Checkpoint R80 CPM – new ports for SmartConsole (old CPMI)

If you have installed R80.10 recently, you might have noticed that the Management ports have changed from the earlier versions.

Earlier it was TCP/18190 and TCP/18264.

From R80 and on, the “CPM” port is now changed to TCP/19009

CPM – Check Point Management Server
Listened by CPM server for remote connections (For example SmartConsole. Added in R80)

 

 

An updated list of ports being used by Checkpoint software is described in this secureknowledge article.   sk52421

 

First Time Wizard – run it again or skip it.

If you have been deploying Checkpoint Firewalls, at some point you most likely have wanted to skip the FTW.
(First Time Wizard)

When migrating gateways to new hardware, I often save the Gaia configuration, and import it just after installing the new appliance. This saves me the trouble of configurering everything from scratch.

(Take note, that this is not possible in all scenarios)

Gaia Save Configuration command.
———————
mgmt1> save
clienv – Save CLI environment variables.
config – save current configuration
configuration – Save configuration to file
mgmt1> save configuration mysavedconfigurationfile
———————

In most cases i skip the FTW, and import the saved Gaia config…

To skip the Gaia FTW in R80 and above, create the “accepted” files manual.

Login in Expert mode, and create these files.

  • [Expert@HostName:0]# touch /etc/.wizard_accepted
  • [Expert@HostName:0]# touch /etc/.wizard_started

For full description see sk71000


If you want to rerun the FTW, simply delete the files above.

  • rm -i /etc/.wizard_accepted
  • rm -i /etc/.wizard_started

 

Checkpoint Anti-Ransomware – now in consumer version at Zonealarm.com

Checkpoint has a dedicated goal, to fight ransomware globally.
This mean that Checkpoints consumer solutions, Zonealarm, benefits from the research done a Checkpoint.
Antivirus is dying (if not already dead) but threat emulation is one path towards the future.
Zonealarm Anti-Ransomware have released an affordable solution, based on Chekcpoints Anti-Ransomware product.

The price is the best part… at the current time of writing, Anti-Ransomware is priced at $1.99/month. (about 13 DKR)
The low price makes it very affordable in my opinin.

zonealarm-ad

I bought a license for 3 pc, and installed the Anti-Ransomware agent last Thursday (12/10-2017) – and boy am I glad I did.
Today I was working with password cracking software, and at some point I have downloaded some software containing Ransomware. (I know, its my own fault...)
Moments after, the Checkpoint/Zonealarm Anti-Ransomware agent, informed me that something was very wrong…

The Anti-Ransomware agent looks like this, when everything is great, and when everything is not so great…

 

I of cause choose to “Repair file” which triggered the agent to delete and restore…

 

 

 

Be aware, that the computer will reboot several times, so you need to be patient. At some point I noticed that my mails from April and till now was gone…   this of cause got me worried, so i contacted Zonealarm support. The most disturbing about the experience, was that the Zonealarm agent also was missing, and nowhere to be found.
It was even missing in Control Panel > Programs.

Apparently this is what it is suppose to do…  after rebooting again, and waiting 10-15 minutes for the computer to “Prepare windows for use” everything was back to the way it was suppose to be.

Mails that was missing was back, Zonealarm were visible in “Programs” and my desktop looked like it did this morning.

 

Even if it was a bit scary, and I could wish for some visual “steps for recovery” on the Zonealarm Agent, it turned out fine.
I would deffently recommend you to give the product a try….    could save the day at some point!

 

Worried about Checkpoints use of Kaspersky products ? Here´s how to disable and remove it.

According to this article at theGuardian, Kaspersky labs have been compromised by Russian intelligence.
My guess is that they are not the only company in the world.

Wired.com also covers the story.

As a response Checkpoint have released a SK118539 on how to disable and remove Kaspersky Labs components from Checkpoint Security Gateway.

In case that you are responsible for the security, you may need to consider disabling the Kaspersky Labs components.
This covers Anti-Virus Deep Scan, Anti-Virus Archive Scanning, or Traditional Anti-Virus.

The suggestion is to enable Threat Emulation blade as a replacement.
My opinion is that the TE blade is far superior to the traditional AV components, so this might be a good chance to test it.

 

New Jumbo hotfix – GA avaliable Take 205

Checkpoint released a new GA Jumbo for R77.30 the 15 Dec 2016.
Check_Point_R77_30_JUMBO_HF_1_Bundle_T205_FULL.tgz

Note: Effective December 15th 2016, the General Availability Take_205 is available for CPUSE online installation in Gaia Portal and Gaia Clish (it replaces Take_185).

 

 

Latest ongoing      Take_213     released 05 feb 2015

See sk106162 for further details.

Checkpoint Data Center Security Appliances 41000

This week i was luckey enough to get a closer look at Checkpoint´s 41000 Data Center Security Appliance.

It truely is a beauty – and i was luckey enough to get some “hands on” time on my own.
More to come within the next few days, but untill then here is a picture of the beatifull creature, and a link for more info.

https://www.checkpoint.com/products/41000-61000-security-systems/

41000_ink_li

 

41000b_ink_li

 

 

 

 

 

 

New Jumbo Hotfix for R77.30 – Take 145 – but not avaliable though checkpoint cloud yet.

10 May Checkpoint released a new jumbo hotfix. Take 145 – but its still not possible to download it form checkpoint cloud.

This time I have created a SR with Checkpoint, so the problem would be fixed.
Checkpoint support told me, that “We recently discovered som issues with the CPUSE package for the latest Jumbo Take 145.”
Checkpoint are currently working on fixing the issue, but if you need the update please contact Checkpoint through a Service Request, or get your Partner to do it for you.
Checkpoint Support will provide you with a legacy install package, until the CPUSE package has been fixed.