Checkpoint NG/NGX




How to manually install Security Policy via cli on Checkpoint Gaia.

The usual way to install a policy is by clicking Install in the SmartDashboard of course, but if need arises to do so from the command line of the Checkpoint Management server we do it this way: fwm load



The one command to clear ALL the connections on a Checkpoint firewall - use with care

Checkpoint firewalls are pretty dynamic and interactive to our changes, for the most of the changes done by administrator it is enough to install the policy for the changes to take immediate effect. In the rare cases when changes (seemingly) do not take effect, it is probably because the particular …



What ports 18190 18209 18210 18211 in Checkpoint are used for

What ports 18190, 18209, 18210, 18211, in Checkpoint are used for ? For the correct functioning the Checkpoint uses quite a lot of ports, some are a must some or not. The ports listed above are in ‘a must’ category. Let’s see: 18190 The CPMI (Checkpoint Management Interface) is used …



Last measure for the desperate case of a lost access to the Check Point firewall

It may happen to anyone – mistaken security rule “Any Any Drop”, or using dynamic object for URL block. The end result – after the policy install you have no administrative access to the firewall with SmartDashboard/ssh/https. For this case Check Point came with fw unloadlocal console/SSH expert level …



How many times can we change IP address of the Check Point license?

Today most licenses are of a central type so we rarely need to change their IP address as IP address of the Management server does not change that often. Still, if this happens then there is an option to change IP address or re-license the existing license. Don’t take …



Disconnect VPN or Mobile Access or SNX user from Check Point firewall

You may need occasionally to disconnect some or all connected users from the firewall forcibly. There are few ways I can think about to do so, for example installing Security Policy clears the cached authentication of the remote users, and while it does not disconnect them it will force a …



On what Linux version do Check Point firewalls run ?

Throughout its history CheckPoint firewall changed versions and names, incorporated other products. The last, so far, evolution has been the Gaia operating system released in 2012. All this holds true of course but nevertheless the base platform for the firewall all these years has been Red Hat Enterprise Linux server …



Configure SSL protocol version used in SSL VPN by Check Point

With a lot of attention recently to the SSL protocol vulnerabilities browser vendors increase security of their SSL implementation almost daily. One of the recommendations is to use the most up to date SSL version available. Check Point for its SSL based VPNs (by the way it is the same …



Add free disk space to Check Point appliance hard disk

With previous generation of Check Point UTM appliances (so called UTM-1 which included UTM 132, 270, 450 etc.) it was a really nagging issue when firewall run out of space on its hard disk. It was especially problematic for the root partition cause it is used for update downloads, upgrade …



Check Point Gaia route missing after adding via ip route add problem

Check Point Gaia route missing after adding via ip route add problem Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate …