Create a Post

The CheckMates Blog

Showing results for 
Search instead for 
Did you mean: 
The CheckMates Blog

Here's where we let you know what's going on with the CheckMates Community.


Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed😞

CheckMates in Your Language? Sure!

Do not forget that while most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

Let us know if you want to have it in your native language as well.

Community Highlights

While Dameon and flatmoti enjoy their vacation, 

we are having a very busy week here at checkmates‌:

R80.x Security Gateway Architecture (Logical Packet Flow) 

Heiko Ankenbrand endlessly continues perfecting his popular article.

There is also a spin-out discussion:

How does the Medium Path (PXL) and Content Inspection work with R80 

were we deepen our understanding of Medium Path and related technological solutions. The newest painting by Heiko Ankenbrand‌ definitely helps:

Security Gateway Packet Flow and Acceleration - with Diagrams 

That is yet another attempt to put packet flows on a chart or two. This one is based on official Check Point GW architecture diagrams. FW path, Medium and Accelerated Paths are presented separately, for better clarity.

 How to use Identity Awareness Tags in R80.20.M1 

Tomer Sole‌ explains the new Identity tagging feature available with R80.20.M1 release

R80.10 Upgrade Guide and Best Practices - Slideshow 

This is another Tomer's hit (members only, sorry folks, you need to register to get here)

Block specific File extention 

we learn that R80.10 is needed for that.

Build Azure CloudGuard using Terraform

the title says it all

Checkpoint r77.30 cluster migration from hardware to VM 

We are discussing the most gracious ways to move a cluster into new environment.

Check Point Lightboard Series - SandBlast Mobile Architecture 

Must seen video about SandBlast Mobile

Oldie but goldie:

Danny Jung‌'s document  is almost one year old yet still steering interesting discussion in the comments: Common Check Point Commands (ccc) 

Another classic diagram Ports Used for Communication by Various Check Point Modules is still getting lots of hits

Upcoming Events

Read more
34 0 2,398

Welcome to "This Week in Checkmates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

If you can't wait for the weekly update, follow our Twitter account where threads are highlighted regularly: @CPCheckMates!

Community Highlights

Here are some highlights from the week's activity on CheckMates:

Check Point 1400 Appliance - FAQ

This is a great resource telling you everything you ever wanted to know about the 1400 series of appliances. One of our partners Danny Jung‌ put this together and is continually updating it!

Compliance Blade how-to videos

Tomer Sole‌ produced some videos on how to best leverage the Compliances Blade in R80.10. 

How to block OpenVPN

It's pretty straightforward if you want to block all use of it, a little bit less so when there is legitimate use you also need to allow. Still, something Application Control has no issue with.

Infinity R80.10 "Cool Feature of the Day" - Prevent installing the wrong policy 

One way to achieve this is to Set Installation Target for Policies‌, which has been an option for quite some time. Another way, introduced as a "beta" feature in R80.10, is described in this article.

Unify Policy Migration from R77.30

Some legacy features were not brought forward to R80.x as they have been replaced with newer features. In this thread, legacy user groups need to be replaced with Access Roles (an Identity Awareness feature).

Did You Know...

You can respond to the emails you get from CheckMates to update a thread?

I know this is a repeat of last week's tip, but I wanted to repeat it to reiterate the warning that goes with this: make sure if you use this feature, your email response doesn't include any signature information or it will be posted along with your messages! I've edited a few messages to remove this information.

Unless you've disabled email notifications on your account, which you can do here, you should get an email for new responses on a given thread or content you have chosen to follow, which you can do from the Actions menu:



When you get the email, it will look something like this:


Simply respond to the email like you would any other:



Your email will appear in the relevant thread as a reply to the comment you are responding to:



A word of warning: Make sure to disable your email signature on these emails as they will be included in your post to CheckMates. You may not want that. 



Upcoming Events

Our upcoming events in September include:

  • Cloud Security Best Practices with Amit Schnitzer on September 6th
  • Ask Me Anything with Dorit Dor and her team on September 18th



We would be delighted to hear your feedback! Here are a few ways you can share it with us:

Read more
0 0 765

Each month, we plan to highlight a specific member of the community. For August, that person is Tim Hall‌!

Tim Hall is the founder and owner of Shadow Peak Inc., an independently run enterprise started in 2004 that specializes in Check Point training and consulting services. His company has assisted clients from all over the world, including one with firewalls located in Antarctica.


Tim has been working with Check Point products since 1997, and as part of his work authored "Max Power: Check Point Firewall Performance Optimization", which centers on the performance intricacies of Check Point products. His newest publication, a second edition focusing on the R80 and R80.10 updates, is currently under development.


Although Tim would consider himself an expert in R80.10, he noted, “CheckMates has helped me with learning about the new R80 release, learning about little nooks and crannies in the GUI, and the underlying implementation.”


Apart from his love for technology, he also has a passion for collecting. Tim has a basement full of antique pinball machines from the 1970’s to the 1990’s, as well as a collection of arcade video games including Galaga, Tempest, and Pac-Man.


In Tim’s words:

"CheckMates is the continuation of spreading knowledge and assisting administrators with various problems.” 

On behalf of CheckMates, we thank Tim for sharing his valuable knowledge with us!

Our interview questions and answers are below:


Tell us a little about yourself & what you do

I've been working with Check Point products since 1997. I have had my own independently run business since 2004. My business Shadow Peak Incorporated is a one-man corporation that specializes in Check Point training and consulting services.


Tell us a little about your experience with Check Point

In 1997, with a company called Evolving Systems, we needed a firewall that could do a VPN, and there was this relatively new kid on the block called Check Point. It was a logical pairing of product to experience based on the Solaris systems experience I had. It's been 20 years this year that I've used a variety of Check Point products.


Do you have a unique deployment of a Check Point product?

There's a large defense contractor with firewalls in Antarctica that I did a fair amount of work for that had a pretty large Check Point deployment. I was doing some work with a firewall and I’m like, “Why is this one so slow?” It was because we’re going over a satellite to reach that area and we could only do it at certain times of day.


What do you use the CheckMates platform for?

With CheckMates for me, the best thing was learning about the new R80 release, learning about little nooks and crannies in the GUI, and the underlying implementation. Definitely learning about the new R80 and of course R80.10 releases is mainly what I use it for.


What do you like to do for fun? (Hobbies)

I collect antique pinball machines and video games. In my basement I have pinball machines ranging from the 1970s to the 1990s. I also have a Galaga, Tempest, Pac-Man – actual full size arcade cabinets. I'm also always reading about different technology or articles on CPUG. I strive to be a pure force of technical knowledge.


If you could create any new technology right now, what would it be?

If I could create any new technology, I'd say it would be for an individual's personal data that is bought, bartered, brokered, traded, etc., to notify them every time that data is used or accessed. It would be very scary and I think people would realize how much their personal data is just kind of floating around and being leaked and sold.

Read more
7 3 1,155