Wednesday, July 26, 2017

Turning out of state drops on and off on your gateways without pushing policy

One of the regular issues I help my customers resolving is about out of state drops. there might be multiple causes, and those should be addressed by proper troubleshooting and network configuration changes.

However, there are cases when you just need a quick fix before addressing the root case of the problem.

The classic way to do that is to change Global Properties settings on your management and to install policy. The biggest problem with that approach is that the settings are global and will affect all FWs in the security domain after a policy push.

But no worries, there is a way around it, described in SK117374. Fw kernel has two parameter that define out of state drops for TCP and ICMP:


For example, by running fw ctl set int fw_allow_out_of_state_tcp 1  you can allow TCP traffic to pass through. Setting the same parameter to 0 will start dropping out of state TCP again.

Support CPET project and this blog with your donations to 

Tuesday, July 25, 2017

R80.10 debug documents are now public

Check Point has published a set of new documents describing kernel modules and debug flags, SecureXL and CoreXL debug details in R80.10. 

Although the documents are public, to download them you will need to log in to User Center.

Kernel Debug flags - R80.10 SecureXL Debug Flags - FWAccel (R80.10) SecureXL Debug Flags - SIM (R80.10)

Special thanks to Sergei Shir for this publication.

Support CPET project and this blog with your donations to 

Sunday, July 23, 2017

CPET session 3 - it is on!

The next Check Point Expert Talks session will take place on Sunday 30th of July at 14:00 CET. You have chosen Kernel Debug Best Practices as the topic.

The session is limited to 100 participants. If you cannot join, video recording will be available later on.

To put the session in your calendar, use invitation link.

Otherwise, use this link information to join.

CPET project relies on your support. 
Participate in the talks and help us with your donations to 
Follow us on Facebook and Twitter. 

Monday, July 10, 2017

CPET session 3 - choose the topic and time

Do not miss the opportunity to choose what and when will be discussed on the third CPET live session.

This time I am proposing three different subjects:

1. Details of Policy Installation with Check Point
2. Kernel Debugging Best Practices  - Chosen
3. Open Questions and Answers discussion

Note: if option 3 is chosen, I will ask to submit questions in advance, so I could go through them. 10 minutes will be left for further discussion anyway.

The proposed times are:

1. Saturday, 29th of July, 18:00 CET
2. Sunday, 30th of July, 14:00 CET - Chosen

The pool is now closed. Session details and invitation are here.

CPET project relies on your support. Participate in the talks and help us with your donations to 
Follow us on Facebook and Twitter. 

Friday, July 7, 2017

45 day trial for Office 365 SandBlast Cloud - do not miss

Check Point just has announced an unprecedented 45 day trial program for SandBlast Cloud designed to protect your Office 365 environment.

It includes engineering support for deployment and tuning of the solution.

The program is only available by request.

Details are listed in the CP community post by Stephen Johnson.

Support this blog with your donations to