Community Settings - Check Point CheckMates

Advanced Search Options

Search Modifiers:

You can apply modifiers to the terms you enter in the search field.
Use quotes to search for an "exact phrase".
Use the plus sign to search for +one +or +more +words.
Use the minus sign to -exclude -certain -words from your search.

View results by

Results per page

Topics with no replies

Limits search results to topics that have no replies.

41 - 50 of 35,568 discussions

Sorted by:

Best Match

Date
Views
Kudos
Replies
Best Match

Search Options

Subscribe to RSS Feed for this Search

Subscribe to RSS Feed for this Search
Permalink

1
Using DNS FQDN for object names in policy creation

by Chandhrasekar_S in Management

Team can you please let me know, how to use DNS FQDN for object names in policy creation. What are the advantages and disadvantages and any things I need to take into consideration before deploying t...

Show results in replies (9)

In R80.10 there are now two modes: FQDN and non-FQDN: FQDN: If using FQDN mode (R80.10), the tr...
What does it mean by (up to 10 levels) described in sk120633 in below sentence? any example to...
Think such a command is listed here: https://community.checkpoint.com/docs/DOC-3476-domain-obj...
Hello Guys, Is there a way to track the current resolution of the FQDN object? For instance an C...
Has anyone used FQDN objects in a VSX environment on R80.10 ? Trying to determine what ip actu...
Pre-R80.10, domain objects used only non-FQDN. This basically means if a DNS lookup is requir...
This is relevant for non-FQDN Domain Objects and has been the case for a while. For FQDN, the DNS ...
Use extreme caution when deploying domain objects in your rule base. We added a domain object to ou...
The TL;DR is: If gateway is lower version than R80.10, you must select non-FQDN. If gateway is R...

‎2017-11-13 09:25 AM

3 Kudos

12 Replies

55628 Views

1
Terrapin Vulnerability - All Linux servers are vul...

by Blason_R in General Topics

Hi Team, All of my CheckPoint firewalls have been scanned recently, and it appears that they are all displaying vulnerable hosts due to a recently disclosed vulnerability known as Terrapin. Though ...

Show results in replies (9)

I just did that for training, it was easily done in clish: enabled cipher: --------------------...
Did you remove aes128-cbc cipher?
The new SK is published to address the issue: https://support.checkpoint.com/results/sk/sk1818...
I expect we are evaluating internally and will provide further details when able. In the interim ...
This attack isn't terribly practical. It requires full control over a router or proxy in the path b...
I would agree with that, hope it gets addressed soon. Andy
Agree but since it has a cve given most of the vulnerability vendor by tomorrow wil be updated with...
Per the FAQ provided on the site mentioned: I am an admin, should I drop everything and fix this?...
This actually came out today https://www.helpnetsecurity.com/2023/12/19/ssh-vulnerability-cve-202...

‎2023-12-19 05:43 AM

31 Replies

13971 Views

1
Skyline - a new monitoring solution for Check Poin...

by Arik_Ovtracht in OpenTelemetry/Skyline

Hi, I am excited to announce the availability of Skyline - Check Point’s new solution for real-time monitoring of the Quantum Family devices. Skyline uses modern technologies (based on OpenT...

Show results in replies (9)

Hi, I am excited to announce the release of Skyline - Check Point’s new solution for real-time mo...
Hi @Franktum , Since then ( Jan 23 ), various improvements were pushed to Skyline to ne...
Hi! Do you have an update about the load on CPU cores on VSX Cluster? In SK still appears the mess...
Hi Diego I do have some problems while implementing your dockers. grafana docker is always restar...
A new version of Skyline will soon be released, where we have removed the limitation of number of V...
Did you already test on systems with man VSs? We have up to 30.
That's fine. Now a port to R80.20SP would be interesting, even if this release is out of support so...
Thank you very much for the information.
Hallo, Do you plan to update Skyline so that it can work with new versions of Jumbo Hotfix, for ...

‎2022-05-18 02:15 AM

18 Kudos

69 Replies

71827 Views

1
How to know which cluster member is active?

by Admin_CheckPoin in Management

Hi, Inside Smart Console, how to know which member of a cluster of firewalls is active? Thanks

Show results in replies (8)

Vladimir is correct. "cphaprob stat" will tell you via the CLI. From within the GUI there are a co...
Matt's answer is better and easier to understand. That's it. In SmartConsole > Gateways &...
I see. "Why make it simple when you can make it complicated?"
...unless it is running something like backup, performing signature updates, using Internet feed, e...
They got covered all the ways. In a ClusterXL HA is it not possible to determine the active securit...
When you go to Device & license information (click on the cluster) you can select member and lo...
Actually, it will not be a bad idea to add the "active member" indicator for HA clusters and a resi...
You cannot determine that from SmartConsole. Start CLI and use "cphaprob stat" to make this determ...

‎2019-01-21 08:29 AM

1 Kudos

8 Replies

33332 Views

1
Advanced Capabilities triggered by everything sinc...

by cstueckrath in Endpoint

Good morning, Unfortunately, I was rudely awakened today because apparently most of the msi and exe files on our devices were recognized as malicious by offline file reputation. We have deactivated...

Show results in replies (9)

The issue should already be resolved in all environments. It is also documented in https://...
I believe TAC is aware of this issue but please report your specific instance so you can be kept up...
Same here for a bunch of our clients. Also seeing benign DNS requests blocked on the Endpoint...
Having the same issues, keepass, 7zip, visual studio, but also checkpoint own files are removed. O...
TAC response: There have been several cases reported, and the issue has been internally escalated...
deactivating advanced capabilities solved the issue only for 88+ versions. some customers are still...
Hi all, we are aware of the issue, and the task force is working on the resolution. The "bad" signa...
Not very happy about this. I'm happy that TAC is aware of the issue, but handling this at scale is...
The users can restore their own files. We have had to ask the affected users to run Quarantine Man...

‎2024-09-16 12:01 AM

1 Kudos

10 Replies

3715 Views

1
How to identify transceiver / SFP+ adapter?

by S_E_ in Security Gateways

Hi, I'm looking for a command to identify if a SFP+ adapter has been inserted and if, which one. E.g. 5xxx / 15xxx series appliance. The "show asset all" does not really help Number of line c...

Show results in replies (9)

well, 6 years later, but found this posting right before finding the solution, and thought I'd upda...
@S_E_ wrote: But on devices with R81.10, it seems to be impossible to identify if it is a C...
Hi these are good news for R81.20 fw02> show interface eth1-01 xcvr_detail eth1-01 SFP is p...
ah, you're right, Product type is visible fw-02# ethtool -m eth1-01 | grep SR Transceiver type :...
This is the right interface. driver: igb version: 5.3.5.18 I can see a lot of files under /sys...
It seems that i have similiar problem. I'm using Checkpoint appliance 5100 and Checkpoint SFP+ ada...
Are you sure you have the right interface (eth1-01)? That is the error that ethtool -m will r...
Was there a resolution found for this by the way I am on 80.20 and cant use the -m switch for ethto...
you have to have 3.10 kernel and new gaia.

‎2018-10-30 07:23 AM

1 Kudos

20 Replies

34341 Views

1
Windows 11 24H2 Remote Access VPN

by preverite in Remote Access VPN

Since the general availability of Windows 11 24H2, we're noticing around 50% of Windows machines updated to 24H2 are failing to connect with the Remote Access VPN. I noticed that with the release of...

Show results in replies (9)

Maybe try newest E89 version. Andy
This was fixed. The fix is included in: Enterprise Endpoint Security E88.62 (E88.61 Hotfix) ...
If you are still having issue with Windows 11 24h2, Please see SK182749, you could wither modify th...
Assuming this is the true solution to the problem, I would expect us to set route_conflict_resoluti...
Please, can you try to set the "route_conflict_resolution_method" parameter to "modify" in trac_cli...
Hi, I guess no update? It's really becoming a pain, and workarounds (different laptops running diff...
Not heard an updated ETA yet.
i have also the same case , and the only solved solution if modify the in trac_client_1.ttm fi...
Should also be corrected in E88.62 (recent) as well E88.70 (newest) on client side out of the box s...

‎2024-10-09 12:46 AM

2 Kudos

61 Replies

51471 Views

1
Can I export and import a policy?

by Tomer_Sole in Management

In R77 we had "save policy as", which was useful in order to have multiple copies of a policy. What is the equivalent for that in R80?

Tags:
checkpoint
export policy
gui
missing feature

Show results in replies (9)

April 2017 update: An standalone open-source tool exists for exporting and importing policies ...
Hello Tomer, Can you share more about hits count extracts in csv format.I’m running R80.40 Sm...
You can do this using the API today. I believe the hitcount will be part of the CSV export from Sm...
Is there a means of exporting the mobile access policy as a .csv?
Is there a way we can export policy without exporting the objects? I need to perform below steps: ...
Seems to work a treat 🙂
Thanks Damien - found it in $FWDIR/fw1/Python/bin/python
Python is there, but it's buried. Should be in $FWDIR/Python/bin/python
I'm interested in using this export/import tool on an R80.10 MDS, but haven't done much with Python...

‎2016-04-24 02:05 AM

6 Kudos

14 Replies

68514 Views

1
Build Your Own POC (BYOPoC) - CloudGuard GWLB Refe...

by Jeff_Engel in Cloud Network Security

Hi Everyone, We are starting a new initiative whereby we give everyone(customers, partners, Check Pointers, etc.) the ability to quickly and easily stand up an otherwise complex architecture featur...

Show results in replies (6)

@Jeff_Engel - For some reason the Cloud Management Extension (CME) was not running on the mana...
Hi Everyone, Just a heads up that this workshop has been updated to support R81.20. Please use ...
Also a reminder that you will need to subscribe to the following Check Point software listings(depe...
Just to follow up on this, I updated the workshop to support R81.20 and updated the CFT to include ...
@Jeff_Engel one thing to note you have to select an AMI that you are subscribed too. I did not...
Thanks for the feedback @Bryan-Smith! I will get that added to the documentation.

‎2022-10-24 09:54 AM

3 Kudos

6 Replies

4853 Views

1
At least one DC is currently disconnected

by Anna_Ushakova in Management

Hi. Check Point cannot connect with one of the domain controllers. Controller is currently in another subnetwork, but permitting policies are created and there is ping from this controller. That cou...

Show results in replies (7)

permissions needs on DC
the last prints on DC are about WMI properties...
Using Identity Awareness AD Query without Active Directory Administrator privileges on Windows Serv...
adlog a dc command shows "WMI permission error"
DC was rebooted. there is still no connection.
check: - Routing DC to Gateway and Gateway to DC - on DC if your WMI service is ok (restart this ...
routing or layer-2 vlans

‎2019-01-17 06:51 AM

7 Replies

25954 Views

Previous
- 1
- …
- 4
- 5
- 6
- …
- 3557
Next

Check Point CheckMates

1Using DNS FQDN for object names in policy creation

1Terrapin Vulnerability - All Linux servers are vul...

1Skyline - a new monitoring solution for Check Poin...

1How to know which cluster member is active?

1Advanced Capabilities triggered by everything sinc...

1How to identify transceiver / SFP+ adapter?

1Windows 11 24H2 Remote Access VPN

1Can I export and import a policy?

1Build Your Own POC (BYOPoC) - CloudGuard GWLB Refe...

1At least one DC is currently disconnected

1
Using DNS FQDN for object names in policy creation

1
Terrapin Vulnerability - All Linux servers are vul...

1
Skyline - a new monitoring solution for Check Poin...

1
How to know which cluster member is active?

1
Advanced Capabilities triggered by everything sinc...

1
How to identify transceiver / SFP+ adapter?

1
Windows 11 24H2 Remote Access VPN

1
Can I export and import a policy?

1
Build Your Own POC (BYOPoC) - CloudGuard GWLB Refe...

1
At least one DC is currently disconnected