Community Settings - Check Point CheckMates

Advanced Search Options

Search Modifiers:

You can apply modifiers to the terms you enter in the search field.
Use quotes to search for an "exact phrase".
Use the plus sign to search for +one +or +more +words.
Use the minus sign to -exclude -certain -words from your search.

View results by

Results per page

Topics with no replies

Limits search results to topics that have no replies.

1 - 10 of 36,145 discussions

Sorted by:

Best Match

Date
Views
Kudos
Replies
Best Match

Search Options

Subscribe to RSS Feed for this Search

Subscribe to RSS Feed for this Search
Permalink

1
Issues blocking WhatsApp

by Blannier in Security Gateways

Hi everyone, I’m trying to block WhatsApp on my network using Check Point. I have applied the relevant policies and added the WhatsApp application categories/tags within Application Control. The pa...

Show results in replies (9)

Hi Don, :path need to be a complete URL of a directory that contains in it urls.txt and Vers...
Good day Don, Im super curious to see how this works out for you, in regards to whatsapp. Please ...
Thanks 🙂
Hey Steve, All I did was add *whatsapp* and do NOT check regular expressions, thats it. Rule look...
Steve? Who's Steve 😉 It's early morning over there ☕ ☕ I am giv...
Thanks Larry 😉 Is that related to the new R82 JHFA 41 feature or a custom App with just *w...
@Don_Paterson There you go : - ). Btw, happy to do remote and help if you guys allow that. ...
Geesh, sorry Don...I was responding to Steve on another post and just typed that here too lol, my b...
Ah...confused Larry, would not be first OR last time haha Anyway, no, I did not test that feature...

‎2025-09-15 05:32 PM

60 Replies

7095 Views

1
R81.20 "HTTP parsing error occurred" / body filter...

by Romaryo in Endpoint

Hello everyone! We’ve encountered the following phenomenon: many websites don’t fully load when opened (for example, Reddit, GitHub, etc.). In the logs, we see the following events (see attached scr...

Show results in replies (9)

Here you go...just follow this sk, Im sure it will fix the issue. Needs short maintenance window, s...
Hello everyone! Thank you very much for your support! The problem is solved. The SK116022 has becom...
I suspect based on screenshot you are running https inspection. I assume if you bypass problematic ...
Hi! Yes, we are blocking QUIC. We had the same effect with JHF105 and also with JHF118 (currently).
I second all the points @Lesley had made.
Are you doing bypass?
Sure, if we set up an HTTPS inspection bypass for the affected sites, the problem is solved. But we...
Not saying bypass everything, but certain things may need to be bypassed.
What is particularly interesting is that everything works perfectly if the user is connected throug...

2 weeks ago

65 Replies

2835 Views

1
IMPORTANT - Action Required For VPN/Remote Access ...

by _Val_ in General Topics

Hi CheckMates! This message is relevant only for customers using VPN Site-to-Site and Remote Access VPN Security Gateways using certificates issued by DigiCert External CA. No action is required ...

Show results in replies (9)

UPDATE - DigiCert Certificate Expiration Mitigated Hi CheckMates &n...
The SK article is not that clear... I just posted the following under "was this page helpful": "T...
The mentioned SK is still a work in progress. All required hotfixes and also a script to check whet...
ok, thanks
Once everything is in place, we will create a post and merge all related discussions
Hi We were just alerted to this which requires action in the next week. Looking at the SK it says...
Thanks for that Val.
Thanks for that @Alex_Lewis
I contacted Digicert support, and this affects all Digicert brands, which include GeoTrust and Rapi...

‎2025-08-29 07:49 AM

2 Kudos

50 Replies

7305 Views

1
What is UPPAK, KPPAK vs. USFW, KSFW

by HeikoAnkenbrand in General Topics

In recent years, I have repeatedly noticed confusion regarding the following terms: KSFW, USFW, UPPAK, and KPPAK, which sometimes led to incorrect modules being switched. Therefore, I’ve written a sh...

Tags:
corexl
cpconfig
firewall
fwmode
fwstat
instance
kernel
Kernel Space
KPPAK
KSFW
securexl
UPPAK
user
User Space
usfw

Show results in replies (9)

This sk179432 explains that there is a functional difference between UPPAK and KPPAK modes. Therefo...
Such a great explanation Heiko.
Only other point I'd make is that if you suspect you have a 'user mode' issue, 99% of the time it'l...
In R82.10, it will be only USFW and UPPAK 🙂
Hi @PhoneBoy , thanks for the info. Luckily, we won’t have to switch back and forth between ...
Glad for that 🙂
It will become particularly interesting once R82.10 is available and only USFW and UPPAK are suppor...
Possible these will not be limitations in R82.10, though I have not seen any confirmation of this.
R82.10 is already in Public EA stage. Maybe some limitations will be solved only in GA, but if some...

a week ago

6 Kudos

10 Replies

2375 Views

1
Windows 11 24H2 Remote Access VPN

by preverite in Remote Access VPN

Since the general availability of Windows 11 24H2, we're noticing around 50% of Windows machines updated to 24H2 are failing to connect with the Remote Access VPN. I noticed that with the release of...

Show results in replies (8)

Maybe try newest E89 version. Andy
This was fixed. The fix is included in: Enterprise Endpoint Security E88.62 (E88.61 Hotfix) ...
If you are still having issue with Windows 11 24h2, Please see SK182749, you could wither modify th...
Please, can you try to set the "route_conflict_resolution_method" parameter to "modify" in trac_cli...
Assuming this is the true solution to the problem, I would expect us to set route_conflict_resoluti...
Should also be corrected in E88.62 (recent) as well E88.70 (newest) on client side out of the box s...
Hi, I guess no update? It's really becoming a pain, and workarounds (different laptops running diff...
E88.70 was released. Please confirm the client type & version used?

‎2024-10-09 12:46 AM

2 Kudos

71 Replies

56535 Views

1
Firewall - Automating Firewall Rule Cleanup Based ...

by HeikoAnkenbrand in API / CLI Discussion

The following one-liner identifies all rules with a hit count of 0 entries. Depending on your environment, you may need to adjust the policy name to ensure the command runs against the correct config...

Show results in replies (9)

@Bob_Zimmerman, @the_rock, @PhoneBoy I quickly created the SmartConsole extensio...
Hi, Thank you for your feedback. We found out that the SmartConsole release didn't include the h...
@Bob_Zimmerman Thanks for the good tip with the date of the old rules! Technically, your...
That is SUPERB. Just ran it in my lab and it showed exact rules with 0 hits...amazing. Andy [...
Important notes: the one-liner above to find rules with no hits does not consider rules inside a se...
Back in good old times (before R8x), there was SmartDashboard feature build in by default where you...
13000 rules?! My only comment = no comment :=)
It still bugs me why that feature was removed...it was so useful.
Most of my policies are 3000+ rules with ~30% unused rules scattered throughout (stuff which got de...

‎2025-08-24 01:18 AM

4 Kudos

41 Replies

4562 Views

1
Management Interface (eth0) assigned via DHCP - ca...

by NoodleOps in General Topics

Hello, For a project that I am working on, where the Check Point VM can be destroyed and brought back up, I am trying to automatically assign the Management interface via DHCP client. This works fin...

Show results in replies (9)

I did not forget about the topic, I've just been slow to work on it... and I think I now have somet...
Actually, even when trying to fix it manually, by changing the IP address, it doesn't work: cpfw&g...
Maybe this? clish> add interface eth0 alias <dhcp-ip>/24 clish> save config
You can, it's just a headache because you have to include all the interfaces in the object you pass...
What exactly are you building? You mentioned Vagrant. Is this about reproducible lab environments? ...
I would just use cloud-init to handle the first-time config when the VM is built. I did something s...
It's only at the creation of the VM that I want to use DHCP to assign the IP address, once the VM i...
Your management server should not have a DHCP address in the first place. SIC with the security GWs...
Thank you for your reply. I was able to connect to the SmartConsole and manually update the IP add...

4 weeks ago

24 Replies

1970 Views

1
R82 upgrade for Azure

by Duane_Toler in Cloud Network Security

Can someone explain the inconsistency with sk177714 (in-place upgrade of an R81.20 SmartCenter in CloudGuard) versus what is actually happening on the server? Sep 25 18:33:03 2025 mercury xpan...

Show results in replies (9)

Just to wrap this up, and let "Future Me" and "Future You" know, this "aio" package worked well to ...
Hey Duane, Did you figure this out? Andy
Last time I did this, I just ended up doing it from web UI, like regular Gaia and worked fine. An...
Just in case: You would run 1 or 2: 1. clish installer import cloud aio_Check_Point_R8...
Are you using the upgrade package linked in sk177714 to do this? Other packages may not be su...
Oh! Fair enough, my fault for not clicking the link, I did miss that; I didn't see there was ...
Nope. The package can't be found with .tgz extension, either. Not available as a plain ...
I will try that in the lab, but I never recall seeing sign = after word package. Andy
Sadly, the package isn't being added to the repository, so it's not selectable. I even tried ...

‎2025-09-25 03:44 PM

2 Kudos

33 Replies

2367 Views

1
Performance Limitations of Virtual Switches in a V...

by HeikoAnkenbrand in Security Gateways

I’ve noticed that in a VSX environment the virtual switches don’t seem to achieve very high packet throughput. In practice, I can’t get more than around 4–5 Gbps over a wrp interface. When I connec...

Show results in replies (9)

There should be no performance degradation. The issue is specific to UPPACK and has been identified...
@genisis__ @HeikoAnkenbrand Answering all questions in one post - The virtua...
We also have a VSwitch environment as a large university hospital. It's very convenient that we don...
I've never really dug into the networking guts of VSX, but the fact you are topping out at 4–5...
What version/JHF level?
@PhoneBoy We use R81.20 JHF 105.
@Timothy_Hall First of all, thank you all for sharing your insights. I had already tested most of...
This post describes a similar experience with inter-VS traffic utilizing virtual switches and ...
I understand the facts and they are clear to me. My question is about the throughput you can rea...

‎2025-08-21 04:13 AM

5 Kudos

34 Replies

4033 Views

1
Has anyone been able to have redundant VPN tunnels...

by dgrenfell in Security Gateways

I have 2 site-site VPN tunnels going out to AWS, but I can't seem to force a failover to make sure redundancy is working. We have a cluster of 2 19100 appliances, so I know redundancy would work if w...

Show results in replies (9)

Welp, I guess it took upgrading to JHTF 118 to get this failover thing to work. So yay! Ha. Thanks ...
I had done this with Azure, but I suspect would be similar on AWS.
Do you have simple diagram?
Can you describe further how are the static routes configured, was there a particular guide which y...
Sure! I have the static routes set up in GAIA for both gateways like this: As far as t...
I do actually. I scrubbed all private information, but here is the basic diagram of how it flows. W...
I have a tunnel with Azure for another vendor, it's not redundant, but man it was SO much easier to...
There are some differences, yes!
Thanks mate! Let me see if I can try lab this up when back from vacation.

3 weeks ago

56 Replies

1519 Views

Previous
- 1
- 2
- 3
- …
- 3615
Next

Check Point CheckMates

1Issues blocking WhatsApp

1R81.20 "HTTP parsing error occurred" / body filter...

1IMPORTANT - Action Required For VPN/Remote Access ...

1What is UPPAK, KPPAK vs. USFW, KSFW

1Windows 11 24H2 Remote Access VPN

1Firewall - Automating Firewall Rule Cleanup Based ...

1Management Interface (eth0) assigned via DHCP - ca...

1R82 upgrade for Azure

1Performance Limitations of Virtual Switches in a V...

1Has anyone been able to have redundant VPN tunnels...

1
Issues blocking WhatsApp

1
R81.20 "HTTP parsing error occurred" / body filter...

1
IMPORTANT - Action Required For VPN/Remote Access ...

1
What is UPPAK, KPPAK vs. USFW, KSFW

1
Windows 11 24H2 Remote Access VPN

1
Firewall - Automating Firewall Rule Cleanup Based ...

1
Management Interface (eth0) assigned via DHCP - ca...

1
R82 upgrade for Azure

1
Performance Limitations of Virtual Switches in a V...

1
Has anyone been able to have redundant VPN tunnels...