Blog Archives

Unable to remove Check Point evaluation license

I had an issue with a firewall that showed three blades, TP-blades, licensed as “evaluation” and furthermore the license was expired. The firewall itself, showed the licenses to be alright as shown in the picture below: Various things were tried in order to solve the issue, but none of them made any difference. cplic eval_disable […]

Windows Update fails when Check Point HTTPS-inspection is enabled

In a freshly installed Windows Server 2016-environment, there was feedback that Windows Update failed when HTTPS-inspection was enabled. Even though “Bypass HTTPS inspection of traffic to well known software update services” was ticked off. The servers was stuck with this error message: Some update files aren’t signed correctly.Error code: (0x800b0109) In the tracker I could […]

Passive Virtual System on Check Point VSX ARPs using physical intf. IP address instead og Cluster IP

I came across some important information. Although I did not find any useful information (at first), so hopefully this post will help speed up someone elses troubleshooting. Problem statement: Passive VS on VSX ARPs for default GW using physical interface IP instead of cluster IP and no traffic flows from passive Virtual System. If ARP […]

Check Point VSX DHCP relaying

In order to enable DHCP-relaying for interfaces belonging to Virtual Systems on a VSX-cluster, you have to set the context to the specific virtual system the interface belongs to. List all Virtual Systems on the VSX-cluster show virtual-system all

Site to Site VPN between FortiGate and Check Point – malformed payload

Just thought I’d drop a post on a compatability issue which caused a lot of hassle for us. Problem: Problems establishing site to site VPN between FortiGate 1500D and Check Point 1430 appliance with Gaia embedded. Error: Main Mode Sent Notification to Peer: payload malformed – possibly a mismatch in pre-shared keys Background: We were […]

How to list users connected to SSLVPN / mobile access blade

Whilst trying to find out who is connected to the Check Point Gateway using mobile access/SSLVPN I found a few neat commands that comes in handy. First and foremost; who is connected to the gateway using SSLVPN: listusers And also to stop, start and restart the mobile access services cvpnstop cvpnstart cvpnrestart The commands are […]

Unattended installation of Check Point appliance

Check Point features an unattended installation mode for fresh installation, which may come in handy if you need to upgrade/install an appliance remotely with an non-technical person onsite. A few limitations to be aware of – Fresh installs only. – Preconfiguration for basic networking can only be done on appliances when installing R77.20 or higher […]

Check Point and GRUB-problems

This post serves more as a reminder to myself about Grub rather than providing new and exciting information. The /boot/grub/grub.conf file is either empty, or corrupted. Check Point FW boots into grub command prompt – Manual boot If all you can see is a grub command prompt you need to do the following to manually […]