With a lot of attention recently to the SSL protocol vulnerabilities browser vendors increase security of their SSL implementation almost daily. One of the recommendations is to use the most up to date SSL version available. Check Point for its SSL based VPNs (by the way it is the same …
With previous generation of Check Point UTM appliances (so called UTM-1 which included UTM 132, 270, 450 etc.) it was a really nagging issue when firewall run out of space on its hard disk. It was especially problematic for the root partition cause it is used for update downloads, upgrade …
Check Point Gaia route missing after adding via ip route add problem Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate …
Check Point provided us many ways to debug issues. Some are easier, some are harder. The first thing to do when you have dropped traffic is to see whether the packets are being dropped by the firewall or not. The first impulse is to look at SmartView Tracker's logs and …
Do not miss Netflow capability of Check Point Gaia R77 and above. In the past measuring the traffic passing through firewall wasn't easy - you had to either query interface counters via SNMP or run custom Bash scripts on the firewall itself to get interface statistics. The problem with both of …
Many times you get to work on some UTM appliance remotely via ssh and need to know which exact model it is. It takes just one cli Expert level command to know: dmidecode | grep "Product Name". Then you go and compare the output with the UTM models table which Tobias …
I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case - crypt.def, do not take effect . It is actually …
There are two ways to be warned when some license or subscription based service from Check Point is about to expire: - Every time we login into the SmartUpdate (part of the SmartConsole suite) if there are any licenses/services to expire within next 30 days we’ll see a pop …
Checkpoint has made available starting with R77.30 this helpful diagnostics and debug utility called cpview of which not many are aware. This is basically a Bash script that runs a bunch of native Checkpoint commands in the background and displays the output on the terminal while updating the data …
The new era of sha-256 (as opposed to sha-1) signed SSL certificates is slowly gaining the pace, not without a gentle push from the browser providers . And Checkpoint is catching up in its new version R77.30 for Open Servers. While on both versions - 77.20 and 77.30 cpopenssl …