Categories
News

What is CoreXL & SecureXL

CoreXL: Technology that makes use of multiple processor cores SecureXL: Connection acceleration technology (both throughput and connection establishment) SecureXL is an acceleration solution that maximizes the performance of the Checkpoint Firewall. When SecureXL is enabled on a Security Gateway, some CPU intensive operations are processed by virtualized software instead of the Firewall kernel. This is […]

Categories
How-To Software Technical

Check Point Firewall: Disconnect VPN or Mobile Access Clients

If you have a need to disconnect a user from the firewall forcibly. There are a few ways I am aware of that will force users off the VPN. Installing Security Policy (link)-  clears the cached authentication of the remote user, although this doesn’t seem to disconnect them it prompts them to re-enter credentials. Expire […]

Categories
How-To Technical

Check Point: Enable SSL Encryption for LDAP Accounts

Background: Check Point users faced an issue when they wanted to change their expired passwords when logging into to the VPN via the SecureClient. Although they had been prompted to change password their attempts were not successful. I did some investigation into this and discovered that SSL needs to be allowed for LDAP communication for […]

Categories
How-To Personal

Tech Short: Capturing packets on Checkpoint

I’ve recently found myself capturing network traffic to troubleshoot reported issues. To successfully capture packets the use of tcpdump is required.  And while you may be familiar with using this tool, the use is slightly different on Checkpoint devices. The devices in this reference is Checkpoint R77.30 and R80 devices. To capture the correct network […]

Categories
How-To Software Technical

Tech Short: Debug VPN in Checkpoint R77.30

The following tech short will provide a list of commands used to enable debugging in Checkpoint’s R77.30 Firewall. To start you must  SSH into firewall host (or active member). To turn on VPN debug from the expert mode: # vpn debug trunc At this point you want to test your VPN connection and verify that […]

Categories
How-To Software Technical

Restore of Checkpoint Fails with “The following hotfixes seem to be missing”

Ran into a slight snag when attempting to restore a production backup into a VM(*VMware*) image of Checkpoint R77.30. I was using the Gaia WebUI to restore image returns a message: “The following hotfixes seem to be missing”. The message points me to a log file located under /tmp/ which indicates missing updates to the firewall […]