cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

The CheckMates Blog

Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates Around The World

Been a while since I've shared photos of events, but it's been quite a busy last several weeks.

Earlier in July, I did our first events in the Caribbean! Had nice crowds in Trinidad and Barbados. 

Trinidad.pngFlatMoti.jpg

Meanwhile, @Valeri_Loukine did our first event in Minsk this past week to an enthusiastic crowd!

val-minsk.jpg

Community Highlights

Here are the threads to watch from the last week:

Not Able to Find the Serial Number

While we've had the ability to query at the OS level for a serial number for a while now, this doesn't work on some older appliances.

GeoProtection Daily Update Issue From July 10th

This caused some customers issues. Here's the official story on what happened.

Is It Possible to Change an Interface MAC Address?

You can temporarily anyway.

Can I Replace Conventional Antivirus Kaspersky with Check Point Endpoint Suite

Why, yes you can.

Maestro TechTalk

Get the answers to your burning questions about Maestro.

Version R77.20.87 Build 990172938 Not Documented

Discussion around TCP SACK fixes for SMB appliances

My Top 3 Check Point CLI Commands

This 2 year old post by @Moti is by far our most popular post on CheckMates, and it's still getting replies!

When Will Check Point Support Load Sharing in R80.20 or R80.30?

It's coming soon for R80.30.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Here's where you can find @Valeri_Loukine and I over the next few weeks

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 412
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Community Highlights

Here are the threads to watch from the last week:

New Releases

CheckMates Member of the Month for July 2019: Nicholas Doropoulos

Put your virtual hands together!

Behavior of HA Cluster When SYN Link is Down

A bonded sync link is a good idea.

One Liner Collection

Similar to My Top 3 CLI Commands but it lists posts that reference some more complicated CLI foo.

High Dispatcher CPU

How to troubleshoot.

High CPU on Allowed But Unknown Traffic

Similar to the previous thread, but involving VSX.

Win10 E80.85 Endpoint Patching VPN Connection Lost July Updates

If you're applying Windows 10 updates, make sure the Endpoint Security client is also updated as well.

Unable to Connect to McAfee SIEM via LEA After Upgrade to R80.20

Some changes were made in R80+ with regards to OPSEC, make sure your third party products have been updated.

Check Point OS Download

Explaining the various options.

Parsing The Output of "mgmt_cli" Using jq

An oldie but goodie that periodically comes up.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Here's where you can find @Valeri_Loukine and I over the next few weeks

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 446
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Community Highlights

Here are the threads to watch from the last week:

New Releases

CPX 360 2020

We're getting a head start on our next big CPX 360 events!

RDP Nightmares

Our latest episode of the CheckMates GO podcast

"cpconfig" => "Administrator" does not show the options to list all admins

Admins have been configured in SmartConsole/Dashboard for a while now, cpconfig is a legacy option.

policyCleanUp.py Issue

The issue was the default API port was changed from 443. That means all your scripts and API calls must use the port you've configured.

Introduction to Identity-Based Access Control and Threat Prevention

Another good video from @Peter_Elmer

Rulebase Policy Export from Gateway

It's much easier to do this from the management if at all possible.

SIP NATing Fills up fwx_alloc Even When There's No NAT used for SIP

SIP Early NAT is at play here.

AD Query Server Connection

Make sure you've enabled connectivity between the gateway and the AD server.

VPN Usage Report

A few threads are highlighted in here.

Custom View Report for Application Usage Broken Out By Week Over Time

Requires some work in Excel in addition to the correct SmartEvent report.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Here's where you can find @Valeri_Loukine and I over the next few weeks

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 1,612
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Community Highlights

Here are the threads to watch from the last week:

R80.10 Jumbo Hotfix 214

New ongoing jumbo hotfix is available for R80.10.

R80.20.M2 Jumbo Hotfix

If you're considering this release, consider R80.30 instead.

Change admin Password to Enter SmartConsole R80.10

Couple ways to do it.

Is Both HTTPS Inspection and Categorize HTTPS Websites Supported?

From R80.20, yes.

Different DNS Server per VS

Not currently supported.

SmartLog (and SmartView) Query Syntaxes

How to search for different networks in the logs.

Proxy ARP on Gaia

When working with NAT.

Creating (and Updating) Network Objects via API

What's the process for figuring out an object exists and updating it?

Protocol Signatures

What are they?

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Here's where you can find @Valeri_Loukine and I over the next few weeks

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 711
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Community Highlights

Here are the threads to watch from the last week:

Dynamic CLI and Gaia APIs TechTalk and Q&A

If you missed it, the recording and slides are here.

Is It Possible to Export and Import Host Objects?

Of course it is.

Details of Fields Logged

We don't have a comprehensive document, but Log Exporter has some of it documented.

Legacy Auth on R80.10 Gateways

It works, but you should really move to Identity Awareness.

Why are some IPS Signatures Inactive?

Check the Threat Prevention profile settings.

Why Do We See Logs on Rules Which Are Not Installed Yet?

It's a feature.

Updateable Objects and NAT

Apparently, this is also a feature.

Publish and Install Difference

For those new to R80.x.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 

Read more
0 0 922
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates in Russia, Kazakhstan, and Canada

The CheckMates team was busy getting the word out all over the world! @Valeri_Loukine was in Moscow and Almaty:

WhatsApp Image 2019-04-19 at 04.01.55.jpeg WhatsApp Image 2019-04-19 at 04.03.09.jpeg

And #FlatMoti and I were in Quebec City, Ottawa, and Montreal

IMG_3756.jpg IMG_3781.jpg

Community Highlights

Here are the threads to watch from the last week:

Finding Root Cause for all the F2F Traffic

Does require digging into the configuration a bit.

Use of Private ThreatCloud behind Load Balancer

Didn't realize this was possible.

IPS, Follow-Up, and Staging

How these worked changed from R77.x to R80.x.

Check SIC Status Without SmartConsole

cprid_util to the rescue

2019 Job Task Analysis Survey

This will help our Training and Certification team

Does the 4600 Appliance with 4GB of RAM Support R80.20?

Yes, it does.

Gaia Backup All Clish Configs From All Gateways With a Single CLI Command

Neat trick!

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

 

Read more
1 0 1,521
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates in Vienna and Salzburg

@Valeri_Loukine did events in Vienna and Salzburg. Only got one picture from both events:

IMG_1857.jpg

Community Highlights

Here are the threads to watch from the last week:

CheckMates GO Episode 1: Threat Intelligence

We've launched our new podcast, CheckMates GO! Look for it in iTunes, Google Play, or wherever finer podcasts are procured!

Problem with adding threat indicator via Web Services API

Remember to always use the publish action when using the API.

How am I Seeing Application-Specific Logs Without HTTPS Inspection?

There are pros and cons to doing this without HTTPS Inspection. This will get easier in R80.30 with SNI support.

R80.20 Validation Error: IP Protocol value must be in the range 1-255

It's an easy fix, but the error message is misleading.

R7x / R8x Installation Differences

Some observations 

Is http/https proxy needed to replace old proxy with Check Point gateway?

Depends on the environment you're in.

IPS Exception Not Working

There are a few places you set exceptions in R80.x.

How to determine top talker host IP

Useful for older gateways.

R80.10 and Java Compatibility for Firefox and Chrome

Some discussion around this new feature coming soon.

What is DLE?

I had to look this one up myself...

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 2 585
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates in Madrid, Portugal, Bunnik, and Tulsa

@Valeri_Loukine had a pretty full dance card this week, doing events in Madrid, Portugal, and Bunnik:

No alt text provided for this image

bunnik.jpg

Me? I went to Tulsa:

6aefac45-6c0c-475f-a77d-c1c564fe2626.JPG

And CheckMates was on the menu at Stoney River Steakhouse in Nashville courtesy of @Adam_Forester!

IMG_2611 copy.jpg

Community Highlights

Here are the threads to watch from the last week:

New Software Releases

Rate & Review SandBlast Mobile Protect

Aside from sharing your feedback on CheckMates, of course, please let us know how you like SandBlast Mobile Protect on the various app stores.

Ansible Demo with R80.20 Gateways and Management

An updated version of an older demo, but now with current versions.

Max Concurrent Sessions Per Connection Exceeded Quota

Certain protocol inspections have a quota associated with them.

TechBytes: Remote Access

A how-to on setting up remote access.

Keeping Policy Templates with no Policy Install Targets

You might not want to keep a layer with a policy installation target of All. If you specify "Specific" then you have to put something there. Here's how to make it empty.

Automation for Newbies: Ansible and Terraform

A new demo involving Ansible and Terraform.

Can the 3200 Appliance Be Managed Locally?

Can it? Yes. Should it? Different question.

Activate PFS in a Community via API

No official API for it, but it can be done.

Show Changes in a Single Session

It can be done via API, yes. In R80.30, a SmartConsole Extension will be available that will generate a Policy Change Report.

API - Adding Network Objects with the same IP as Others Already Created

Not by default, but it can be done.

Move IPS Profile Rules to Threat Prevention Layer

One of those tasks you'll have to perform after you upgrade your gateways to R80.x.

Access Serial Console of Another Device thru Check Point Appliance USB port

This is a neat trick!

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
3 2 1,178
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

What Happened This Week? A Lot.

@Valeri_Loukine did a CheckMates Live event in Ireland and I did two in Denmark with @Oren_Koren and Avishai Duer:

image.pngimage.png

 

The major thing that happened this past week was the migration to the new community platform, something that was at least a year in the making:

image.png

 

As with any migration of this nature, a few challenges were encountered. Not all the data could be migrated automatically, like the videos, which will be migrated by hand. The features aren't exactly the same as the old platform. Some things in the site design need tweaking. Nerd knobs need turning. There's definitely more work to do in order to make this new place feel like home.

We will rapidly iterate to address the various issues you've told us about and we've encountered ourselves. As we're big on transparency, we'll do our best to keep you all informed as improvements are made. Keep your feedback coming, positive or negative!

Info about the new platform we've shared so far:

Community Highlights

Despite the challenges caused by the migration, there was no shortage of conversations in the community this week:

Ultimate Collection of Check Point Links

This is a post @Valeri_Loukine put together a few months back that I just spent a lot of time with to update all the links and to ensure the videos were uploaded. Lots of great stuff here if you're just starting out with Check Point!

Multiple clish Commands from R80 Script Repository Possible?

There are ways, yes.

API with MDS Environment

When working with the API, remember to publish when you make changes, MDS or otherwise.

Is It Possible to Get an Overview of All Traffic to a Specific Country?

In R80.20, yes.

R80.20 Fresh Install to Sandbox TE100X Appliance has Kernel 2.6, Is It Normal?

For the moment, yes.

Establishing Trust Based on Signed Certificates Between Cisco ISE and Identity Collector

A how-to document.

Security Management: Videos and Hands-On Lab Booklet from CPX

If you didn't go to CPX 360 this year, here's one of the things you missed!

R80.20 Management in VMware

What basic settings you need.

Where Used between HTTPS Inspection and SmartConsole

If you use HTTPS Inspection on R80.x, watch out for this one!

Monitoring of Connection Tables

Doing it remotely via SNMP or similar.

Adding a Third 5800 to a Current 5800 Firewall Cluster

Some things to keep in mind here.

Linux for Check Point

While not strictly required, it's helpful to know some.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 0 314
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates Takes Bratislava

Valeri Loukine‌ and I did our largest CheckMates event ever in Bratislava where we had 100 people!

 

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

https://community.checkpoint.com/community/about-checkmates/blog/2019/03/07/the-new-checkmates-is-al...

It should come on the 12th if all goes to plan.

 

R80.20 Use Cases TechTalk 

We had another TechTalk on R80.20 and had a LOT of Q&A.

 

Your opinion matters! 

We're asking you how you use mobile messaging apps, which will help us provide better products and services to you.

 

AWS Management Server and separate Logging Server 

There's an issue with the default Security Groups that requires manual adjustment.

 

Cluster XL - Interface Preference 

Can you ignore a specific interface in ClusterXL (meaning not cause a failover if it dies)?

 

Migrating the Functionality of a dedicated Proxy Server to Check Point 

TL;DR: We're not a proxy server.

 

Script to check health on SMB 

A new community development Smiley Happy

 

Identity Detection - Best option? 

Discusses the various options, and there's no one size fits all solution even in a single environment Smiley Happy

 

HTTPS drop in R80.10 

 

The workaround the community came up with is now documented in SK, even.

 

 

A feature many of you have been waiting for is now available.

 

Upcoming Events

We are now maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 338