Community Settings - Check Point CheckMates

Advanced Search Options

Search Modifiers:

You can apply modifiers to the terms you enter in the search field.
Use quotes to search for an "exact phrase".
Use the plus sign to search for +one +or +more +words.
Use the minus sign to -exclude -certain -words from your search.

View results by

Results per page

Topics with no replies

Limits search results to topics that have no replies.

41 - 50 of 35,568 discussions

Sorted by:

Best Match

Date
Views
Kudos
Replies
Best Match

Search Options

Subscribe to RSS Feed for this Search

Subscribe to RSS Feed for this Search
Permalink

1
Security Management Server exposed to the internet...

by imamuzic in Management

Hi everyone, I’d like to share an observation that I believe is critical for anyone using a Check Point Security Management Server (SMS), especially in distributed environments where gateways connec...

Show results in replies (9)

sk119497 is relevant insofar at the fact some rules don't show in the Implied Rules view. Thi...
That is all fine, I was aware of implied rules, but never examined them thoroughly, so wasn't aware...
I understand. From my point of view an open port is not a security hole. Could it be abused in the ...
Wait...are you saying your mgmt if it has public IP is accessible like that by default? Andy
Hi, This is considered OK. If you really want to move from implied rules to explicit rules you ca...
Yes, and we were not aware about this until last night when we observed IPS events trigered by expo...
That would explain it, so has to be limited access with the actual rules. Andy
It is not a vulnerability, don't take me literally now because I'm really mad on Check Point right ...
Personally, I dont think its fair to say that, but just my opinion. Its always our responsibility t...

‎2025-05-14 08:00 AM

31 Replies

2792 Views

1
How does number of managed gateway ngsm count for ...

by weisoon in Management

Hello Community, I have an open server with license CPSM-NGSM5 which refer to 5 gateway that can be managed with this license. How does it count for non-vsx cluster member(Active/Standby)? ...

Show results in replies (7)

Yes, gateway objects consume license slots, regardless of whether you have SIC with them. In my lab...
A ClusterXL cluster with 2 members is counted as two gateways. VSX by comparison is documented he...
Each gateway in a ClusterXL cluster counts as a managed gateway for licensing purposes. Which mean...
I believe the license is based on the number of gateway objects defined (whether or not you are pus...
Is there a command that will tell you the current usage?
You may try the mgmt-cli commands from sk178544
That worked, thanks!

3 weeks ago

7 Replies

675 Views

1
Spark Embedded physical memory high

by dkzndkqh in SMB Gateways (Spark)

Currently, my SMB(1550, R81.10.15) appliance is using too much memory. However, even when I check with top, I can't figure out which process is causing the high memory usage. Could you please let me...

Tags:
high memory usage

Show results in replies (9)

No worry ! Let us look at the .lua Script in detail to learn more about the performed steps ! The s...
Thank you for letting me know! By the way, is there a big difference before and after the upgrade? ...
I strongly recommend you to upgrade to the latest R81.10.17 which includes a lot of fixes including...
You might also wish to explore the script in sk183290 - Optimizer Script for Quantum Spark Gateways...
Thank you for the information. I have a few questions. In the SK document, it says to disable featu...
Did you try run below? Andy https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Local...
Are you perhaps talking about installing Dr. Spark report?
Correct.
I downloaded the report and reviewed it, and it also shows that the memory usage is high

‎2025-04-27 10:46 PM

18 Replies

3410 Views

1
Gateway RADIUS login suddenly "unable to get user ...

by basinUnaltered in Security Gateways

I've been gradually enabling RADIUS authentication on our gateway fleet but today I noticed that when trying to sign in via SSH I'm receiving an error when using my AD credentials. The last time I tr...

Show results in replies (9)

It just occurred to me that I did create a new user in Smartconsole around that time, but it didn't...
Can you send the content of /etc/ssh/sshd_config file? Andy
I get this all the time. On my end, it seems to be a problem with RBA roles on the firewall, which ...
Ours look the same Weirdly, I just rebooted my lab unit and RADIUS works again on it. Comparing ...
Thanks Andy, here it is. (ip addresses have been changed) # This file was AUTOMATICALLY GENER...
Looks right to me. See if something is different in file below (I got this from my lab). Andy [...
Never seen it myself. To be sure, I would just run chattr +i on that file and call it a day. Before...
from my lab: [Expert@CP-MANAGEMENT:0]# ls -lh /dev/null crwxr-xr-x 1 admin root 1, 3 Apr 20 09:2...
Strange; do you have RADIUS auth configured for SSH login on your lab?

‎2025-04-23 10:26 AM

31 Replies

3440 Views

1
Permissions to Outlook by VS

by Matlu in Security Gateways

Hello, We need to create a rule in our FW, that allows access for Outlook mail consumption to a user with IP 10.x.x.x.x/32 We do not have APPC or URLF We only have the instance with the blade FW ...

Show results in replies (9)

I just ran below command on the lab fw: [Expert@CP-GW:0]# dynamic_objects -uo "Office365 Services...
With the command shown by Andy you'll see if the updatable object will be fine. Using "Office 365 s...
Hello Indeed, our need is that the user can access via web, to https://outlook.com, but the proble...
I can check in the lab tomorrow...what is EXACT name of the updatable object? Andy
@Matlu what‘s OUTLOOK as destination? You mean https://outlook.com or dou you mean outloo...
It's Office 365 If it is not feasible to use Updatable Object for this purpose, what would be the ...
Hey bud, You only need technically fw blade enabled to use updatable object. I always only use it...
Hey bro, See what I attached. I just tested with that object in the policy with no ssl inspection...
Let me do some lab tests soon and will update you buddy. Andy

‎2025-06-01 11:05 AM

20 Replies

2153 Views

1
Checkpoint Endpoint Security VPN Client not workin...

by jonas_w in Remote Access VPN

Hello! Until today, Checkpoint Endpoint Security VPN worked without issues. Today, the VPN Client stopped working. The VPN simply displays "No security policy is configured." as shown in the attac...

Show results in replies (9)

For my case, it turned out it was an incompatibility between some ASUS services and the Checkpoint ...
Please note per sk115192 client support for Win11 24H2 is not yet GA. An updated client version i...
I heard all these issues should be fixed with E89 client, but not sure when thats coming out. I hop...
HengL_12341234 The same behavior is observed in version E88.60. I also cannot find the files and re...
It's a known issue. First, you need to be on the latest version E88.60 (latest client release):&nb...
That seems to be issue with probably most vendors' VPN clients, its usually something to do with 3r...
I have the same problem, I even get a Blue Screen with the error Kernel_Mode_Heap_Corruption passin...
That file is for a gateway and is not relevant on a client. For a client, you need to edit tr...
when i click VPN Options Will popup error "Check Point Mobile Connectivity with the VPN ser...

‎2024-11-18 09:37 AM

1 Kudos

13 Replies

13495 Views

1
Blocked Porn is getting through!

by Moudar in Security Gateways

Hi As you can see the web page www.superporn.com only as an example, many other porn websites bypassing the same! was blocked only for 2 logs and then it was acce...

Show results in replies (9)

Just to share with the community... it looks like a SK was published regarding this issue with chro...
Atleast part of the answer is in the log output provided. QUIC traffic is allowed in your environ...
By any chance the issue is occurring only on Chrome/Edge browser just recently? We have a simila...
We only have HTTPS categorization enabled on R80.20.XX and R81.10.XX on locally managed SMB firewal...
I did blocked QUIC:
You need to make an exception in https policy.
Here are my firewall stats: Accelerated conns/Total conns : 161/53539 (0%) LightSpeed conns/Tota...
It's not specific to the sites rather QUIC more broadly, there is an SK that describes the need to ...
The issue will likely persist to a degree if you don't also handle the QUIC traffic.

‎2024-04-29 07:31 AM

61 Replies

47451 Views

1
Strange error in SmartConsole

by JPR in General Topics

Hello all, I'm experiencing a rather strange error in SmartConsole. When I click the +-sign in the Services & Applications column for a rule and search for 'https' SmartConsole crashes. If I se...

Show results in replies (8)

Try Build 671 Released on 3 Sep 2025 https://sc1.checkpoint.com/documents/Jumbo_HFA/R81...
Which SmartConsole Version and Build?
Do you have the latest version of SmartConsole installed ?
Yes:
It did not happen in my lab with this build. If still happens with the new build released today (...
Thanks. Installed and so far it works. I'll test throughout the day and tomorrow and keep you poste...
Good call. Thats always the first thing I try if this issue was to ever happen. Its also worth conf...
The build from G_W_Albrecht seems to have fixed it. Thanks nonetheless 🙂

a week ago

12 Replies

555 Views

1
R82 for 1500 appliances?

by ks87 in SMB Gateways (Spark)

Hi, The launch of the new devices is behind us (2500). They will debut on R82.. The question is whether older devices (e.g., from the Spark Pro series) will also receive the same functionalities?

Show results in replies (9)

The EA for this release covered: 15x5/1600/1800/1900/2000 which of course is subject to change...
My understanding is that the R82+ code is incompatible with the older SMB appliances. Mind, this is...
Correct. R82 will be supported on 15x5/1600/1800/1900/2000. R82 will probably not be suppo...
Will this be an normal upgrade or will the devices have to be USB flashed?
Afaik there has never been a new firmware that needed USB reimaging - you can do it both ways: - ...
If the flash space is sufficient yes
Never had any space issue with SMB flash.
Fact is: The difference between 15x0 and 15x5 SMBs is that 15x5 have doubled RAM size - this can be...
I think the processor is also somewhat faster as well in the 15x5 appliances, but RAM is the main r...

‎2025-07-25 03:05 AM

2 Kudos

12 Replies

957 Views

1
Standalone (GAIA R80.40) to distributed deployment...

by Zeppln in SMB Gateways (Spark)

Hello everyone! Here's the situation, a client is trying to migrate a standalone deployment (Gaia R80.40) to Smart 1 Cloud (R82). Currently, they have an open server for the standalone deployment. T...

Tags:
Smart1-Cloud

Show results in replies (8)

Since R80.40 is no longer supported, and SMB environments are typically small, and you're facing th...
In order to import the "standalone" gateway to Smart-1 Cloud, you would need to upgrade management ...
Thanks for the comments! So in case I try this route, I should upgrade my deployment first t...
Thanks for the insight! When setting up a new S1C instance, which configurations should I pr...
https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin...
Just a thought, but maybe not a bad idea to get in touch with professional services, Im positive th...
Configuring Gateway and Cluster Objects
The SK I linked explains the process.

3 weeks ago

1 Kudos

8 Replies

688 Views

Previous
- 1
- …
- 4
- 5
- 6
- …
- 3557
Next

Check Point CheckMates

1Security Management Server exposed to the internet...

1How does number of managed gateway ngsm count for ...

1Spark Embedded physical memory high

1Gateway RADIUS login suddenly "unable to get user ...

1Permissions to Outlook by VS

1Checkpoint Endpoint Security VPN Client not workin...

1Blocked Porn is getting through!

1Strange error in SmartConsole

1R82 for 1500 appliances?

1Standalone (GAIA R80.40) to distributed deployment...

1
Security Management Server exposed to the internet...

1
How does number of managed gateway ngsm count for ...

1
Spark Embedded physical memory high

1
Gateway RADIUS login suddenly "unable to get user ...

1
Permissions to Outlook by VS

1
Checkpoint Endpoint Security VPN Client not workin...

1
Blocked Porn is getting through!

1
Strange error in SmartConsole

1
R82 for 1500 appliances?

1
Standalone (GAIA R80.40) to distributed deployment...