If you previously used E75.30 VPN-client and have installed Windows 8.1, you may be slightly confused as to which VPN-client you should use with your existing licenses. Remote Access Clients E75.30 does not have a planned release for Win8.1 and you need to move over to E80. The E80-train used to require its own management […]
The process of separating a standalone installation could be broken down to a few high-level steps Do an upgrade_export of exisiting base and import it on a new server installed as both SG and SM (which will eventually be SM) Remove all security products on the standalone-object, leaving only management products enabled. Install database and […]
There is an odd issue occuring when installing GAiA on HP DL380p G8 with P420i Smart Array Controller. The installation is unable to find the drivers and none of the drivers on HP website work. The problem occurs when using the built-in DVD-rom and the solution is described in Check Points solution ID sk87704-article Solution: […]
When you add a new NAT-rule via the CLI of a Cisco ASA, the newly added rule will be appended to the NAT rule list. Tradionally you will have a NAT-hide rule at the very end, in order to provide your clients with IP connectivity to the Internet. Fortunately there is a way to choose […]
You may experience issues like a Check Point installation not being responsive (processes not started, etc.) and your dmesg, messages, $FWDIR/log/fwd.elg and fwm.elg may be filled with all sorts of error messages indicating the lack of files or not being able to create files. In general it behaves in such a way you’ll think “I […]
You may want to automatically enter expert-mode when logging onto your GAiA firewall and this article aims to provide necessary configuration steps to achieve just that.
Cisco ASA includes a very nice feature since the 7.2(1)-release; packet-tracer. In short, you can inject and trace a packet as it progresses through the security features of the Cisco ASA appliance and quickly determine wether or not the packet will pass. I often use it to verify traffic passing through firewall rules, NAT-rules and […]
Thought I’d share this demo and interview concerning Direct Access in Windows Server 2012. http://channel9.msdn.com/posts/Direct-Access-in-Windows-Server-2012-demo-and-interview
If you would like to increase the timeout for a specific service, rather than globally (Global properties > Stateful inspection) which is 3600 seconds, you can do that on a given service. In the GUI open a service, click on advanced and enter desired session timeout.
Did you ever have a run-in with applications terribly sensitive in terms of losing their database-connection and you need to increase the time-out the TCP-connections to this server? This configuration basically matches all traffic to one specific IP-adress and uses a service-policy to give it a longer timeout value.