Search Results

Preface Since R80.20 DOS/DDOS Prevention changed in Check Point.The following is a summary how you can setup and mitigate DOS & DDOS attacks. SYN Defender since R80.20 Important changes in IPS "SYN Attack" (SYN Defender) protection for R80.20 and above ...

Partition Resize Since R77.30 lvm_manager is included in Gaia OS and can be used to resize logical volumes on the system. Check Managing partition sizes via LVM manager on Gaia OS (sk95566) for more information. Partition Sizes when installing Gaia OS When...

In R80.10 you can jump directly to a rule number or a rule-UID. With Ctrl-G you get the following: You can copy the UID from a rule: Or search for an rule-UID: Perfect to use in documentations, just use the rule-UID or sometimes I also use the <FW...

Howto clear disconnected sessions If several SmartConsole disconnected (stale) sessions that cannot be discarded, see this here: https://community.checkpoint.com/t5/General-Management-Topics/clear-disconnected-sessions/td-p/33027 Postgresql Queries View p...

Check Point and SNMP Monitoring for a Firewall is important, you need to make sure that you see the baseline of your environment and that you can see when some value will go up too high. The following guide is showing some of the most used SNMP OID for monit...

Preface Before R80.x in a MDM (Multi Domain Management) you could do a search where an object is used in all the CMA's.Until now (R80.30) this feature is not included in SmartConsole anymore. Script solution https://github.com/WadesWeaponShed/Global-IP-Sea...

For troubleshooting you need sometime to transfer files from a Check Point firewal, as example tcpdump files etc.With the admin user it is not possible to login with sftp, the shell for the user is set to /etc/cli.sh. For a temporary access to the sftp featur...

Introduction This drawing should give you an overview of the used R80 and R77 ports respectively communication flows. It should give you an overview of how different Check Point modules communicate with each other. Furthermore, services that are used for fire...

Problem Policy push fails with the following error: Policy installation failed on gateway. If the problem persists contact Check Point support (Error code: 2000232) Cause The user has configured too many policy layers in the rulebase (a layer is either an O...

If you have Anti-Bot, Anti-Virus, IPS, Threat Emulation Blades active and a SmartLog License, you're maybe interested to see the following Dashboard:   Description and Download of the Template here: https://community.checkpoint.com/community/management...

If you need to view Logs over the Web in Check Point you can use SmartView. Available since R80 but not enabled per default. In R80.10 it is enabled per default and you can access it with your SmartConsole Credentials. It looks like this in the Browser: A...

Problem description At the customer site we have a rule which allows a WLAN Controller to connect to the RADIUS Server in another network.After installing the rules, the UDP connections were rematched because it is the needed global Setting on this Firewall. ...

Introduction The following is a collection of troubleshooting I need to do with Check Point Threat Extraction R80.10.I used the Technical Reference Guide (ATRG) here: sk114807 Workflow in MTA mode A PostFix server receives and handles the emails.  Emails...

IPS Profile and Detect Mode When you run the IPS recommended profile, most of the critical and high signatures are in inactive or detect mode.But still there could be a high cpu performance impact even when you're only in detect mode. In prevent mode you kil...

Check Point ExportImportPolicyPackage tool enables you to export a policy package from a Management database to a .tar.gz file, which can then be imported into any other Management database. The tool is supported for version R80.10 and above. This tool can be...

This command lets you initiate a manual cluster failover (see sk55081). Syntax Shell Command Gaia Clish set cluster member admin {down | up} Expert mode clusterXL_admin {down | up} Example [Expert@Me...

Problem To do administration of IPS and other modules of the check point firewall, you often need to check logs with smartlog queries.These queries are saved then to favorites for later use. Migration To migrate these queries to a new user account on the ...

Export Syslog Messages How to export syslog messages from Gaia Security Gateway to a Log Server and view them in SmartView Tracker https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eventSubmit_doGoviewsolutionde...

Solution Check Point "Log Exporter" is an easy and secure method for exporting Check Point logs over the syslog protocol. It is integrated in Version R80.20 or higher. Example Basic Log Export to another syslog Server cp_log_export add name SyslogToSplunk ...

Generic Queries Research SmartLog Query Search for E-Mail SubjectNote: Search without quotation marks and wildcard works for email_subject email_subject:*TEXT* Application Control Proxy Log blade:"Application Control" AND appi_name:"Web Sur...