Tuesday, April 24, 2012

Care for checking out GAiA's source code?

Hi all!

As we all know now, R75.40 is released, and as part of it GAiA is now out. Do you want to have some pieces of its source code? If yes, you may want to look into License.txt file on the installation DVD.

This document mentions parts of SecurePlatform and GAiA to be subjects of GNU GPL, GNU LGPL and BSD license.

That means one can request source code, and Check Point has to provide it.

Well, you will not get any source code for security products, but some OS pieces might be interesting as well. In particular, dynamic routing binaries, VRRP related files, etc. If so, check the license file I have mentioned and feel free to email your requests to gpl-source@checkpoint.com.

Thursday, April 12, 2012

Upgrade to R71.10 on SPLAT fails if done with local ISO mount

Hi all!

Just a quick note, mostly for myself to remember.

Apparently if you are doing an upgrade to R71.10 with ISO file, the installation wrapper un-mounts and mounts back the CDROM for whatever reason. So if you are using my advice about mounting local ISO files as a CDROM, beware - the upgrade will fail.

As it has just happened to me. That was unexpected, indeed.

Tuesday, April 10, 2012

Configuring span port with R75.x, how to

If you would like to demonstrate Check Point products to your customers or to make some trials in the production environment without risking of breaking something, it might be handy to use a span port.

This post is not about how to make a span port on your network switch, it is about proper configuration of your Check Point box.

To simplify things, let's assume you are running a standalone installation (quite useful for new product trials). You have to have two physical network interfaces: one for management and GUI connections, the other one to connect to a mirror port.

When installing the box, you need to assign an IP address to MGMT interface. Leave the second NIC unnumbered.

Once you have installed Check Point products on the box, you have to configure the second NIC to be ready for span port connectivity. To do that, go to sysconfig / network configurations / configure connection and choose "Define as connected to a mirror port".

This setting will create a new bridge interface with your second NIC in it.

In case you are running GAIA EA (as I am doing as we speak), sysconfig there is disabled. You have to go to GAIA WebUI. Enable the second NIC there and create a new bridge manually, then add NIC to it.

This is all for OS related configuration, the rest is in the SmartDashboard GUI.

When defining topology of your FW, set up MGMT interface as external, but disable anti-spoofing. The second unnumbered interface should have "undefined" topology.

Install policy, enable features you want to test. Now you are good to go.

Just one more tip. If you want good visibility on your internal network security situation, define span port for internal, not external interface of your actual production FW.

Monday, April 9, 2012

CPUG members to meet on CPX, Belrin

Hi all CPUG members and followers.

As you may know, the relations between the vendor and CPUG are rather cold, so there will not be an official booth at CPX. But who cares. We are the great community of brilliant professionals and experts. Lets do something about it :-)

I suggest we have an informal meeting in Berlin on 30th of May, in the evening, during or just after Check Point fun event. It would be nice to put faces to the names, to share some thoughts and opinions.

Please let me know if you think this is a good idea. If you like it, we will find a way.

Also, just to remind you, CPUG Europe 2012 registration is already open. If you cannot make it to CPX 2012 in Berlin, see you on CPUG 2012 in Chur, Switzerland.

Tuesday, April 3, 2012

Check Point site is unavailable due to a registration issue

Some of us may have problem to access Check Point main portal and UserCenter site since yesterday. As The Register reports, this has nothing to do with an attack. It was a registration issue.

For those who cannot make it work yet (mine is back to normal):

You can try to work this around by some means:

1. Try IPv6, that works for the main portal
2. Use www.checkpoint.com instead of just checkpoint.com
3. Access Check Point portal by its external IP address:

https://usercenter.checkpoint.com is not available though.
To access it use or https://supportcenter.checkpoint.com