rule match which covers it well. The explanation pasted below is from the SK and this is also mentioned in ATRG: Unified Policy. Think it explains it pretty well. Check out the SK for more info.

The Unified Policy may contain filter criteria that cannot be resolved on a connection's first packet, such as Application or Data. Therefore, on some connections the final rule match decision is reached only on the following data packets.

However, the Rule Base may decide to block the connection at an early stage without a final rule decision, if all potential rules of the layer for a specific connection have a Drop or Reject action. This drop will issue a log with Rule Name "CPEarlyDrop" and hits will be counted for all the potential rules.

Layer potential rules are a list of rules that have matched the connection so far, according to filter criteria that were resolved for arrived packets (IP, port, VPN tunnel etc). Consider the following policy:

When the FTP connection is opened, the potential rules that match the first packet criteria are (4,6,7). The reason is because the Skype application is searched on any port, but the final conclusion for Skype matching can be determined only on data packets. Nevertheless, since all potential rules have a Drop action, the connection will be blocked on the first packet, even though the final decision of the rule-base was not made.

The Unified Policy is Smart (my comment).

Read more
7 1 47.9K

Some month ago we have described Check Point's new tool for automated deployment: Blink - Gaia Fast Deployment Tool.

Today we want to present you SecureKnowledge article for it: sk120193. All you need to know to start working with the tool is mentioned in the article: requirements, use cases, supported software versions, configuration details and limitation.

This article is one worth adding to your bookmarks.

NoteR80.20 Blink images are still being tested by QA and are planned to be released soon

Read more
5 0 18.8K

This week we feature the article Best Practices - HTTPS Inspection . 

The topic is rather hot these days, as need to secure and control both inbound and outbound HTTPS encrypted traffic is growing fast.
The article explains different modes of deployment, creation and use of SSL certificates, and an inspection rulebase. It lays out specific parameters and considerations, such as encryption parameters and cipher details.

Most importantly it provides references for estimated performance and tools for troubleshooting the resulting security system.

Whether you only consider HTTP Inspection or use it already, this is the best reading material to work with for the matter. 

Read more
6 0 19.7K

Understanding how a particular connection is matched through your security policy is vital. There is now a tool for that, Check Point Packet Injector.

This utility is executed on the Security Gateway, simulating packets arriving from the sender on their way to the target host. After the packets are sent, Packet Injector listens for response packets from the target host back to the sender passing through the Security Gateway, letting the user know they arrived.

For more details, please refer to the article.

Read more
7 14 19.5K

In case you get this error when trying to run a portable version of SmartConsole like I was doing this morning in Windows 10:

The answer is pretty simple.

Before uncompressing the ZIP file, right-click on the zip file and "unblock" it before unzipping.

Then, when you unzip the file and run SmartConsole.exe, it should work.

Source SK: "Failure while deserializing object of type" error in SmartConsole when trying to connect to Securit... 

Read more
4 2 73.7K

The new September 2018 SET Newsletter is now released.
Have a look: Security Expert Technical Newsletter (SET September 2018) 

If you are still not registered to receive our SET Newsletter, visit our SET Newsletter web page for instructions how to subscribe.

Read more
2 0 32.3K

The article of the week is ATRG: Threat Extraction

It describes everything you need to know about Threat Extraction with Check Point:

  • Need for Threat Extraction and its concept
  • Its place within Threat Prevention capabilities of Check Point
  • Supported implementation modes, configurations and requirements
  • Config files and CLI commands
  • Troubleshooting techniques and debug suggestions

The article also contains a very detailed FAQ section and a list of references to related SecureKnowledge articles.

Read more
3 0 10.8K