Thursday, February 24, 2011

Mobile Access Software Blade public demo

Check Point Mobile Access Software Blade public demo is now available.

All you need is to download iPhone/iPad Mobile Access client.

Check Point demo site name is idemo.checkpoint.com. Activation key is demo-1234.

Once it is done, you will be able to connect. Use cpdemo for both username and password.


Once connected, you are able to see the mobile portal applications.


If you tap on "Introduction to iDemo", you will see short system configuration explanation.

Easy, right?

As any other SSL portal-based application.

MGMT direct upgrade from R65 to R71.10 - beware

I have had an exiting weekend working with one of my customers in Geneva to upgrade Provider-1 system to R71.10 from R65.

While the lab test were showing success, the actual production upgrade failed badly.



The failure was only detected when we started pushing policy from the upgraded system. Suddenly we have started getting syntax errors during policy compilation. These error did not make any sense, they seem to be just random lines of INSPECT code failing. There we no actual problem with syntax, at least I have not managed to find any obvious one.

Rest of the functionality, including VSX provisioning ad logging, was perfectly fine.

We have tried to update IPS definitions, because the problem seemed similar to old R55 to R60 errors. No luck, the problem remained even after IPS update.

With service windows closing on us we had to roll back to R65.

The problem is reproducible in the lab. Nevertheless new lab tests we made this week show that while R65 to R71 upgrade fails, R65 to R70 upgrade path seems to be still working.

So here is my recommendation: do not skip major versions while going up from R65 on your management system. Otherwise you have a good chance to pull some extra hours as I have done. Guys, it is no fun.

Friday, February 18, 2011

How to use ISO image on SPLAT instead of a CD for upgrade

In some cases it is easier to use ISO image file instead of an actual CD to upgrade SPLAT device. There are several reasons for that: no physical access to your server, upgrading SMART-1 or any other appliance where CDROM is not installed, etc.

Remember, you only need a CD for major upgrade, such as going from R65 to R70.

Let's see how it is done.

First, check if you have enough space on the hard drive. Use  df -h command to see where you have enough space. Mind some extra for upgrade operations.

Then create a folder to put ISO file. The best place is  /var partition. Run the  mkdir /var/temp/"your ISO folder". Transfer your CD image there.

Now it is time to mount it. Run  mount -t iso9660 -o loop /var/temp/"your ISO folder"/"your ISO file".iso /mnt/cdrom.

Check it is mounted OK with   ls /mnt/cdrom.

Now you can run   patch add cd and do the upgrade. Good luck.

Just one last note. You may not want to use snapshot during the upgrade procedure. If you absolutely need to make a snapshot, do it before transferring ISO and mounting it. Do not forget to save it on an external server.

Tuesday, February 15, 2011

Dates and prices for Check Point courses in Lausanne

We have schedule and prices for Check Point training courses in our ATC in Lausanne

Prices are in Swiss Franks.

 
Starting Date Course Language Price, VAT exc. Registration status
04.04.2011 CCSA R71 English 4750 Open
16.05.2011 CCSA Upgrade R71 English 3210 Open
18.04.2011 CCSE R71 English 4750 Open
04.07.2011 CCSA R71 English 4750 Open
18.07.2011 CCSE Upgrade R71 English 2400 Open
08.08.2011 CCSA Upgrade R71 English 3210 Open
22.08.2011 CCSE Upgrade R71 English 2400 Open
03.10.2011 CCSA R71 English 4750 Open
17.10.2011 CCSE R71 English 4750 Open
21.11.2011 CCSA upgrade R71 English 3210 Open
05.12.2011 CCSE upgrade R71 English 2400 Open
Ask CCMSE (Provider-1) English 2400 Open
Ask CP VSX English 3210 Open
Ask CCEPE (EndPoint Security) English 4750 Open

 Dates are subjects of change, registration is subject of availability. We will not accept more then 10 persons in the course.

Interested? Please contact me here. Web registration will be available in a week as part of official Dimension Data web site functionality.

Wednesday, February 9, 2011

Check Point IPS enforces iPhone Web browsing on corporate WiFi

From today's Check Point Security Advisory:

Security Best Practice: Blocking Apple iPhone Browsing. That is one nasty feature, my friends.


But I think I have some ideas where the whole idea comes from. Check Point employers in Israel like iPhones, but have quite limited data plan with local GSM provider for company phones.

I bet they all use WiFi when in the office. But no more, dudes, no more...

Monday, February 7, 2011

Identity Awareness quick HOWTO movie



As before, all credit is to kellmant

Check Point training and certification group on LinkedIn

Hi all!

I have created a group on LinkedIn dedicated to all aspects of training and certification with Check Point Software Technologies.

You are all welcome to join.

Changes in R71 CCSA and CCSE courses

I have been able to go over new R71 CCSA and CCSE manuals.

Here is a short summary of changes from R70-based courses.

CCSA: R71
  • Better info about CoreXL
  • IPS chapter removed (pushed to Expert course)
  • Reporter chapter removed (pushed to Expert course)
  • Check Point MGMT DB files better reviewed then before


CCSE R71:
  • IPS chapter added (was on CCSA with R70)
  • Reporter chapter added (same as above)
  • SmartEvent chapter added
  • DLP chapter added (expected)
  • Troubleshooting and Debugging supplement chapter added (not expected)

To summarize, CCSA gets lighter and CCSE - heavier then before. It is strange that Check Point continues to recommend same amount of days for both courses as before: 4 to five days per course.

As for the exams, there is no information yet, but I would expect them to be changed in the same manner.

I am particulate interested about troubleshooting and debugging questions on CCSE R71 exam. If they are there, it is not so great. Personally I think these subjects to be overkill on CCSE with is already overweight with the new blades.

Friday, February 4, 2011

Dimension Data's Swiss ATC is now official

Our office in Kloten near Zurich has received yesterday Check Point ATC in paper. It is a bit strange, because we are registered with our address in Crissier, near Lausanne.

We are not planning to provide Check Point courses in Zurich area. But we are the first and only ATC in Swiss Romandie area.

Althoughwe do not have any official schedule for the moment, we are planning to start CCSA and CCSE R71 classes in March. Provider-1 and VSX official Check Point courses are also planned, but no estimation for the moment.

If you guys are interested, please send me an email to valeri.loukine AT eu.didata.com. I will send you the exact dates and the registration details.

I can assure you get the best price in the region if mentioned this blog when registered.

We will be happy to assist you to find the suitable accommodation in the area.

We are planning to launch official ATC Web site very soon, then you will be able to get the schedule there and register directly on the web page.

Stay tune!