Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
Hi Checkmates,
Using VSX mode, 2 checkpoint 12000 series, R77.30
I got this log when trying to access a website, and it deny access.
Anyone facing this problem already.
Please help me on this case,
Thank you guys,
Zed
Sure (if Checkpoint allows)
How to increase / disable max_header_length
| Solution ID | sk44674 |
| Product | IPS |
| Version | R70, R71, R75, NGX R65, R76, R77 |
| OS | SecurePlatform, Windows, Linux |
| Platform / Model | All |
| Date Created | 28-Apr-2010 |
| Last Modified | 18-Feb-2014 |
It was not changed for all instances in Smart Defense / IPS. Each profile has its own setting. All the settings need to be changed.
On the Security Management via GuiDBedit.
1.Log out of all smart console applications.
2.Log in to GuiDBedit.
3.Search guidbedit for the following data string http_max_header_length.
Make sure the value is the value you want it set to on all profiles (detailed below). The default is 2100, max is 12288. (Left side shows current value – changeable, right side shows default value – not changeable).
Then click Ctrl+F and click find next. You should see this parameter for each of the following object names. For each of them, perform the change. They should, but might not appear in the following order:
AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra
TemplateAdvancedSecurityObject
RecommendedAdvancedSecurityObject
If Smart Defense / IPS is deactivate and the issue persists (traffic still being dropped), adjust the DeactivatedAdvancedSecurityObject to the desired length.
4.After performing the changes, save and exit.
5.Install policy.
6.If the drop is still present, consider increasing the value even further.
In case the solution fails completely, consider disabling http_max_header_length enforcement:
1.Log out of all smart console applications.
2.Log in to GuiDBedit.
3.Search guidbedit for the following data string http_enforce_max_header_length.
Change it's value from true to false on all profiles:
AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra
TemplateAdvancedSecurityObject
RecommendedAdvancedSecurityObject
4.After performing the changes, save and exit.
5.Perform cpstop and cpstart on the Security Management.
6.Install policy.
Hi Zed,
just check sk44674, maybe it helps.
Cheers
Vincent
Hi Vincent,
Thank for your reply.
My UC account doesn't have advance access to see the Solution. Could you please capture the text for me.
Thank in advance,
Zed
Sure (if Checkpoint allows)
How to increase / disable max_header_length
| Solution ID | sk44674 |
| Product | IPS |
| Version | R70, R71, R75, NGX R65, R76, R77 |
| OS | SecurePlatform, Windows, Linux |
| Platform / Model | All |
| Date Created | 28-Apr-2010 |
| Last Modified | 18-Feb-2014 |
It was not changed for all instances in Smart Defense / IPS. Each profile has its own setting. All the settings need to be changed.
On the Security Management via GuiDBedit.
1.Log out of all smart console applications.
2.Log in to GuiDBedit.
3.Search guidbedit for the following data string http_max_header_length.
Make sure the value is the value you want it set to on all profiles (detailed below). The default is 2100, max is 12288. (Left side shows current value – changeable, right side shows default value – not changeable).
Then click Ctrl+F and click find next. You should see this parameter for each of the following object names. For each of them, perform the change. They should, but might not appear in the following order:
AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra
TemplateAdvancedSecurityObject
RecommendedAdvancedSecurityObject
If Smart Defense / IPS is deactivate and the issue persists (traffic still being dropped), adjust the DeactivatedAdvancedSecurityObject to the desired length.
4.After performing the changes, save and exit.
5.Install policy.
6.If the drop is still present, consider increasing the value even further.
In case the solution fails completely, consider disabling http_max_header_length enforcement:
1.Log out of all smart console applications.
2.Log in to GuiDBedit.
3.Search guidbedit for the following data string http_enforce_max_header_length.
Change it's value from true to false on all profiles:
AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra
TemplateAdvancedSecurityObject
RecommendedAdvancedSecurityObject
4.After performing the changes, save and exit.
5.Perform cpstop and cpstart on the Security Management.
6.Install policy.
Hi Vincent,
Very appreciate for your help. Already sloved.
Thank you,
Zed
Hello Zed,
i am glad that I could help, you're welcome!
Cheers
Vincent
Hi Vincent,
Hope you're doing well, could you please help me capture solution of sk36161.
I'm requesting CP allow my account access to solution.
Thank you so much,
Zed
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY