Monday, May 28, 2012

Site to Site VPN between Checkpoint and pfSense

I would like to share my experience on making Site to Site VPN between Checkpoint and pfSense
This is a working procedure..
Good Luck :)

note: If the pfsense part has more than one subnet defined, then you have to play with user.def file at checkpoint side,otherwise tunnel will just be up on one subnet.










3DES MD5







Phase 1

Saturday, May 19, 2012

Thursday, May 10, 2012

IPS Update: ips scheduled update ended with errors



Check the internet connection on SMC and Check dns config to see updates.checkpoint.com resolves correctly

Manually update the IPS database,
Close all GUI applications,
Open a GUIDBEdit to the SMC
Application name:GuiDBedit.exe
Search (Search->Find) for:
autoupdate_and_install_status_obj
Once found you will see a field named status under that object.
Change the value of status 0
Save changes,close GUIDBEDIT
Open Dashboard and verify if the issue resolved.

Updated Note : There is a fix for this issue, Request it from Support.

Sunday, May 6, 2012

How to use SCP upload-download option at New OS Gaia


To use SCP with GAIA, You have to change the users shell to bash

# chsh -s /bin/bash admin

To go back to cli.sh
Use  # chsh -s /etc/cli.sh admin

Or you may do these actions via Web UI as below





Thursday, May 3, 2012

R75 UFP causes high CPU usage

Be Careful when upgrading R65 to R75
There is a hotfix for UFP Opsec Connection, request it from support before going in to Production..
Symptomps are,
CPU Peak %100 , ping latency , drop packets..
How to replicate,
Try high size downloads..