cancel
Showing results for 
Search instead for 
Did you mean: 
Start an article

The CheckMates Blog

Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!
Past and future posts will be available here: The CheckMates Blog
To have these updates show up in your preferred RSS reader add the following URL: The CheckMates Blog RSS Feed
See also our social media accounts and our podcast (RSS Feed):

What Happened This Week? A Lot.

@Valeri_Loukine did a CheckMates Live event in Ireland and I did two in Denmark with @Oren_Koren and Avishai Duer:

image.pngimage.png

 

The major thing that happened this past week was the migration to the new community platform, something that was at least a year in the making:

image.png

 

As with any migration of this nature, a few challenges were encountered. Not all the data could be migrated automatically, like the videos, which will be migrated by hand. The features aren't exactly the same as the old platform. Some things in the site design need tweaking. Nerd knobs need turning. There's definitely more work to do in order to make this new place feel like home.

We will rapidly iterate to address the various issues you've told us about and we've encountered ourselves. As we're big on transparency, we'll do our best to keep you all informed as improvements are made. Keep your feedback coming, positive or negative!

Info about the new platform we've shared so far:

Community Highlights

Despite the challenges caused by the migration, there was no shortage of conversations in the community this week:

Ultimate Collection of Check Point Links

This is a post @Valeri_Loukine put together a few months back that I just spent a lot of time with to update all the links and to ensure the videos were uploaded. Lots of great stuff here if you're just starting out with Check Point!

Multiple clish Commands from R80 Script Repository Possible?

There are ways, yes.

API with MDS Environment

When working with the API, remember to publish when you make changes, MDS or otherwise.

Is It Possible to Get an Overview of All Traffic to a Specific Country?

In R80.20, yes.

R80.20 Fresh Install to Sandbox TE100X Appliance has Kernel 2.6, Is It Normal?

For the moment, yes.

Establishing Trust Based on Signed Certificates Between Cisco ISE and Identity Collector

A how-to document.

Security Management: Videos and Hands-On Lab Booklet from CPX

If you didn't go to CPX 360 this year, here's one of the things you missed!

R80.20 Management in VMware

What basic settings you need.

Where Used between HTTPS Inspection and SmartConsole

If you use HTTPS Inspection on R80.x, watch out for this one!

Monitoring of Connection Tables

Doing it remotely via SNMP or similar.

Adding a Third 5800 to a Current 5800 Firewall Cluster

Some things to keep in mind here.

Linux for Check Point

While not strictly required, it's helpful to know some.

Upcoming Events

We are now maintaining our event calendar in Google Calendar.
You can browse our calendar of events here: CheckMates Calendar 
Upcoming events include:

If you would like a CheckMates Live event in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 0 47
Admin
Admin

On behalf of the entire CheckMates team, I'd like to welcome you onboard our next generation cyber security community! Here on the community, we only want the best for our CheckMaters. We aspire to continuously keep you in the know about the latest cyber security trends, knowledge, and best practices so you can make your part of the world a safer place.

So what's new? Here are the highlights:

  • Navigate through new menus and explore the modern look and feel
  • Filter through various Check Point products and learn about their unique features and tools
  • Customize and manage your view through Recent, Popular and Featured posts
  • Be part of the new points and badges system; reward your peers and be rewarded
  • Enjoy the enhanced private messaging tool to build connections with your peers near and far*
  • And as a mobile responsive platform, you can now login to CheckMates from any corner of the world

As always, don’t hesitate to get in touch with the CheckMates team to share your feedback with us.

* Only available to users with rank Iron or above.

Read more
22 5 1,647
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed

See also our social media accounts and our podcast (RSS Feed):

CheckMates Takes Bratislava

Valeri Loukine‌ and I did our largest CheckMates event ever in Bratislava where we had 100 people!

 

 

 

Community Highlights

Here are the conversations worth watching in the community:

 

https://community.checkpoint.com/community/about-checkmates/blog/2019/03/07/the-new-checkmates-is-al...

It should come on the 12th if all goes to plan.

 

R80.20 Use Cases TechTalk 

We had another TechTalk on R80.20 and had a LOT of Q&A.

 

Your opinion matters! 

We're asking you how you use mobile messaging apps, which will help us provide better products and services to you.

 

AWS Management Server and separate Logging Server 

There's an issue with the default Security Groups that requires manual adjustment.

 

Cluster XL - Interface Preference 

Can you ignore a specific interface in ClusterXL (meaning not cause a failover if it dies)?

 

Migrating the Functionality of a dedicated Proxy Server to Check Point 

TL;DR: We're not a proxy server.

 

Script to check health on SMB 

A new community development Smiley Happy

 

Identity Detection - Best option? 

Discusses the various options, and there's no one size fits all solution even in a single environment Smiley Happy

 

HTTPS drop in R80.10 

 

The workaround the community came up with is now documented in SK, even.

 

 

A feature many of you have been waiting for is now available.

 

Upcoming Events

We are now maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
0 0 63
Admin
Admin

We expect to launch our new CheckMates platform on the 12th of March 2019!

This requires us to set the existing community to READ ONLY so the content and users can be migrated to the new platform.

This is expected to happen no later than 01:00 CET on the 12th of March, or 5pm Pacific Daylight Time on the 11th.

The migration process is expected to take no more than 24 hours.

Assuming all goes well, you will see the new community live with the URL https://community.checkpoint.com.

When the new community launches, you will notice a few changes and see the following benefits:

  • Overhauled Site Design
    • The existing platform has a number of limitations that made it difficult to highlight or find the most relevant and recent content. Lithium is far more flexible in this regard, and you will see a new front page that should be significantly easier to navigate and find what you’re looking for. 
  • Private messaging
    • In the current platform, in order to send a private message to someone (say, an employee), the person you wish to contact has to be following you. In Lithium, this will be enabled for most established users by default.
  • Custom Usernames
    • Due to the integration with UserCenter, usernames in the current platform have to be a UUID string. Which, quite frankly, isn’t very user friendly. In Lithium, this will not be required and everyone will get to choose their own username! For existing users, a default will be assigned on migration, but you will be able to change it. And yes, PhoneBoy will be PhoneBoy (finally!).
  • More Benefits for Active Users
    • In addition to the changes in ranks and badges previously discussed, we will be able to grant specific permissions and benefits to people based on achievements in the community. The exact benefits we will provide at what levels will be determined at a later date.
  • Better Service to the Community
    • Lithium provides improvements to many things most of you won’t see. Rest assured, these improvements will allow us to provide better service to you, our user community!

Read more
3 2 185
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Community Highlights

Here are the conversations worth watching in the community:

New Software Releases/EAs:

#CPX360 Slides 2019 

We turned around the slides and videos for CPX 360 in record time! The partner-specific content is now also available to partners.

Check Point for Beginners - Typical Config Mistakes 

We've had a couple threads on this. See also: Top human fails to avoid 

SmartConsole potential CPM issues 

In this case, the issue was resolved by generating a new SIC certificate (not to be confused with resetting the SIC ICA).

Which method would you recommend to upgrade from R80 to R80.20? 

migrate export/import is probably the better approach.

Are any of the MDS limitations in MDS R80.20 are addressed in R80.30EA? 

TL;DR: no, but we are working on it. 

R80.30 cheat sheet - ClusterXL 

Another good one from Heiko Ankenbrand‌!

Use Sandblast API on Security Gateway 

You can't do it on a regular Security Gateway. 

 

If you're struggling with this, this thread should help.

 

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
2 0 110
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates Does CPX360, Vienna Style!

Our CPX 360 show in Vienna was our largest to date with over 4000 customers, partners, and employees in attendance!

Here I am with James Alliband‌ and Bien Nguyen‌ right before the keynotes:

Unlike in the Vegas and Bangkok events, CheckMates did not have a booth on the expo floor this time around.

Instead, we had a lounge outside of our breakout track, which proved to be quite popular!

(Great idea, Amit Sharon‌!)

The CheckMates track itself was quite popular as well, particularly Danny Jung‌'s session:

There was quite a lot to see at this years CPX 360 events!

Community Highlights

Here are the conversations worth watching in the community:

New Software Releases

How to apply QoS on a User for restricting Bandwidth? 

Came up here: Limit bandwidth. R77.30  

Allowing custom site with external hosted images 

Tricky when taking a whitelist approach and the content is hosted on a CDN.

SmartConsole | New 'Group Membership' Feature 

A few of you asked for this feature. It's been added in R80.20.M2.

Expert command of Security Management Server to show Initialization Status 

Remember this one.

Issues with IE and SandBlast Extension; GPO deployment may be helpful? 

These issues are fixed in E80.92.

Can the default be changed for the logging time period results? 

In SmartView, yes.

Managing a gateway over VPN 

You don't want to do this.

Enable DPD on R80.20 

Some confusion about how this works.

R77.20.85 performance issue on centrally managed SMB 

Some additional issues we're tracking in this thread.

Is CP planning to support Load-Sharing in future releases? 

It was not added to R80.20. We plan to have it later in 2019.

How do I change the https certificate for Sandblast API? 

It uses the SIC certificate, which means...you can't change it.

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
5 2 133
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Vienna Calling!

You can bet the CheckMates team will be at CPX 360 in Vienna!

Meanwhile, Kishin Fatnani‌ took a great photo of a bunch of us in Vegas!

Posted: https://community.checkpoint.com/community/infinity-general/blog/2019/02/14/cpx360 

Community Highlights

Here are the conversations worth watching in the community:

Smart Console: Packet Mode - Possible Bug? 

Yes, theres a bug there, but thanks to the community, we'll see an improvement!

New in Developers (Code Hub)

Lower number of CoreXL instances in ClusterXL HA

The number of CoreXL on all cluster members must match or clustering won't work.

Application Control Bug!? 

Not really a bug, but a misunderstanding of how the policy works on SMB appliances.

ConnectControl / Logical Servers within same subnet 

Have to admit, this one stumped me, even!

Limited Permission Profile 

While it's not possible to limit who can read a specific policy, you can restrict what logs they can see (in R80.x at least).

How to check debug command ? 

Given there are a number of different ways to debug, there is no simple answer to this question.

R77.20.85 performance issue on centrally managed SMB 

The fixed version of firmware was released on 11 February. See: R77.20.85 for Small and Medium Business Appliances 

Log all the rules on R80.x 

Including the implied rules.

 

Rename the files. We are planning a fix for this.

Upcoming Events

Due to the upcoming change to Lithium, we are maintaining our event calendar in Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
1 0 115
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates at CPX 360 Las Vegas

Between running the CheckMates sessions and other tasks, I didn't get as many photos of the team.

That said, a lot of us was there.

Personally, I was very blinged up during the event:

 

 

For those wondering, yes, we will have those pins in Vienna!

And we'll have these shirts (modeled by Toni Ponder‌):

 

 

In addition to the festivities of CPX, there was a gathering for those of us who had been at Check Point 10 or more years.

Personally, I just past the 20 year mark between my time at Nokia and Check Point.

Plaques were given, and I managed to get a picture with our CEO Gil Shwed:

 

 

And my partner in crime Moti Sagey‌ gave me a brief shoutout during his session:

 

Community Highlights

Here are the conversations worth watching in the community:

 

https://community.checkpoint.com/community/infinity-general/blog/2019/02/07/r8030-public-ea-program-... 

Are you participating in this yet?

 

https://community.checkpoint.com/community/infinity-general/blog/2019/02/05/r8020-new-jumbo-hotfix-t... 

Meanwhile, the latest GA jumbo hotfix is available.

 

Will (Smart)Workflow come back? 

We still plan to bring the features of SmartWorkflow back.

 

Gateway logs on Smartlog after SMS outages 

Here's a way to get the logs flowing again.

 

What is the procedure to Migrate firewall from one management server to another? 

Another oldie but goodie.

 

PAT/NAT to routed subnet? 

One use case for Address Translation.

 

Domain Object issue on R77.30 

These objects work a lot better on R80.20.

 

How to block some https sites? 

If you want to block (or allow) access to a specific site via HTTPS, this thread might be helpful. 

 

Upcoming Events

Due to the upcoming change to Lithium, we have migrated our upcoming event calendar to Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
6 0 97
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates Migration to Lithium Platform

In case you are not aware, we are planning to migrate the platform we are using for CheckMates from Jive to Lithium.

I have written several posts on this recently:

We are nearing the time when the migration will take place, which we expect to happen during February.

Once the schedule is finalized, we will be sure to communicate it.

Community Highlights

Here are the conversations worth watching in the community:

R80.30 Early Availability Program is started! 

The update is that R80.30 Public EA is here! We plan to release this quarter. That said, more private EAs will help us release it faster!

Can't connect to management server via SmartDashboard 

This problem keeps coming up, particularly in fresh-installed R77.30 and earlier systems, for example in this thread: Problem with cluster access 75.40 VS . The above thread explains how to resolve the issue.

Adding members to a group (via CLI) 

An older thread where a more clever answer was posted.

Class names available for use with the "show-generic-objects" API command 

One way to find this information out.

smartlog too many logs:Non Compliant DNS 

A few different suggestions for addressing this issue.

Jumbo Jail - Stuck between installing newer jumbo and uninstalling older one 

Nice workaround for what is a bug.

https://community.checkpoint.com/community/management/visibility-monitoring/blog/2019/01/28/smart-vi... 

What's Infinity, you ask? Now you can see it!

 

Manual NAT rules for the gateway IP on an SMB appliance don't have an effect, but there's another way...

Upcoming Events

Due to the upcoming change to Lithium, we have migrated our upcoming event calendar to Google Calendar.

You can browse our calendar of events here: CheckMates Calendar 

Upcoming events include:

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
14 0 98
Admin
Admin

This is one of a series of posts I've done about our upcoming migration of the CheckMates community site to Lithium (from Jive).

Past posts on the topic include:

Now that we've done a couple of dry runs of the migration, I feel pretty confidence the majority of the content will  migrate between the platforms successfully.

That said, there are going to be a handful of items and settings that will not.

This post will attempt to detail those items so you know what to expect.

Events

Lithium does not have an "events" module/content type the way Jive does.

Going forward, we are posting our events on a public Google Calendar, which the site will display in the sidebar on the main page.

We will also have a blog for Upcoming Events that will contain the same information as well. 

Polls

Jive allowed users to create polls on numerous topics.

Lithium does not allow this and such posts will either not be migrated or will be migrated with the actual poll removed.

User Bookmarks and Follows

In Jive, you can bookmark and follow users or spaces.

While you can do similar things in Lithium, this information will not be migrated across.

That said, if you bookmarked pages using the native bookmarking feature in your browser, old URLs should still continue to work (but will be redirected to their Lithium equivalents).

Videos

While videos that are hosted externally will be migrated with the rest of the content, videos hosted on CheckMates will initially NOT be migrated.

These videos will be migrated in the coming days/weeks after the launch of the new community site.

Specifically, videos impacted by this include:

  • The R80.x Training Videos
  • TechTalks
  • Some of the How-To Videos

Videos that are hosted externally (e.g. on YouTube) will be available Day 1.

Contents May Shift During Flight

We took this opportunity to restructure the community somewhat.

While the majority of boards will remain unchanged, there is a different structure in place.

We've also added a couple new ones and merged a couple others.

The search function will help you find what you're looking for.

If You Can't Find Something After We Migrate...

There will be a couple options to find it:

  • Archive: Some content, as part of the migration, will be moved to a private archive space. Post-migration, we will review the content and either move it to the correct space or delete it as appropriate.
  • Jive Community in Read-Only: This community you're on right now will be set to Read Only right before the actual migration takes place. We plan to leave this version of the community available for a time on a different URL to handle missing content and migration issues.

We will address these issues on a case-by-case basis. 

Next Steps

We are putting the finishing touches on the site design, which will be a bit different from what we have today.

A select handful of you will be invited by email to have a sneak peek so we can get your feedback.

We are planning to launch the new site during February, with the exact timelines to be finalized in the coming days.

We do plan to post on CheckMates and send out a newsletter shortly before the migration happens with more details about what will happen when and what to expect.

Read more
4 2 168
Admin
Admin

As part of our upcoming migration from a Jive-based community to a Lithium-based one, we are changing up the ranks (because we can/have to) and badges (because we have to). Here are some details about the changes that are being made so you know what to expect post-migration.

Ranks / Levels

In general, ranks/levels are given based on your community activity. In Jive, the rank names were boring names like "Level 10"--defaults that could have been changed at some point, but were not. In Lithium, the default names were even more boring, so we decided to change them to something a little more exciting--names based on precious metals and stones!

The formulas behind the ranks will also change, mostly because Jive and Lithium track different activities different ways. As previously noted, activities in CheckMates to date will be "transferred" and "scored" in Lithium according to the new formulas.

I recently did a check of several individuals with data migrated from Jive to Lithium. The vast majority of users will either be the same or an adjacent rank (one above or one below) as they were in Jive. In a few outlier cases, the rank could be significantly different. For the few outliers we've identified already, we will manually adjust your ranks post-migration. All other cases will be handled by request on a case-by-case basis.

Regardless, all activity going forward will be scored and ranked using the new formuals.

Passive Ranks (for people who don't post on CheckMates):

  • New Member!
  • Onlooker
  • Bystander
  • Beholder
  • Spectator
  • Bookworm

Active Ranks (for people who do post on CheckMates):

  • Ivory (Level 1)
  • Iron
  • Nickel
  • Copper
  • Bronze
  • Silver
  • Gold
  • Platinum
  • Opal
  • Jade
  • Pearl
  • Ruby
  • Sapphire
  • Emerald
  • Diamond (Level 15)

The above ranks will not apply to:

  • Employees, who will have their own ranking ladder (exact naming TBD).
  • Admins and Moderators, who will have a rank based on their specific role.

Badges

Your existing badges in Jive will not transfer over to Lithium.

We have defined some new badges, based on the number of times you:

  • Start a thread
  • Participate in a thread
  • Give or receive "kudos" (similar to likes/helpful in Jive)
  • Image and Video uploads

Based on your previous activities in Jive, you will be granted new badges.

We may define other badges in the future.

Read more
5 4 119
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates at CPX 360 Bangkok

Valeri Loukine‌, Moti Sagey‌, Amit Sharon‌, Lillie Miller‌, and I were at CPX 360 Bangkok!

We gave away some cool shirts, one of which is modeled by Ashwin Ram‌:

For the younger ones: 

Yes, we will have these in Vegas and Vienna!

We will also have a scavenger hunt at these locations as well.

Here is a picture with the winners in Bangkok:

Community Highlights

Here are the conversations worth watching in the community:

CheckMates Community Guidelines 

It's been a while since we needed to highlight the community guidelines. We recently updated them to clarify a few things that came up in recent threads.

When Will SmartConsole Support In-Place Updates? 

Coming soon.

https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-... 

We've released these features and demonstrate them at CPX. Valeri Loukine‌ is even doing a presentation about it!

LightBoard Series - Maestro - Security of hyperscale (technical deep dive) 

One of the things we announced at CPX 360!

Can R80.10 manage R80.20 gateways 

Yes, with the most recent Jumbo Hotfix.

Domain Objects (FQDN) - An Unofficial ATRG 

The updates to Domain Objects in R80.20 are a good reason to upgrade if you're on R80.10 or earlier!

UserCenter OpenSearch engines for browsers 

Very useful thing to have integrated in your browser.

R80.20 update cheat sheet - fw monitor 

fw monitor is useful for troubleshooting packet flows in the security gateway. It saw some changes in R80.20.

R77.20.85 performance issue on centrally managed SMB 

A fix for this issue is undergoing QA now. 

DNS Flag Day and Check Point 

There may be an issue with IPS if you're on R77.30 and not on the latest jumbo hotfix. 

Deleting old/unused policies - R77 and below. Best practices? 

Database backups are your friend.

App Control ignoring a rule 

Troubleshooting issues with Identity Awareness.

Upcoming Events

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
9 0 114
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates Hitting The Road for CPX

It's time to start the CPX 360 2019 gauntlet!

That means the CheckMates team will be heading to Bangkok, Las Vegas, and Vienna!

Join us for the https://community.checkpoint.com/community/about-checkmates/blog/2019/01/01/announcing-checkmates-cl...‌ and https://community.checkpoint.com/community/about-checkmates/blog/2019/01/13/cpx-360-checkmates-club-... for Dr. Dorit Dot and her team! 

FlatMoti can't wait to see you Smiley Happy

Community Highlights

Here are the conversations worth watching in the community:

R80.20 has recommended status now! 

Have you upgraded yet? If you're waiting for the new Linux 3.10 kernel, see: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/r802... 

Simple API Web Interface for DEMO 

People keep asking for a web interface to create rules and the like. Here's an example created by Check Point SE Carlos Diaz‌! 

How to filter traffic log by using CLI ? 

Did you know you can look at gateway logs via the CLI?

R77.20.85 performance issue on centrally managed SMB 

If you're running into this issue, please open a TAC case right away!

R80.20 Identity Awareness API 

Not only does the API have to be enabled, it must be accessible from the correct interface.

Calling a Bash Script in Cron 

Old thread that has been updated with some sound advice.

https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/new-... 

The Gaia REST API is now GA! See: GAIA REST API 

Command "enabled_blades" on embedded Gaia 

It's not provided, but there is a way to get the information.

 

Not really a problem per-se.

Upcoming Events

We are currently in the planning phases for our 2019 events.

If you want one in your area, get in contact with us: checkmates@checkpoint.com 

Read more
13 0 105
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Tel Aviv

Valeri Loukine‌ and I made our quarterly pilgrimage to Tel Aviv to plan for 2019 and get ready for the upcoming CPX conferences.

Val and I did a TechTalk also...in silly hats Smiley Happy

Migrate to R80.20 TechTalk 

Community Highlights

Here are the conversations worth watching in the community:

Endpoint Management as a Service Overview (EA Release) 

It's fair to say we'll see more "Management as a Service" offerings in the near future. 

Postman Collections (links to all available) and the basics 

Postman's a useful tool if you're learning how to use APIs. We have collections for all versions of our Management API.

Cisco or Check Point 

Asking this question on Check Point's community is, predictably, going to get you pro-Check Point answers. Smiley Happy

How to create LegacyUserAtLocation object through the R80.x api? 

While these objects are legacy (and thus don't have a specific API to create them), you can use the "generic object" API to do it.

Can we install R80.10 on 4600 and 2200? 

If you have enough memory, yes you can.

R77.20.85 performance issue on centrally managed SMB 

Some conflicting reports on this. What's your experience?

R80.10: IPsec VPN - allow unencrypted pings between gateways 

While allowing encrypted pings with VPN clients. 

R80.20 Identity Tags and Updatable Objects  

You should be leveraging these in your Access Policies.

pfSense syslog parser 

Allows a Check Point log server to "parse" logs from pfSense.

 

Now with VSX support (and some other nifty features).

Upcoming Events

In addition to updating the tentative TechTalk schedule for 2019:

And, of course, CPX 360 2019!

Read more
6 0 118

If you’re joining us at CPX 360 this year, there’ll be lots of exciting goings-on for you to look forward to including the CheckMates Club!

 

The CheckMates Club is an exclusive event taking place in the Technology Innovation Lab at CPX 360. As a CheckMater, you are given the rare opportunity to meet and ask questions to Check Point VP of Products, Dr. Dorit Dor and her team.

Send us your questions in advance by completing this survey now!

 

Also, do not forget to visit The CheckMates Team at CPX 360 to register for this exclusive event.

Read more
2 2 224
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Community Highlights

Here are the conversations worth watching in the community:

Changes Ahead in the CheckMates Community

I had originally posted this last week as part of https://community.checkpoint.com/community/about-checkmates/blog/2019/01/02/this-week-in-checkmates-... but decided I should break it out into it's own post to draw a little more attention to it.

https://community.checkpoint.com/community/about-checkmates/blog/2019/01/03/community-migration-rank... 

More in my series of posts about https://community.checkpoint.com/community/about-checkmates/blog/2019/01/03/changes-ahead-in-the-che...‌. More are coming.

https://community.checkpoint.com/community/about-checkmates/blog/2019/01/01/announcing-checkmates-cl... 

If you're going to CPX, you definitely want into this exclusive club.

https://community.checkpoint.com/community/about-checkmates/blog/2018/12/31/how-to-videos-competitio... 

Get your videos ready, we're looking for the best "How To" videos and we're giving away prizes Smiley Happy

R80.30 Early Availability Program is started! 

We recently released R80.20 and we're in the early phases of R80.30 testing. This is production EA with R&D assistance.

Early Availability Program for Network Security as a Service 

CloudGuard Network Security as a Service (NSaaS) is Check Point’s new product and architecture for cloud-delivered security.

https://community.checkpoint.com/community/cloudguard-iaas/blog/2019/01/03/announcement-r8020-gatewa... 

The performance has noticeably improved in these releases.

Check Point Endpoint Security Client E80.89 for MAC is now available 

Includes support for SandBlast Agent features on the Mac

Parsing the output of "mgmt_cli" 

This is an oldie but goodie that I used to answer a question along with How often are hits counts updated in API ? to come up with an answer to how to get a list of objects via the API.

Ultimate collection of Check Point links 

Good for those of you getting started with Check Point.

Check Point Diagnostic Console (cdc)  

Been some updates to this tool.

Upcoming Events

And, of course, CPX 360 2019!

Read more
0 0 166
Admin
Admin

As I mentioned previously, we are changing the community platform from Jive to Lithium.

While many changes will naturally occur as a result from the underlying platform changing, we are also taking the opportunity to reexamine many things we've been doing and seeing where we can improve.

Ranks and Points

One area that will change is the concept of "ranking" within the community.

The way Jive handles this is based on points.
Each activity you performed in the community translated to a certain number of points.
Someone could also "gift" you points by giving you an award.
Once you achieved a certain number of points, your "level" increased.

We largely left the settings at their defaults, both the points awarded and the names of the levels themselves.
As such, everyone had boring titles like "Level 2."

In Lithium, ranks are determined through a formula based on various activities you undertake in the community, others giving your content kudos, and a few other criteria.

Ranks can also be role-based, meaning if you have a specific role in Lithium, you will be given a specific rank.
Likewise, you can be granted specific permissions once you've achieved a certain rank.

What does this mean? Your point totals in our Jive community will not migrate to Lithium.

However, many of the activities you performed in Jive will be migrated to Lithium.

This will result in a rank on the new community that might differ from your current "Level."

The rank names will not be called Level X, but will be based on precious stones and metals for active members.

Members who are "passive" (read but do not post) will have a separate ranking tier.

Employees may also have a separate ranking tier--still to be determined.

Admins and moderators, as well as a few others, will have a role-based rank.

Badges

One of the areas you can expect significant changes in the migration is badges.

Jive had a couple of types of badges:

  • Mission Badges (certain activities had to be completed in the community to achieve the badge)
  • Badges given from one person to another that included a gift of "points"

We largely left these settings at their default values in Jive.

However, Lithium has no default badges.

There is also no concept of "user-granted" badges.

Unfortunately, this means you will lose all your badges in the migration.

However, we have defined some shiny new ones and you will gain them based on your previous and future activities.

We do plan to add others as well over time.

Read more
4 12 304
Admin
Admin

Some significant changes are coming in the next several weeks!

When we launched this community site as Exchange Point a few years ago, it was built on the Jive platform. 

Jive has served us well, but for various reasons, we need to migrate to a different platform.

We have chosen to migrate to the Lithium platform, which is utilized by a number of other brands for their community sites!

In many ways, the Lithium platform should be a significant improvement over Jive.

The platform changes will enable us to provide additional functionality, features, and benefits to the community.

That said, it's a fairly substantial change and we are working to ensure the transition is as smooth as possible.

Here's what I can say right now:

  • The new community site will maintain the same URL: https://community.checkpoint.com
  • All content in the current community will be migrated, but will have a different URL.
  • For those of you who keep track of "points" for your community activities, Lithium handles this differently than Jive. For the most part, everyone's current activities in Jive will translate over to Lithium and you will be ranked similarly. More on this in an upcoming post.
  • The look and feel of the site will be significantly different.

More details will be provided in the coming days.

Read more
4 7 323
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

Changes Ahead in the CheckMates Community

This quiet time during the holidays seem like a good time to give a heads up that some significant changes are coming in the next several weeks!

When we launched this community site as Exchange Point a few years ago, it was built on the Jive platform. 

Jive has served us well, but for various reasons, we need to migrate to a different platform.

We have chosen to migrate to the Lithium platform, which is utilized by a number of other brands for their community sites!

In many ways, the Lithium platform should be a significant improvement over Jive.

The platform changes will enable us to provide additional functionality, features, and benefits to the community.

That said, it's a fairly substantial change and we are working to ensure the transition is as smooth as possible.

Here's what I can say right now:

  • The new community site will maintain the same URL: https://community.checkpoint.com
  • All content in the current community will be migrated, but will have a different URL.
  • For those of you who keep track of "points" for your community activities, Lithium handles this differently than Jive. For the most part, everyone's current activities in Jive will translate over to Lithium and you will be ranked similarly. More on this in an upcoming post.
  • The look and feel of the site will be significantly different. 

More details will be provided as we get closer to the launch of the new community site.

Community Highlights

Here are the conversations worth watching in the community:

Update SmartConsole to new HFA without uninstall 

Your best bet is to use the Portable SmartConsole. See also: R80.20 - Portable SmartConsole + Tips and Tricks

Seeing full 3-way handshake for connection that should be blocked 

Relevant for R80.x gateways and FTP.

SQUID proxy ICAP and SandBlast (TEX) 

Did you know you can use a SandBlast appliance as an ICAP Server with a Squid proxy? Yes, you can!

A simple and reliable way to make sure your management is up 

Prior to R80, you could just see if fwm was started. Now, it's a little more complicated and we provide a script that checks for you.

https://community.checkpoint.com/community/about-checkmates/blog/2018/12/27/announcing-the-partner-s... 

We launched a partner-specific space accessible only to Check Point Partners.

https://community.checkpoint.com/community/cloudguard-iaas/blog/2018/12/28/announcement-r8020-manage... 

A nice Christmas present from R&D Smiley Happy

R80.20 install on Power-1 5070 

While not supported, one of our members is determined to make this work. 

White Paper - Protecting IoT (Internet of Things) implementations with R80.10 and later Unified Poli... 

One way to solve the IoT security challenge.

Upcoming Events

And, of course, CPX 360 2019!

Read more
6 0 240

If you’re joining us at CPX 360 this year, there’ll be lots of exciting goings-on for you to look forward to including the CheckMates Club!

The CheckMates Club will be an exclusive event taking place in the Technology Innovation Lab at CPX 360. As a CheckMater, you’ll be given the rare opportunity to meet and ask questions to Check Point VP of Products, Dr. Dorit Dor and her team.

Visit The CheckMates Team at CPX 360 to register for this exclusive event.

Read more
8 2 270

Prepare yourself for a new CheckMates challenge: "How To" Videos Competition on CheckMates

 

As part of our mission to share and discuss the best practices and expert tips on CheckMates, we are announcing "How To" Videos Competition. We are calling on all CheckMaters: customers, partners and Check Point employees, to create up to 10 minute long video explaining any technical aspect of Check Point Security systems.

 

What:

Chose a topic you want to share: best practices, configuration details or architectural solution for a specific product, software blade, or a feature.

How:

Make your video story or explanation with a white board or a live demo. Tape and edit your video to make it no longer than 15 minutes. Be creative.

Who:

Any CheckMates are welcome to participate.

Why:

To share your expertise, to help each other out, to have some fun and of course

to win prizes and awards!

When and where:

In February 2019, we will make an additional announcement regarding the criteria, hosting details, and awards.

 

Stay tuned and start recording your video!

Read more
5 2 221
Admin
Admin

We now have a new Partners‌ space where only registered partners and Check Point Employees have access.

This is to enable discussion of Partner-specific tools and initiatives outside of the public view of the rest of the community.

Those of you whom are associated with partners should already have access to this space with no action required on your part.

If you don't have access to this space and feel you are entitled to do so, please contact me privately.

After I validate you are a partner in UserCenter, access can be granted.

Read more
1 1 167
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

 

Christmas with the CheckMates Team

Happy Holidays from the CheckMates team!

Niran Turgeman‌ got us into the spirit by "elfing" us.

(view in My Videos)

 

Community Highlights

Here are the conversations worth watching in the community:

 

R80.20.M2 Now Available 

Just in time for Christmas!

 

R80.20 security checkup report does not export 

There's a fix for this issue.

 

Domain-Based VPN with Dynamic Routing 

Can you disable the VPN routes? Yes you can.

 

Mapping Rule numbers from R80.20 to fwaccel stat output 

You can look at the compiled rulebase, but it might be in the backward compatibility directories.

 

How to see what firewall rules match some traffic 

This is when you're not sure what rule will match traffic.

 

SecureXL Connections Table 

Did you know SecureXL maintains its own connections table? Now you do.

 

Does R80.10 Identity Collector work with Cisco ISE 2.4 

Wasn't QAed, but it should work.

 

Reports on 730 Appliances  

Reports related to applications only work if the Application Control blade is enabled.

 

Update 15400 r77.30 to r80.20 

Have you done this? What's your experience?

 

Site-to-site vpn Tunnel to a non Checkpoint Gateway 

Debugging tips

 

BEYOND - Customer Success Hub 

We're still working through some issues with the new support hub.

 

Upcoming Events

And, of course, CPX 360 2019!

 

 

 

Read more
3 0 237

Hi CheckMates!

If you haven’t yet registered for CPX 360, the top cybersecurity event of the year ever to exist, NOW is your chance!

Join us this year to meet, learn and laugh with your fellow CheckMaters, Check Point experts and top cybersecurity professionals. From CyberTalks, Breakout Sessions, Awards and the CheckMates Scavenger Hunt, you wouldn’t want to miss out!

Register for CPX 360 before Friday, January 4th, and you’ll be given exclusive access to the CPX CheckMates Lounge where you can meet top Check Point R&D specialists and you’ll be entered into a raffle to WIN an Apple Watch 4!

Register below before Friday, January 4th:

To redeem your rewards, email The CheckMates Team with your registration confirmation.

Don't miss out, see you there!

Read more
4 0 885
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

CheckMates in Belgium and Ireland

Valeri Loukine‌ and I did the last CheckMates events for 2018 in Belgium and Ireland. A great time was had by all.

"I'm not ready yet, guys!"

He won the Kahoot!

CheckMates will be at all three CPX 360 2019 event in January and February. See you there?

Community Highlights

Here are the conversations worth watching in the community:

BEYOND - Customer Success Hub 

We launched our new online portal for TAC cases! Check the thread for more details and share your feedback.

Two ISP's with two appliances 4800 R80.10 

And related thread: CheckPoint Cluster Failover Query. Bottom line: Both ISPs need to be available/reachable from both gateways.

Deploying E80.88 Packages with MDT Build 8450 

Nice video showing how to deploy the Endpoint solution.

id, ID and OE inspection points in R80.20 GA? 

If you're using fw monitor in R80.20, you'll see some different "inspection points." This thread explains.

R80.20 SecureXL drop template support 

Yes, they're still supported even though one doc suggested they weren't.

Finding Mobile Access concurrent user license level 

We made this much easier in R80.x.

Missing header X-chkp-sid in login? 

Make sure you're calling the correct API endpoint.

How can we block Nmap and other Port scanners 

SmartEvent, anyone?

Why does the wrong flag show up for an IP address in GeoBlocking? 

Never seen that myself, but makes sense that it could.

Installation & Upgrade problems from R77.x to R80.x 

A collection of upgrades that went successfully...and not.

Prevent low confidence Anti bot protection 

Update the Threat Prevention profile to block it.

Upcoming Events

And, of course, CPX 360 2019!

Video Link : 10813

Read more
9 0 105
Admin
Admin
0 0 4
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

CheckMates in the UK and Nashville

Valeri Loukine‌ did some internal evangelizing of CheckMates with our UK colleagues:

Meanwhile I did the last US-based event for the year in Nashville:

Next week, Val and I are teaming up to do the last CheckMates events for 2018 in Europe. 

Community Highlights

Here are the conversations worth watching in the community:

R80.20 Security Gateway with new Gaia based on kernel 3.10 is GA for CloudGuard and HP Gen10 ! 

Not fully supported on Check Point appliances yet, but it's coming. And very soon: on Scalable Platforms (44k/64k)!

https://community.checkpoint.com/people/a1f28a75-6e6d-4a5a-bff0-ccb164d07a86/blog/2018/12/06/r8020-m... 

Likewise, you can install R80.20 Management in AWS. Gateway? It's coming very soon.

https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2018/12/06/new-... 

Doesn't even require you to upgrade to R80.20 Smiley Happy

HPS Emulation 

Another name for CPU-Level Threat Prevention.

NAT Templates - SecureXL 

Why they weren't enabled by default until R80.20.

The flow time of the logs seems different

Session consolidation is the likely culprit.

R80.10 Smart Console - how to view NAT properties for objects within a group 

Where to find the Object Explorer in R80.x.

DNS Trap 

How does it work?

How are security professionals influenced by analysts ? 

A little market research.

 

Setting Resource Classification to Background mode can cause this.

Upcoming Events

Read more
14 0 249
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

CheckMates at Home

It's been a while since both Valeri Loukine‌ and I were not on the road somewhere. 

Valeri took some well-deserved time off, I stuck around the homestead.

No pictures to share.

Ok, maybe one:

Community Highlights

Here are the conversations worth watching in the community:

TechTalk: Dome9 Overview and Q&A 

If you missed our TechTalk on Dome9 and you're using Azure, AWS, or Google Cloud (or even thinking about it), watch the recording of this TechTalk!

R80.20.M1 SmartConsole coexisting with R80.20 

Portable SmartConsole to the rescue!

R80.20 - Portable SmartConsole + Tips and Tricks 

Speaking of portable SmartConsole...

Open Server to Appliance 

All the cool kids are moving the Check Point appliances from Open Server Smiley Happy

Add new cores to gateway 

Speaking of Open Servers, if you add more licensed cores, this thread will be helpful.

ClusterXL maintenance 

Not cluster maintenance necessarily, but maintenance on the hardware around the cluster...

False Positive on logs (Sandblast Agent) on BANKING Sites 

Looks like a bug we fixed in an upcoming release.

New Tool: CPPCAP 

A new and improved "tcpdump" for Gaia OS.

No logging in Logging and Monitor tab 

If you have your management and log server separated, this thread is relevant.

New Appliance Sizing Tool. Do you like it? 

This thread is really only relevant to Partners who have access to the tool, which was recently updated.

Upcoming Events

Read more
22 1 140
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

CheckMates in Frankfurt and Athens

It was Thanksgiving this past week in the US, so I took a break from the shiny metal tubes and CheckMates events.

Meanwhile, Valeri Loukine‌ packed them in at Frankfurt and Athens:

Amit Sharon‌ and Niran Turgeman‌ also joined Valeri Loukine‌ in Athens!

Community Highlights

Meanwhile, here are the conversations worth watching in the community:

 

Call For Papers CPX 360 2019 

Last week to submit for our CFP for CPX 360! Got something to tell the Check Point community live and on-stage? We'd love to hear from you!

How do I add SecureGateway to Cisco ISE 2.4 using RADIUS? 

A solution eventually came Smiley Happy

SmartConsole Scripts Repository usecases and experience 

Related thread: Proper place to put custom scripts 

Access layer policies 

How ordered layers work

R80.x Performance Tuning Tip – Multi Queue 

Sometimes you need to bring in the heavy guns. See also: Open Server - HCL for multi queue network cards 

R80.20/R80.10 MTA now includes AV blade features 

Update your MTA in CPUSE to get the benefits!

Extract a policy from 77.30 and move it to 80.10 

I think we cover all the possible ways here Smiley Happy

Sandblast and .msg attachments  

Yes, they're supported.

FQDN and Domain Objects in R80.10 when DNS server fail? 

Good things to know and tables to review when troubleshoot.

 

Just like it says Smiley Happy

Upcoming Events

Read more
31 0 4,517
Admin
Admin

Welcome to "This Week in CheckMates," your weekly highlight reel for all things CheckMates!

Past and future posts will be available here: About CheckMates

To have these updates show up in your preferred RSS reader add the following URL: About CheckMates RSS Feed 

See also our social media accounts and our podcast (RSS Feed):

CheckMates in Your Language!

While most of the content on CheckMates is in English, we now have a few groups where both content and discussions are available in other languages! 

CheckMates in Florida and Prague

The problem with being a one-man show sometimes is you don't always get pictures.

In case you need proof I was in Florida, though:

Meanwhile, Valeri Loukine‌ had a good crowd in Prague:

Community Highlights

Meanwhile, here are the conversations worth watching in the community:

Call For Papers CPX 360 2019 

We've extended our CFP deadline to 30th November. Got something to tell the Check Point community live and on-stage? We'd love to hear from you!

*New* Splunk App for Check Point Logs 

Announcing our new integration with Splunk that leverages Log Exporter.

Mac OSX 10.14 Beta (Mojave) 

There's an EA available for this now that you can sign up and be a part of!

If you are tired typing netstat -nr | grep ^x.x.x.x 

Many ways to get the same information.

Kernel global parameters - the most useful settings 

What kernel parameters do you tweak?

Nested layers 

Something we don't currently support, but you can sort of emulate with the existing layers.

Data Center Objects not updating - force refresh? 

How to debug this issue.

Traffic is originating from a VS with the VSX internal communication address 

Not something you want to see.

R80.20.M1 to R80.20 Upgrade 

The procedure has been released but we are also still rolling out the code. 

Management HA: Member in Collision Status 

Always good to make sure your management servers are running the same jumbo hotfix.

Upcoming Events

Between Valeri Loukine and I, we'll be busy in the next several weeks!

Read more
22 0 6,547