If you are unable to connect HTTPS-Sites over a Proxy by using VPN-Tunnel with Check Point SecuRemote / SecureClient, you have to enable “asm_http_allow_connect” on the client. On Windows: – open regedit – Go to HKLMSystemCurrentControlSetServicesFW1parameters – Add a key called Globals – Under Globals, create a DWORD called asm_http_allow_connect – set its value to […]
Get Check Point IKEView (Download)
by admin_import on 11/05/2010
Normally IKEView is available only for CSP partners https://www.checkpoint.com/techsupport/csp/downloads/dl_utilities.html#ike_view. But you can download and install InfoView package https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=8227. After Installation you find IKEView under C:Program FilesCheckPointInfoview1.0.
Check Point Endpoint Connect connect with certificate by command_line.exe Tool
by admin_import on 03/05/2010
command_line.exe connect -s [IP-CheckPoint-Gateway] -f “[certificate file]” -p [Password] Example: c:program filescheckpointendpoint connectcommand_line.exe connect -s 195.19.17.178 -f “f:certfile.p12” -p secret It is very important that the argument for the Parameter -f (certificate file) is set in quotation marks!
Setting up DNS-Server on Check Point Endpoint Connect R73 on Microsoft Windows 7
by admin_import on 03/05/2010
Open Command-Line-Box (cmd.exe) with Administrator-Rights. C:>netsh int ip sh int Idx Met MTU State Name — ——— ———- ———— ————————— 1 50 4294967295 connected Loopback Pseudo-Interface 1 11 10 1500 connected LAN-Connection 12 0 1350 disconnected LAN-Connection* 9 Search the virtual Interface from Check Point Endpoint Connect. It is the Interface with Metric 0, MTU […]
Problems with Check Point SecuRemote/SecureClient on Microsoft Windows 7
by admin_import on 02/05/2010
At the site “Check Point products support for Windows 7 [sk43446]” is written that “VPN-1 SecuRemote/SecureClient NGX R60 HFA 03” support Mircosoft Windows 7 (only 32-Bit). But I made bad experiences with working SecuRemote/SecureClient on Windows 7 (over 30 Windows 7 Clients), so that i can not recommend to use SecuRemote/SecureClient on Windows 7. Here […]
Problem with CheckPoint and Solaris Patch 114344
by admin_import on 24/02/2009
After installing recommended Sun Solaris Patch 114344-25 or newer on CheckPoint Firewall based on Solaris 10 with JumpStart Architecture and Security Scripts (JASS) toolkit there are local problems at DNS lookups on the firewall node. # nslookup www.ebay.com … Result was changing between timeout and right result Resolution: Kernel Parameter “ip_strict_dst_multihoming” is set to strict […]
Some good compact Reference Cards
by admin_import on 08/07/2008
Apache: Apache 1.3 Quick Reference Card https://refcards.com/refcard/apache-forda Checkpoint FW-1/VPN-1: German: Die 100 wichtigsten Check Point VPN-1-Kommandos https://www.galileocomputing.de/download/artikel/346/galileocomputing_poster_check_point_a3.pdf Cisco: Ciscopedia: A new Windows-Help-formatted File with a big Reference for Cisco command https://www.google.de/search?q=ciscopedia-v3 Perl: Perl Regular Expressions https://refcards.com/docs/trusketti/perl-regexp/perl-regexp-refcard-a4.pdf And some more see: https://refcards.com/
Searching for natted IP at Checkpoint FW1
by admin_import on 08/07/2008
There no way to search an defined object the NAT-IP by the Checkpoint GUI. A easy way is: $ #LOGIN AS root ON FW1 via SSH/TELNET $ grep 181.76.6.7 /etc/fw/conf/objects_5_0.C Another way is to define a new object with the NAT-IP. The GUI will warn you, that the object is already in use by Object […]