Community Settings - Check Point CheckMates

Advanced Search Options

Search Modifiers:

You can apply modifiers to the terms you enter in the search field.
Use quotes to search for an "exact phrase".
Use the plus sign to search for +one +or +more +words.
Use the minus sign to -exclude -certain -words from your search.

View results by

Results per page

Topics with no replies

Limits search results to topics that have no replies.

1 - 10 of 37,434 discussions

Sorted by:

Best Match

Date
Views
Kudos
Replies
Best Match

Search Options

Subscribe to RSS Feed for this Search

Subscribe to RSS Feed for this Search
Permalink

1
Harden Now: Preparing Check Point Gateways & Manag...

by Aviv_Abramovich in Firewall and Security Management

AI-driven developments like Mythos are set to significantly accelerate the exploitation of un‑hardened deployments, with increased focus on control planes, administrative access, and trust relationsh...

Show results in replies (5)

I created a SmartConsole Extension to automate the checks.
Thanks for this precioous guide.
Hero!
Even without the threat of Mythos, these are good best practices to follow.
I recommend also checking weak or insecure ciphers, MACs, KEXs. Some of these are fixed under ...

‎2026-05-05 02:31 AM

10 Kudos

5 Replies

6790 Views

1
Certificate and CRL validation fails from March 1,...

by simonemantovani in Firewall and Security Management

Hello accidentally, for the firewall infrastructure of a customer we ran into the issue reported in following SK: https://support.checkpoint.com/results/sk/sk184766# For the specific customer we p...

Show results in replies (9)

URGENT WARNING! While the article seems to indicate this only applies to R82 gateways and above t...
A quick and dirty workaround for this issue is to temporarily move the gw or mgmt clock 24h ahead i...
@Steffen_Appel I think you misread my comment. Just to be clear, "limited" means it does not...
Please follow the Sk instruction. There is a workaround that can be applied right away. Also, it ...
As I wrote we installed the HF and it fixes the issue for us.
We ran into this bug too, the hotfix worked for us. It seems (by the workaround in the SK), that CP...
Does the hotfix require a reboot?
Limited to specific versions yes, limited in the effect no. We had several hundred of remote worker...
Happy to hear that

‎2026-03-02 02:38 AM

8 Kudos

80 Replies

19328 Views

1
GAIA WebUi Failed to receive updates from Check Po...

by CEEJAY in General Topics

I am running R82 in my Check Point Firewall. I want to download hotfix via CPuse, but then this warning prompts at the top of webui and the "Check for Updates" is not working, I am sure that my gatew...

Show results in replies (9)

I opened an SR and they provided the new 2742 DA in the SR. I applied it and the CPUSE issue is now...
The issue has been resolved in the new released deployment agent 2742. It is now available for down...
I had that issue about a month ago and it happened out of the blue. I ended up adding another loopb...
This is related to the CRL bug, you will need to install this fix manually to fix CPUSE. If you wer...
Will try this one. Does this issue only not reaching the checkpoint cloud via CPuse or the other up...
I recall all else worked fine, no issues...updates, pings, curl_cli, routing, etc...ONLY issue was ...
Hello @emmap. At first that is my initial assumption, but after installing the CRL fix, it doe...
@Daniel_Hainich I am using google dns since it is only a lab environment. My gateway currently...
I am using google DNS since it is only a lab environment.

‎2026-03-03 06:08 PM

45 Replies

15889 Views

1
Check point vulnerable to CVE-2026-31431?

by Mattias_Jansson in Firewall and Security Management

Hi. Any guidence from Check Point regarding CVE-2026-31431 ? https://access.redhat.com/security/cve/cve-2026-31431#cve-details-description

Show results in replies (9)

The official response is ready and available in sk184928 Quoting from there: Symptom...
At the moment, there is no information about Check Point's vulnerability for the reported CVE ... ....
We are currently working on the official response. AFAIK, R81.20 and below are not affected. If...
Quick check on a R82 test box: It seems to work there.
On RHEL (and Gaia is based on RHEL), it's not a module, it's built into the kernel. It's definitely...
PoC script for CVE-2026-31431 https://github.com/AliHzSec/CVE-2026-31431/blob/master/main.py My...
The issue is present in R82 and up, but there are plenty of other local privilege escalation vector...
R81.20 and earlier are definitely not impacted by CVE-2026-31431. The problem was introduced in Lin...
On R82 MGMT algif_aead is not in use. I dont have R82 gateway. I assume it could be used on th...

‎2026-05-04 05:46 AM

16 Replies

3963 Views

1
R81.20 "HTTP parsing error occurred" / body filter...

by Romaryo in Firewall and Security Management

Hello everyone! We’ve encountered the following phenomenon: many websites don’t fully load when opened (for example, Reddit, GitHub, etc.). In the logs, we see the following events (see attached scr...

Show results in replies (9)

Here you go...just follow this sk, Im sure it will fix the issue. Needs short maintenance window, s...
Hello everyone! Thank you very much for your support! The problem is solved. The SK116022 has becom...
rundom websites. Here are the logs. I use the site because it's very easy to reproduce the pro...
Its very hard for me to say why that happens without doing remote sesison. Is it new issue or has b...
Do you have an extended log you could attach?
So is this only site with the issue or they have problems with random websites?
Colleagues, during the process we discovered another very interesting phenomenon — for example, the...
What is particularly interesting is that everything works perfectly if the user is connected throug...
https://support.checkpoint.com/results/sk/sk105559

‎2025-10-21 09:49 PM

65 Replies

47159 Views

1
AI Security Masters Session 1: How AI is Reshaping...

by Menuchak in General AI Discussion

Show results in replies (9)

As Val said, I also find that odd, because I tried from 4 different machines, no issues. I thought ...
Awesome!!
I shared two screenshots, both with the message to log in to make sure I'm no bot.
Just watch it here, works fine, no issues.
@droNU You should be able to watch the recording embedded above without needing to log in to Y...
Hi, sadly, I was unable to attend. The recording is only available on youtube? Google is enf...
This is very odd. It looks like a local issue. You can try clearing your browser cache and cookies,...
Amazing 👌
Maybe it has something to do with my region, which is Europe/Germany. I tried different browsers (c...

‎2026-01-08 10:28 PM

6 Kudos

10 Replies

16715 Views

1
ElasticXL (R82) vs ClusterXL Load Sharing — what c...

by WiliRGasparetto in Firewall and Security Management

There has been a lot of discussion lately around ElasticXL in R82. The most common misunderstanding is treating ElasticXL as “just another ClusterXL mode.” It isn’t. ElasticXL changes the operational...

Show results in replies (8)

Yes, so the Site is Standby, the SGM inside that site is Active and ready to go should the Site bec...
Right, so you can see there that Site 1 is Active and Site 2 is Standby, Hence the SGM in site 2 wo...
Excellent question! Yes, it's possible to achieve dual-site local traffic optimization using Elas...
thinking about this point, I think I'll write another article presenting the possible architectures.
That would require Active/Active support for EXL, which is not an option. A dual site EXL setup is ...
This is a good post. I have a question. Can you achive dual site with local traffic optimisation ...
This would be helpful. I'm planning to deploy R82.10
Thank you very much, your contribution is very useful for the topic.

‎2026-03-19 07:28 PM

15 Kudos

23 Replies

5133 Views

1
New CCSA & CCSE exams, Exam Prep Guides & Exam Ret...

by Jason_Tugwell in Training and Certification

We are excited to announce the release of a the new R82 CCSA and CCSE exams! 156-215.82 – Check Point Certified Security Administrator – R82 (CCSA) 156-315.82 - Check Point ...

Show results in replies (8)

Hello @NewDay_NewWay Your exam voucher is not locked to a version of the exam and ...
Hi @Timothy_Hall and @Jason_Tugwell does the exam vouchers and exam version h...
I would recommend the R82 because it has some very interesting changes for those who will operate a...
Hi @Jason_Tugwell Do you have any information for when the CCTA/CCTE and other"R81.20" base...
During his first term, in fact.
Which exam would you currently recommend, R82 or R81.20?
Yes sir!
3.0b for me, but close enough.

‎2025-10-29 04:15 PM

8 Kudos

19 Replies

11042 Views

1
sk183754 MANA

by LazarusG in Cloud Firewall

Hi, Simple query - if you manually edit the VM overview page and add the LegacyVMNVA tag and then stop/start - is that sufficient to scope the opt-out to that vm. Thanks

Show results in replies (8)

That's what the compliance/remediation policy is doing, except the policy is filtered for a select ...
We should look at this in two scenarios: 1. VM currently on Mellanox Applying the LegacyVMNV...
also we have customers having errors trying to apply the label - and also customers asking how to r...
cool yeh - so in a really simple environment - where someone might not have permissions to run the ...
thanks for the screnshot though - most helpful
Hello About VMSS, Must we Stop/Start the VMSS group or it is enough apply this by each...
Applying the compliance and auto-remediation policy to the resource group will ensure the VMs get t...
For those interested, here's an Ansible playbook to add the MANA driver to the modprobe deny-list. ...

3 weeks ago

8 Replies

1867 Views

1
Issues blocking WhatsApp

by Blannier in Firewall and Security Management

Hi everyone, I’m trying to block WhatsApp on my network using Check Point. I have applied the relevant policies and added the WhatsApp application categories/tags within Application Control. The pa...

Show results in replies (8)

Hi Don, :path need to be a complete URL of a directory that contains in it urls.txt and Vers...
Hey Steve, All I did was add *whatsapp* and do NOT check regular expressions, thats it. Rule look...
K, sounds good.
Hey Don, Any luck with this? Andy
Thanks Larry 😉 Is that related to the new R82 JHFA 41 feature or a custom App with just *w...
@Don_Paterson There you go : - ). Btw, happy to do remote and help if you guys allow that. ...
Steve? Who's Steve 😉 It's early morning over there ☕ ☕ I am giv...
Ah...confused Larry, would not be first OR last time haha Anyway, no, I did not test that feature...

‎2025-09-15 05:32 PM

60 Replies

40904 Views

Previous
- 1
- 2
- 3
- …
- 3744
Next

Check Point CheckMates

1Harden Now: Preparing Check Point Gateways & Manag...

1Certificate and CRL validation fails from March 1,...

1GAIA WebUi Failed to receive updates from Check Po...

1Check point vulnerable to CVE-2026-31431?

1R81.20 "HTTP parsing error occurred" / body filter...

1AI Security Masters Session 1: How AI is Reshaping...

1ElasticXL (R82) vs ClusterXL Load Sharing — what c...

1New CCSA & CCSE exams, Exam Prep Guides & Exam Ret...

1sk183754 MANA

1Issues blocking WhatsApp

1
Harden Now: Preparing Check Point Gateways & Manag...

1
Certificate and CRL validation fails from March 1,...

1
GAIA WebUi Failed to receive updates from Check Po...

1
Check point vulnerable to CVE-2026-31431?

1
R81.20 "HTTP parsing error occurred" / body filter...

1
AI Security Masters Session 1: How AI is Reshaping...

1
ElasticXL (R82) vs ClusterXL Load Sharing — what c...

1
New CCSA & CCSE exams, Exam Prep Guides & Exam Ret...

1
sk183754 MANA

1
Issues blocking WhatsApp