Monday, October 16, 2017

Check Point is finally fixing issue with CCSM continuity, somewhat

At the beginning of the year I was posting about CCSM continuity hiccup (1, 2, 3).

In a nutshell, there were two main issues:

1. CP did not managed to let people with expiring CCSM re-certificate in time and did not provide any graceful extension.
2. Due to a clerical error, some people were getting 4 years of CCSM certification while others were having only 2.

I have taken liberty to contact Check Point Education Services managers and to discuss the issue. There was a quite long threat with dozens of emails back and forth, and finally in February Check Point Certification manager has publicly acknowledged the mentioned issue.

However, Check Point did not provide any solution for the matter at that time. Moreover, they have rejected my private proposal to make a one time correction of CCSM validity for all certified specialists from 2 to 4 years, that would resolve both continuity and consistency problems in one shot.

This situation has undermined public trust and appeal of having the highest certification level with Check Point. Also, new partnership program does not require having any CCSMs, even for support partners. It seemed to me that the company did not have any solid strategy to develop an advanced certification at this point.

In my humble opinion, CCSM is nothing but a stripped down version of older CCSE Plus certification, and cannot be even compared with flawed but very challenging CCMA exams that Check Point eventually failed as well.

That said, there are signs the company is finally coming to its senses and trying to reverse the situation.

At the end of September all CCSMs have received an email from Check Point Certification manager Jason Tugwell granting an extension of CCSM status for all people having their certificates expired between the beginning of 2017 and up to end of March 2018.

Everyone in this group, including those whose certification has lapsed already, are granted extension of CCSM status till end of June 2018.

Although this is not making right 2 years of certification versus 4 years for some, but it is still covering the continuity lapse, under condition Check Point Education Services will be able to develop and release new CCSM course and exam till the second quarter of 2018.

Just to make it clear, the extension notice should be received by all CCSM professionals whose certification expires between January 2017 and March 2018. If you are one of them but did not receive such notice, please talk to account managment at Check Point to fix it.

Support CPET project and this blog with your donations to 

Wednesday, September 6, 2017

Your ultimate landing page for Advanced Tech Reference Guides

Check Point SecureKnowledge database is vast. It has hundreds of thousands of articles and documents. Sometimes, it takes a bit of an effort to find there what you are looking for.

Yet, it sometimes yields fantastic results. Here is something you may want to add to your bookmarks: a landing page for accessing ATRGs - Advanced Technical Reference Guides.

So far, it has links to 36 ATRGs. Whenever you want to learn a feature in depth, this is something you want to visit.

Also, it now has three new documents:

Many thanks to Sergei Shir for sharing this information.

Support CPET project and this blog with your donations to 

Monday, August 7, 2017

Capsule Docs on Mac? Forget about it...

Last year I was writing about my rather unpleasant experience around Capsule Docs on Mac. It is time to add another chapter to that story.  

I have made yet another attempt to use the tool on Mac. With my 10.12.6 Sierra machine it fails even more miserable than before. With the latest client (still Alpha, mind you!), I cannot even open a document.

Although I am logged in and even can open the same document on Windows with the same credentials, I am getting "Insufficient permissions"...

How hard can it be, really? What should happen for Check Point to start getting Mac user seriously?

In case you ask, the only reason for me to even touch Capsule Doc Viewer is that Check Point Education Services discontinued paper courseware, forcing both students and instructors to use e-kits with Capsule Docs protection. I will address this subject later on.

Support CPET project and this blog with your donations to 

Sunday, July 30, 2017

CPET session 3 - video is published

Thanks all who could join.

The session subject is Kernel Debug, best practices

CPET project relies on your support. 
Participate in the talks and help us with your donations to 
Follow us on Facebook and Twitter. 

Wednesday, July 26, 2017

Turning out of state drops on and off on your gateways without pushing policy

One of the regular issues I help my customers resolving is about out of state drops. there might be multiple causes, and those should be addressed by proper troubleshooting and network configuration changes.

However, there are cases when you just need a quick fix before addressing the root case of the problem.

The classic way to do that is to change Global Properties settings on your management and to install policy. The biggest problem with that approach is that the settings are global and will affect all FWs in the security domain after a policy push.

But no worries, there is a way around it, described in SK117374. Fw kernel has two parameter that define out of state drops for TCP and ICMP:


For example, by running fw ctl set int fw_allow_out_of_state_tcp 1  you can allow TCP traffic to pass through. Setting the same parameter to 0 will start dropping out of state TCP again.

Support CPET project and this blog with your donations to 

Tuesday, July 25, 2017

R80.10 debug documents are now public

Check Point has published a set of new documents describing kernel modules and debug flags, SecureXL and CoreXL debug details in R80.10. 

Although the documents are public, to download them you will need to log in to User Center.

Kernel Debug flags - R80.10 SecureXL Debug Flags - FWAccel (R80.10) SecureXL Debug Flags - SIM (R80.10)

Special thanks to Sergei Shir for this publication.

Support CPET project and this blog with your donations to