Next Generation Firewall Data Sheets – https://www.checkpoint.com/products-solutions/next-generation-firewalls/datacenter-firewall/ Next Generation Threat Prevention Software Bundles – https://www.checkpoint.com/products/next-generation-threat-prevention/ Check Point Software Blade Architecture – https://www.checkpoint.com/downloads/product-related/brochure/Software-Blades-Architecture.pdf
When using manual NAT in Check Point, make sure that the ‘Merge manual proxy ARP configuration’ option is enabled under the ‘Global Properties > NAT – Network Address Translation’. See screenshot below. Once the option above is enabled, add the proxy ARP to Gaia and then install a policy for the proxy ARP to take … Read more
If a switch port has a high number of output packets being dropped, it could be that the amount of traffic being sent is higher than the what the interface is capable of handling, i.e traffic is coming into the switch on a gigabit interface but trying to leave on a fastethernet port, or the … Read more
List of Wireshark filters. Find an IP address in either the source or destination fields ip.host == <IP Address> Find an IP address in the source field ip.src == <IP Address> Find an IP address in the destination field ip.dst == <IP Address> Find an TCP port tcp.port == <Port number> Find an UDP … Read more
To capture traffic on a Check Point gateway where the interface is a sub interface with a VLAN tag, run the following command. tcpdump -i <physical\logical interface name> vlan <VLAN tag> For example, to capture traffic from VLAN 250 on interface eth3c7, the command would be: tcpdump -i eth3c7 vlan 250
By default on an R77.30 gateway, you cannot disconnect a user from an SSLVPN. You need to enable the Session Visibility and Management Utility. To enable the feature you need to run the command RAsession_util on, followed by cpstop/cpstart. This needs to be done on all cluster members. Details on the above and how to … Read more
When running the first time wizard on a gateway, set a simple password (such as ‘abc123’) for the SIC. A complex password with special characters can hang the installation progress @ 90%.
List of useful Check Point firewalls commands. Firewall Commands fw unloadlocal – removes the current policy on the firewall *** This will stop traffic from being forwarded *** fw stat – shows the currently installed policy VPN Commands vpn tu – Runs the VPN TunnelUtil to view and delete VPN IKE and IPSEC SAs. vpn … Read more