cancel
Showing results for 
Search instead for 
Did you mean: 
Start an article

The CheckMates Blog - Page 2

Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

A Relatively Quiet Week

For me, at least, most of this week was focused on tuning up the new community after the migration. Some minor visual improvements were made this week in response to feedback, including adding some useful message views to the More menu.  The new platform and the number of hands involved means it takes a little longer to roll out enhancements. More is coming soon, so bear with us.

One thing we did add this past week was a dedicated space for the VSX product. Some might say it's long overdue, and you're right. We've had a lot of VSX-specific threads over the last couple years, and now we have a specific space to put them in!

Community Highlights

Here are the threads to watch from the last week:

Member Exclusive TechBytes

Some of our Sales Engineers are doing education sessions, which we are now making available in our Member Exclusive area!

R80.x Architecture and Performance Tuning Link Collection

A link to several useful articles from @HeikoAnkenbrand !

Blocking Pornography without HTTPS Inspection

There are pros and cons to doing this without HTTPS Inspection. This will get easier in R80.30 with SNI support.

Migrate to 10G Interfaces

Coming from 1GB interfaces, there are a couple things to do.

Keeping Policy Templates with no Policy Install Targets

You might not want to keep a layer with a policy installation target of All. If you specify "Specific" then you have to put something there. Here's how to make it empty.

Check Point Automation: Many Questions

With some answers, of course.

R77.20.86 for SMB Appliances

The biggest thing this enables is the WatchTower app from your mobile device. 

Check Point Rulebase: Is there any kind of implicit or explicit rule above stealth rule except manag...

There are a few, yes.

R80.20 Management and VPN Domain with EDGE N Appliances

If you're still managing EDGE N appliances with R80.20, watch out for this one!

New! R80.30 feature: Management Data Plane Separation (For Gateways with 8+ cores)

Some discussion around this new feature coming soon.

Service type "Service with Resource" via the Management API

These are legacy service types, and thus their API support is...limited.

Management R80.20 Instability

Are you having issues? We want to hear about it!

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 92
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

What Happened This Week? A Lot.

@Valeri_Loukine did a CheckMates Live event in Ireland and I did two in Denmark with @Oren_Koren and Avishai Duer:

image.pngimage.png

 

The major thing that happened this past week was the migration to the new community platform, something that was at least a year in the making:

image.png

 

As with any migration of this nature, a few challenges were encountered. Not all the data could be migrated automatically, like the videos, which will be migrated by hand. The features aren't exactly the same as the old platform. Some things in the site design need tweaking. Nerd knobs need turning. There's definitely more work to do in order to make this new place feel like home.

We will rapidly iterate to address the various issues you've told us about and we've encountered ourselves. As we're big on transparency, we'll do our best to keep you all informed as improvements are made. Keep your feedback coming, positive or negative!

Info about the new platform we've shared so far:

Community Highlights

Despite the challenges caused by the migration, there was no shortage of conversations in the community this week:

Ultimate Collection of Check Point Links

This is a post @Valeri_Loukine put together a few months back that I just spent a lot of time with to update all the links and to ensure the videos were uploaded. Lots of great stuff here if you're just starting out with Check Point!

Multiple clish Commands from R80 Script Repository Possible?

There are ways, yes.

API with MDS Environment

When working with the API, remember to publish when you make changes, MDS or otherwise.

Is It Possible to Get an Overview of All Traffic to a Specific Country?

In R80.20, yes.

R80.20 Fresh Install to Sandbox TE100X Appliance has Kernel 2.6, Is It Normal?

For the moment, yes.

Establishing Trust Based on Signed Certificates Between Cisco ISE and Identity Collector

A how-to document.

Security Management: Videos and Hands-On Lab Booklet from CPX

If you didn't go to CPX 360 this year, here's one of the things you missed!

R80.20 Management in VMware

What basic settings you need.

Where Used between HTTPS Inspection and SmartConsole

If you use HTTPS Inspection on R80.x, watch out for this one!

Monitoring of Connection Tables

Doing it remotely via SNMP or similar.

Adding a Third 5800 to a Current 5800 Firewall Cluster

Some things to keep in mind here.

Linux for Check Point

While not strictly required, it's helpful to know some.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 0 89
Admin
Admin

On behalf of the entire CheckMates team, I'd like to welcome you onboard our next generation cyber security community! Here on the community, we only want the best for our CheckMaters. We aspire to continuously keep you in the know about the latest cyber security trends, knowledge, and best practices so you can make your part of the world a safer place.

So what's new? Here are the highlights:

  • Navigate through new menus and explore the modern look and feel
  • Filter through various Check Point products and learn about their unique features and tools
  • Customize and manage your view through Recent, Popular and Featured posts
  • Be part of the new points and badges system; reward your peers and be rewarded
  • Enjoy the enhanced private messaging tool to build connections with your peers near and far*
  • And as a mobile responsive platform, you can now login to CheckMates from any corner of the world

As always, don’t hesitate to get in touch with the CheckMates team to share your feedback with us.

* Only available to users with rank Iron or above.

Read more
27 6 3,348
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates Takes Bratislava

Valeri Loukine‌ and I did our largest CheckMates event ever in Bratislava where we had 100 people!

 

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

https://community.checkpoint.com/community/about-checkmates/blog/2019/03/07/the-new-checkmates-is-al...

It should come on the 12th if all goes to plan.

 

R80.20 Use Cases TechTalk 

We had another TechTalk on R80.20 and had a LOT of Q&A.

 

Your opinion matters! 

We're asking you how you use mobile messaging apps, which will help us provide better products and services to you.

 

AWS Management Server and separate Logging Server 

There's an issue with the default Security Groups that requires manual adjustment.

 

Cluster XL - Interface Preference 

Can you ignore a specific interface in ClusterXL (meaning not cause a failover if it dies)?

 

Migrating the Functionality of a dedicated Proxy Server to Check Point 

TL;DR: We're not a proxy server.

 

Script to check health on SMB 

A new community development Smiley Happy

 

Identity Detection - Best option? 

Discusses the various options, and there's no one size fits all solution even in a single environment Smiley Happy

 

HTTPS drop in R80.10 

 

The workaround the community came up with is now documented in SK, even.

 

 

A feature many of you have been waiting for is now available.

 

Upcoming Events

We are now maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 108
Admin
Admin

We expect to launch our new CheckMates platform on the 12th of March 2019!

This requires us to set the existing community to READ ONLY so the content and users can be migrated to the new platform.

This is expected to happen no later than 01:00 CET on the 12th of March, or 5pm Pacific Daylight Time on the 11th.

The migration process is expected to take no more than 24 hours.

Assuming all goes well, you will see the new community live with the URL https://community.checkpoint.com.

When the new community launches, you will notice a few changes and see the following benefits:

  • Overhauled Site Design
    • The existing platform has a number of limitations that made it difficult to highlight or find the most relevant and recent content. Lithium is far more flexible in this regard, and you will see a new front page that should be significantly easier to navigate and find what you’re looking for. 
  • Private messaging
    • In the current platform, in order to send a private message to someone (say, an employee), the person you wish to contact has to be following you. In Lithium, this will be enabled for most established users by default.
  • Custom Usernames
    • Due to the integration with UserCenter, usernames in the current platform have to be a UUID string. Which, quite frankly, isn’t very user friendly. In Lithium, this will not be required and everyone will get to choose their own username! For existing users, a default will be assigned on migration, but you will be able to change it. And yes, PhoneBoy will be PhoneBoy (finally!).
  • More Benefits for Active Users
    • In addition to the changes in ranks and badges previously discussed, we will be able to grant specific permissions and benefits to people based on achievements in the community. The exact benefits we will provide at what levels will be determined at a later date.
  • Better Service to the Community
    • Lithium provides improvements to many things most of you won’t see. Rest assured, these improvements will allow us to provide better service to you, our user community!

Read more
3 2 244
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Community Highlights

Here are the conversations worth watching in the community:

 

New Software Releases/EAs:

 

#CPX360 Slides 2019 

We turned around the slides and videos for CPX 360 in record time! The partner-specific content is now also available to partners.

 

Check Point for Beginners - Typical Config Mistakes 

We've had a couple threads on this. See also: Top human fails to avoid 

 

SmartConsole potential CPM issues 

In this case, the issue was resolved by generating a new SIC certificate (not to be confused with resetting the SIC ICA).

 

Which method would you recommend to upgrade from R80 to R80.20? 

migrate export/import is probably the better approach.

 

Are any of the MDS limitations in MDS R80.20 are addressed in R80.30EA? 

TL;DR: no, but we are working on it. 

 

R80.30 cheat sheet - ClusterXL 

Another good one from Heiko Ankenbrand‌!

 

Use Sandblast API on Security Gateway 

You can't do it on a regular Security Gateway. 

 

 

If you're struggling with this, this thread should help.

 

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
2 0 165
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

CheckMates Does CPX360, Vienna Style!

Our CPX 360 show in Vienna was our largest to date with over 4000 customers, partners, and employees in attendance!

 

 

Here I am with James Alliband‌ and Bien Nguyen‌ right before the keynotes:

 

 

Unlike in the Vegas and Bangkok events, CheckMates did not have a booth on the expo floor this time around.

Instead, we had a lounge outside of our breakout track, which proved to be quite popular!

(Great idea, Amit Sharon‌!)

 

 

 

The CheckMates track itself was quite popular as well, particularly Danny Jung‌'s session:

 

 

There was quite a lot to see at this years CPX 360 events!

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

New Software Releases

 

How to apply QoS on a User for restricting Bandwidth? 

Came up here: Limit bandwidth. R77.30  

 

Allowing custom site with external hosted images 

Tricky when taking a whitelist approach and the content is hosted on a CDN.

 

SmartConsole | New 'Group Membership' Feature 

A few of you asked for this feature. It's been added in R80.20.M2.

 

Expert command of Security Management Server to show Initialization Status 

Remember this one.

 

Issues with IE and SandBlast Extension; GPO deployment may be helpful? 

These issues are fixed in E80.92.

 

Can the default be changed for the logging time period results? 

In SmartView, yes.

 

Managing a gateway over VPN 

You don't want to do this.

 

Enable DPD on R80.20 

Some confusion about how this works.

 

R77.20.85 performance issue on centrally managed SMB 

Some additional issues we're tracking in this thread.

 

Is CP planning to support Load-Sharing in future releases? 

It was not added to R80.20. We plan to have it later in 2019.

 

How do I change the https certificate for Sandblast API? 

It uses the SIC certificate, which means...you can't change it.

 

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
5 2 251
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed)

Vienna Calling!

You can bet the CheckMates team will be at CPX 360 in Vienna!

Meanwhile, Kishin Fatnani‌ took a great photo of a bunch of us in Vegas!

Posted: https://community.checkpoint.com/community/infinity-general/blog/2019/02/14/cpx360 

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

Smart Console: Packet Mode - Possible Bug? 

Yes, theres a bug there, but thanks to the community, we'll see an improvement!

 

New in Developers (Code Hub)

 

Lower number of CoreXL instances in ClusterXL HA

The number of CoreXL on all cluster members must match or clustering won't work.

 

Application Control Bug!? 

Not really a bug, but a misunderstanding of how the policy works on SMB appliances.

 

ConnectControl / Logical Servers within same subnet 

Have to admit, this one stumped me, even!

 

Limited Permission Profile 

While it's not possible to limit who can read a specific policy, you can restrict what logs they can see (in R80.x at least).

 

How to check debug command ? 

Given there are a number of different ways to debug, there is no simple answer to this question.

 

R77.20.85 performance issue on centrally managed SMB 

The fixed version of firmware was released on 11 February. See: R77.20.85 for Small and Medium Business Appliances 

 

Log all the rules on R80.x 

Including the implied rules.

 

 

Rename the files. We are planning a fix for this.

 

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 0 154
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed😞

CheckMates at CPX 360 Las Vegas

Between running the CheckMates sessions and other tasks, I didn't get as many photos of the team.

That said, a lot of us was there.

Personally, I was very blinged up during the event:

 

 

For those wondering, yes, we will have those pins in Vienna!

And we'll have these shirts (modeled by Toni Ponder‌):

 

 

In addition to the festivities of CPX, there was a gathering for those of us who had been at Check Point 10 or more years.

Personally, I just past the 20 year mark between my time at Nokia and Check Point.

Plaques were given, and I managed to get a picture with our CEO Gil Shwed:

 

 

And my partner in crime Moti Sagey‌ gave me a brief shoutout during his session:

 

Community Highlights

Here are the conversations worth watching in the community:

 

https://community.checkpoint.com/community/infinity-general/blog/2019/02/07/r8030-public-ea-program-... 

Are you participating in this yet?

 

https://community.checkpoint.com/community/infinity-general/blog/2019/02/05/r8020-new-jumbo-hotfix-t... 

Meanwhile, the latest GA jumbo hotfix is available.

 

Will (Smart)Workflow come back? 

We still plan to bring the features of SmartWorkflow back.

 

Gateway logs on Smartlog after SMS outages 

Here's a way to get the logs flowing again.

 

What is the procedure to Migrate firewall from one management server to another? 

Another oldie but goodie.

 

PAT/NAT to routed subnet? 

One use case for Address Translation.

 

Domain Object issue on R77.30 

These objects work a lot better on R80.20.

 

How to block some https sites? 

If you want to block (or allow) access to a specific site via HTTPS, this thread might be helpful. 

 

Upcoming Events

Due to the upcoming change to Lithium, we have migrated our upcoming event calendar to Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
6 0 128
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed😞

CheckMates Migration to Lithium Platform

In case you are not aware, we are planning to migrate the platform we are using for CheckMates from Jive to Lithium.

I have written several posts on this recently:

We are nearing the time when the migration will take place, which we expect to happen during February.

Once the schedule is finalized, we will be sure to communicate it.

Community Highlights

Here are the conversations worth watching in the community:

R80.30 Early Availability Program is started! 

The update is that R80.30 Public EA is here! We plan to release this quarter. That said, more private EAs will help us release it faster!

Can't connect to management server via SmartDashboard 

This problem keeps coming up, particularly in fresh-installed R77.30 and earlier systems, for example in this thread: Problem with cluster access 75.40 VS . The above thread explains how to resolve the issue.

Adding members to a group (via CLI) 

An older thread where a more clever answer was posted.

Class names available for use with the "show-generic-objects" API command 

One way to find this information out.

smartlog too many logs:Non Compliant DNS 

A few different suggestions for addressing this issue.

Jumbo Jail - Stuck between installing newer jumbo and uninstalling older one 

Nice workaround for what is a bug.

https://community.checkpoint.com/community/management/visibility-monitoring/blog/2019/01/28/smart-vi... 

What's Infinity, you ask? Now you can see it!

 

Manual NAT rules for the gateway IP on an SMB appliance don't have an effect, but there's another way...

Upcoming Events

Due to the upcoming change to Lithium, we have migrated our upcoming event calendar to Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
14 0 130