Tim's IT-Blog

Just a blog about IT and IT-Problems…

Category Archives: Check Point

Check Point – Unable to open HTTPS-Sites when using SecuRemote/SecureClient

by admin_import on 11/05/2010

If you are unable to connect HTTPS-Sites over a Proxy by using VPN-Tunnel with Check Point SecuRemote / SecureClient, you have to enable “asm_http_allow_connect” on the client. On Windows: – open regedit – Go to HKLMSystemCurrentControlSetServicesFW1parameters – Add a key called Globals – Under Globals, create a DWORD called asm_http_allow_connect – set its value to […]

Get Check Point IKEView (Download)

by admin_import on 11/05/2010

Normally IKEView is available only for CSP partners http://www.checkpoint.com/techsupport/csp/downloads/dl_utilities.html#ike_view. But you can download and install InfoView package https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=8227. After Installation you find IKEView under C:Program FilesCheckPointInfoview1.0.

Check Point Endpoint Connect connect with certificate by command_line.exe Tool

by admin_import on 03/05/2010

command_line.exe connect -s [IP-CheckPoint-Gateway] -f “[certificate file]” -p [Password] Example: c:program filescheckpointendpoint connectcommand_line.exe connect -s 195.19.17.178 -f “f:certfile.p12” -p secret It is very important that the argument for the Parameter -f (certificate file) is set in quotation marks!

Setting up DNS-Server on Check Point Endpoint Connect R73 on Microsoft Windows 7

by admin_import on 03/05/2010

Open Command-Line-Box (cmd.exe) with Administrator-Rights. C:>netsh int ip sh int Idx Met MTU State Name — ——— ———- ———— ————————— 1 50 4294967295 connected Loopback Pseudo-Interface 1 11 10 1500 connected LAN-Connection 12 0 1350 disconnected LAN-Connection* 9 Search the virtual Interface from Check Point Endpoint Connect. It is the Interface with Metric 0, MTU […]

Problems with Check Point SecuRemote/SecureClient on Microsoft Windows 7

by admin_import on 02/05/2010

At the site “Check Point products support for Windows 7 [sk43446]” is written that “VPN-1 SecuRemote/SecureClient NGX R60 HFA 03” support Mircosoft Windows 7 (only 32-Bit). But I made bad experiences with working SecuRemote/SecureClient on Windows 7 (over 30 Windows 7 Clients), so that i can not recommend to use SecuRemote/SecureClient on Windows 7. Here […]

Problem with CheckPoint and Solaris Patch 114344

by admin_import on 24/02/2009

After installing recommended Sun Solaris Patch 114344-25 or newer on CheckPoint Firewall based on Solaris 10 with JumpStart Architecture and Security Scripts (JASS) toolkit there are local problems at DNS lookups on the firewall node. # nslookup www.ebay.com … Result was changing between timeout and right result Resolution: Kernel Parameter “ip_strict_dst_multihoming” is set to strict […]

Some good compact Reference Cards

by admin_import on 08/07/2008

Apache: Apache 1.3 Quick Reference Card http://refcards.com/refcard/apache-forda Checkpoint FW-1/VPN-1: German: Die 100 wichtigsten Check Point VPN-1-Kommandos http://www.galileocomputing.de/download/artikel/346/galileocomputing_poster_check_point_a3.pdf Cisco: Ciscopedia: A new Windows-Help-formatted File with a big Reference for Cisco command http://www.google.de/search?q=ciscopedia-v3 Perl: Perl Regular Expressions http://refcards.com/docs/trusketti/perl-regexp/perl-regexp-refcard-a4.pdf And some more see: http://refcards.com/

Searching for natted IP at Checkpoint FW1

by admin_import on 08/07/2008

There no way to search an defined object the NAT-IP by the Checkpoint GUI. A easy way is: $ #LOGIN AS root ON FW1 via SSH/TELNET $ grep 181.76.6.7 /etc/fw/conf/objects_5_0.C Another way is to define a new object with the NAT-IP. The GUI will warn you, that the object is already in use by Object […]