If url filtering on a Check Point firewall is not working for you a basic step would be to see if you have DNS enabled on the firewall (it needs to do the lookup on where the url is going) and if you are getting a DNS response from the servers you have set in DNS? You can do a nslookup from the firewall to see if it is getting the name resolution.
Check Point Splat it is possible, to change the CCP mode to broadcast. To change the CCP mode to broadcast, run the following command:
cphaconf set_ccp broadcast
To change back to multicast run the following command:
cphaconf set_ccp multicast
In R70 (and NGX) the location of the user.def file has changed. Any changes to user.def are made to individual files based on the compatability package for the gateway version that the change is being installed on. Files per version are:
R70-R71: $FWDIR/conf/user.def.NGX_FLO$
R60-R65:$FWDIR/conf/user.def.NGX_R60
R55W: $FWDIR/conf/user.def.R55WCMP
NG (FP3-R55):$FWDIR/conf/user.def.NGCMP
Edge: $FWDIR/conf/user.def.EdgeCmp
The new Check Point Edge hardware has been released under the Edge N series. Faster CPU, more memory, and better throughput. Now if they would just release a new version of code that’s not a year old, I may start recommending them again.
http://www.checkpoint.com/products/promo/n-series/index.html
PS. New rumor out of some people with the inside scoop is there will be an Edge like device coming out soon that will run the full SPLAT instead of the Edge code. Price point is supposed to be the same as the Edge Box. Stay tuned for more info.
Check Point R71 was released yesterday. The major enhancements are the moving of URL Filtering and Anti-virus to the kernel instead of running instead of security servers. The ability to manage DLP and IPS-1 products from the new SmartCenter.
You can download here.
UPDATE: Just checking out the dashboard and a new feature is the support of IKEv2. I’m off to do a Provider-1 install of R71. Hopefully will have some updates for everyone tonight.
Got the first eye’s on the new Check Point Data Loss Prevention release today. It’s an interesting idea. I’ll be interested in testing it to see how it handles everything.
The few tidbits I picked up were as follows.
Not having the chance to play with it yet, I will not speculate about the performance or ability of the products. Stay tuned for when we can run it through a full set of tests.
We have been seeing a lot of hard drive’s fill up on the Check Point platform lately. I thought it would be a good idea to mhe ention some of the ways to avoid letting this happen to you.
First for the people that this has happened to, there are a lot of potential impacts. File corruption is very common, and if you do experience any kind of corruption you may get the firewall up and running again, but it is always recommended to reinstall SPLAT and/or IPSO and the Check Point software again. If you don’t see any immediate file corruption, you aren’t necessarily out of the woods, but you are most likely in a better position to let it run for a little longer period.
I’ve run the df -k or df -h and one of my partitions is at 100% utilization. What do I do now?
First you’ll probably realize this when your firewall stops passing traffic. The most likely cause of this is your firewall started logging locally and you didn’t notice. The simplest thing to do is do a cpstop, cd to the $FWDIR/log, and delete any older log files that you see in that directory. Running the command ls -al will show you the timestamps on the files and you will be able to determine which files were written to that day. All of these files will be recreated if you delete them, but you will lose your traffic logs for the dates you delete.
The question that always comes up after is how can I make sure this doesn’t happen again. Or even better, how do I make sure this doesn’t happen to me. The best piece of advice that I have is set up the mail alerts in Smartview Monitor to alert if the disk space goes below 20%. Then test you email alerts to make sure they are working. Check Point sk25941 tells you how to set up the mail alerts, and if you go into SmartView Monitor you can configure them per gateway or globally.
For anyone who is looking to extend their Nokia IP appliances and have the hardware kept under support there is hope. Akibia Inc is offering extended hardware support on the Nokia appliances, as well as support on the Check Point software. So for those of us without the budget to buy new appliances, or just enjoy the stability of the IP platform, we now have another player in our corner.
I’ve had a hard time finding Check Point UTM Stencils. Below you should find the stencils that I have. I will add to it over time to include the Power appliances and the IAS appliances, but it’s a start.
|
download: Check Point UTM Visio Stencils (912.34KB) added: 06/04/2010 clicks: 342 description: Check Point UTM Visio Stencils |
fwd.elg file has the error “Cannot load objects database ndb_open: database ‘magic number’ corrupted(/opt/CPsuite-R60/fw1/database/fwauth.NDB) Users Database is lost: unable to reload”
Having seen this error occur more than once over the past year, I thought it was important to bring up for any large enterprise customers.
The short of it is if you have a very high traffic load corruption can occur in the fwauth.NDB.
Check Point does have a customer hotfix for R65 HFA_50, but the true fix is HFA_70 on R65.
My recommendation would be to HFA_70 for R65.
Side note, this did occur in R60 as well. There is a custom hotfix that did fix the issue that is not longer available. You will need to upgrade to R65 if you have this problem on R60.