Category Archives: CheckPoint

Bad time for renewing CCSE

I got an email from Checkpoint about my cert expiration,  but what is the challenge here? I can’t  take the same exam as per check Point FAQ, in this case CCSE but i gave a try and bang!,

After contact Check point i got the following options:

  • Upgrade your certifications to CCSM (156-115.77)
  • Take two of the following certifications to extend your current CCSE for 1 year
    • Secure Web Gateway
    • ThP-Threat Prevention
    • GAIA Intro -Gaia Overview
    • Advanced IPS
    • CCSBA-Sandblast
    • MTPA-Mobile Threat Prevention Administrator
    • MTPE-Mobile Threat Prevention Engineering
    • Wait for CCSE R80 to be released

I do not see the point to do 2 of the certs to renew the CCSE just for 1 year. The CCSE R80 should be available on Q3 as per Checkpoint. But who knows……

You can read the Check Point Certification  FAQ here

Maybe wait is the best option!  And do the Update exam after.

Share

Are you ready to R80?It is finally in!

No, it’s not fouls day…After a long delay we have the New generation Management Platform.

What is the R80 Upgrade Verification Service?

R80 Upgrade Verification Service is an upgrade verification and environment simulation service. You get customized support to help make your transition to R80 as seamless as possible, so you can optimize the features of R80, while ensuring compatibility with the existing security infrastructure. Click on follow link to get more information https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk108623

Share

Check Point R80 in March

Check Point R80 will be available later this March, after Check Point rescheduled it for a few times, you can check it on Press Release. Having Multiple administrators managing policies at same time it´s a big improvement, so you don’t need to ask your team to log off because you need implement an urgent rule!

Benefits of R80:

  • The introduction of ‘one console, one policy
  • Better aligning security with business processes and network architectures
  • Integration of threat management for a single view into risk across a network

Share

Proxy ARP in Check Point GAIA

Check Point trap me all the time because of Proxy ARP, for some reason after install a policy on a gateway the NAT didn’t come up AGAIN!

After do a capture i realized what could be the problem (too many arp requests)

Capturing traffic

[[email protected]:0]# tcpdump -i eth0 host 200.0.0.102
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:49:57.381730 arp who-has 200.0.0.102 tell 200.0.0.97
(omitted)

These are the default values of ARP in GAIA OS

set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2

Adding in clish mode a static proxy arp entry

Setup Proxy ARP

FW-GAIA> add arp proxy ipv4-address 200.0.0.102 interface eth0

The GAIA command above convert it automatically to a file called local.arp

[[email protected]:0]# cat $FWDIR/conf/local.arp
# This file was AUTOMATICALLY GENERATED
# DO NOT EDIT
# Please use Gaia Portal or clish command to configure ARP proxy
200.0.0.102 00:50:56:01:00:a1

Checking Proxy ARP

Using clish

FW-GAIA> show arp proxy all
IP Address              MAC Address / Interface         Real IP Address
200.0.0.102           eth0

Using Expert Mode

[[email protected]:0]# fw ctl arp
(200.0.0.102) at 00-50-56-01-00-a1

Golden rule: Setup always a static proxy arp

Share