Blog Archives

Passive Virtual System on Check Point VSX ARPs using physical intf. IP address instead og Cluster IP

I came across some important information. Although I did not find any useful information (at first), so hopefully this post will help speed up someone elses troubleshooting. Problem statement: Passive VS on VSX ARPs for default GW using physical interface IP instead of cluster IP and no traffic flows from passive Virtual System. If ARP […]

Check Point VSX DHCP relaying

In order to enable DHCP-relaying for interfaces belonging to Virtual Systems on a VSX-cluster, you have to set the context to the specific virtual system the interface belongs to. List all Virtual Systems on the VSX-cluster show virtual-system all

Site to Site VPN between FortiGate and Check Point – malformed payload

Just thought I’d drop a post on a compatability issue which caused a lot of hassle for us. Problem: Problems establishing site to site VPN between FortiGate 1500D and Check Point 1430 appliance with Gaia embedded. Error: Main Mode Sent Notification to Peer: payload malformed – possibly a mismatch in pre-shared keys Background: We were […]

How to list users connected to SSLVPN / mobile access blade

Whilst trying to find out who is connected to the Check Point Gateway using mobile access/SSLVPN I found a few neat commands that comes in handy. First and foremost; who is connected to the gateway using SSLVPN: listusers And also to stop, start and restart the mobile access services cvpnstop cvpnstart cvpnrestart The commands are […]

Unattended installation of Check Point appliance

Check Point features an unattended installation mode for fresh installation, which may come in handy if you need to upgrade/install an appliance remotely with an non-technical person onsite. A few limitations to be aware of – Fresh installs only. – Preconfiguration for basic networking can only be done on appliances when installing R77.20 or higher […]

Check Point and GRUB-problems

This post serves more as a reminder to myself about Grub rather than providing new and exciting information. The /boot/grub/grub.conf file is either empty, or corrupted. Check Point FW boots into grub command prompt – Manual boot If all you can see is a grub command prompt you need to do the following to manually […]

Unable to delete object in Check Point

I encountered this error today, where I was prohibited to delete a network object. The “where used” referred to the firewall object and the following context string: “interfaces->{F618DF02-1BE7-4A2E-AC7E-B22C44F1ED22}->security->netaccess->allowed” The solution, althrough a bit tricky to find, was very simple. The firewall’s anti-spoofing on the external interface was configured to not check packets with IP-addresses originating […]