This page is just a personal reference for some notable, import Check Point KB articles I stumbled upon once, and which I assume to be of use repeatedly. Page shall be updated more or less regularly.
General Releases
- Check Point R77.30 sk104859
- Check Point R77.30 Known Limitations sk104860
- Check Point R77.30 Resolved Issues sk104861
- R77.30 Add-On sk105412
- Jumbo Hotfix Accumulator for R77.30 (R77_30_jumbo_hf) sk106162
- R77.30 Recommended Hotfixes sk106389
- Check Point R77.20 sk101208
- Jumbo Hotfix Accumulator FAQ sk98028
- Jumbo Hotfix Accumulator for R77.20 (R77_20_jumbo_hf) sk101975
- R77.20 Add-On sk101217
- Check Point R77.10 sk97617
Security Vulnerabilities/Responses
- Check Point response to the POODLE Bites vulnerability (CVE-2014-3566) sk102989
- Check Point response to TLS 1.x padding vulnerability sk103683
- Check Point Response to CVE-2014-6271 and CVE-2014-7169 Bash Code Injection vulnerability
- Check Point response to TLS FREAK Attack (CVE-2015-0204) sk105062
- Check Point Response to CVE-2015-0235 (glibc – GHOST) sk104443
- Check Point response to NTP vulnerabilities (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296) sk103825
- Check Point response to CVE-2015-3456 (VENOM) sk106060
- TLS1.2 Support Plan for Check Point Products sk107166
- Check Point response to “Check Point ClusterXL/CCP issue (DoS)” sk94849
General Networking
- IPv6 Support FAQ sk39374
- Configuring Proxy ARP for Manual NAT sk30197
- What is FW Monitor? sk30583
- NAT IP not seen correctly in tcpdump — Use fw monitor sk100071
- NetFlow support by Gaia OS sk102041
- Gaia IP Broadcast Helper does not forward Directed Broadcast traffic
- TCPdump shows wrong IP addresses for NATed traffic when SecureXL is enabled sk100194
Performance/SecureXL/CoreXL
- Best Practices – Security Gateway Performance sk98348
- Performance analysis for Security Gateway NGX R65 / R7x sk33781
- SecureXL Mechanism sk32578 Lists exactly what traffic is NOT accelerated
- SecureXL Traffic Limitations sk63400
- CoreXL Known Limitations sk61701
- How to increase sizes of buffer on SecurePlatform/Gaia for Intel NIC and Broadcom NIC sk42181
- Accelerated Drop Rules Feature in R75.40 and above sk67861
- Optimized Drops feature in R76 and above sk90861
- Optimized Drops advanced configuration in R76 and above sk90941
- Rate Limiting for DoS Mitigation
- What is the SecureXL penalty box mechanism for offending IP addresses? sk74520
- SecureXL NAT Templates sk71200
- Enabling QoS support for acceleration technologies (SecureXL and CoreXL) sk98229
- What are Enhanced Durability features? sk33239
- CoreXL Dynamic Dispatcher in R77.30 sk105261
- Issues with traffic passing through Security Gateway with CoreXL Dynamic Dispatcher enable sk108432
- Firewall Priority Queues in R77.30 sk105762
- How Connections Table limit capacity behaves in CoreXL sk35990
Clustering
- Adding or removing an interface in ClusterXL High Availability topology might cause fail-over sk57100
- ClusterXL upgrade methods and paths sk107042 Optimal Service
Upgrade (OSU), Connectivity Upgrade (CU) - Cluster flapping prevention sk92723 Cluster Unter Load (CUL) Mechanism
- Suppress the Cluster Under Load (CUL) messages in the /var/log/messages file and in the dmesg sk101649
- Cluster member is stuck in ‘Ready’ state sk42096
- Cluster member with CoreXL enabled is in “Ready” state sk100072
- Status of cluster interfaces is displayed as “Partially up” sk106488
- Connecting multiple clusters to the same network segment (same VLAN, same switch) sk25977
- Cannot simultaneously ping Virtual IP address of the cluster and IP addresses of physical interfaces on cluster members from a remote host sk26874
- How to set ClusterXL Control Protocol (CCP) in Broadcast / Multicast mode in ClusterXL sk20576
- Although CCP mode is set to Broadcast, Delta Sync packets are sent over Sync interface(s) as multicast sk101132
- Using ClusterXL with IGMP Snooping-enabled switches sk33221
- ClusterXL IGMP Membership sk31934
- How to troubleshoot failovers in ClusterXL sk56202
- How to troubleshoot failovers in ClusterXL – Advanced Guide sk62570
IPS
- How to measure CPU time consumed by IPS protections sk43733
- “TCP Segment Limit Enforcement” IPS Protection sk66576
- Aggregated TCP logs (Potential Network Configuration Problem) sk63160 “Potential network configuration problem” Log message
- “IPS Scheduled Update ended with errors: Update check failed, please review credentials & proxy settings” error in SmartDashboard sk63682
- Non-compliant HTTP and DNS log aggregation sk73240
- Revert IPS to Previous Database Revision sk87960
Anti-Bot/Anti-Virus
- ATRG: Anti-Bot and Anti-Virus sk92264 General introduction and overview
- Anti-Bot and Anti-Virus Malware DNS trap feature sk74060
- Configuring Anti-Bot Policy to inspect outgoing traffic only sk103296
- Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization sk92224
- Security Gateway cannot connect to Check Point Anti-Bot / Anti-Virus Online Web Services sk74040
- Email Alerts not being sent from Anti-Bot & Anti-Virus Blade rulebase sk86162
Miscellaneous
- Issues encountered when upgrading from SecurePlatform to Gaia sk103397
- How to configure static routes in CLISH on Gaia OS and IPSO OS sk39746
- Check Point Processes and Daemons sk97638
- Configuring ‘Mail Alerts’ using ‘internal_sendmail’ command sk25941
- E-mails are not being sent after configuring Mail Alerts using the ‘internal_sendmail’ command sk100326
- How to Backup and Restore in Gaia sk91400
- Best Practices – Backup on Gaia OS sk108902
- Difference between Snapshot, Backup & migrate export sk105385
- Gaia Limitations after Snapshot Recovery sk98068
- monitord’ and ‘confd’ processes consume 100% CPU sk102988 (Fixed by JHFA)
- DNS packets are ‘dropped by fwpslglue_chain Reason: PSL Drop: ASPII_MT’ sk81320
- ‘frontstage’ messages appear repeatedly in /var/log/messages in Gaia OS running on Open Server, IP appliance or Appliance with no LCD sk88283
- Log file /var/log/messages is filled up by ‘xpand’ process in /var/log/messages files on Gaia OS sk103127
- Editing the objects_5_0.C file via Check Point database editing utilities skI3301 dbedit
- Check Point Database Tool (GuiDBedit) sk13009
- Changing the port for Gaia Portal on Security Gateway sk83482
- Latest build of Check Point CPUSE – Gaia Software Updates sk98228
- CPUSE – Gaia Software Updates (including Gaia Software Updates Agent) sk92449
- How to check which Hotfixes are installed on a Check Point machine sk72800
- How to get installed hotfix versions using CPInfo sk83860
- The cpinfo Utility sk92739
- Removing old Check Point packages and files after an upgrade on Security Gateway / Security Management Server sk91060
- Disk space tips and tricks for SecurePlatform / Gaia / IPSO / Linux OS sk60080
- During boot, machine enters the GRUB command prompt sk100287
- How to boot manually from the GRUB command prompt sk100289
- Fixing corrupted GRUB on Check Point appliance sk92591 Also applicable to non-appliance open server systems – use grub-install –recheck if it fails
- Gaia / SecurePlatform OS boots into GRUB instead of normal mode sk105785
- Some HP Open Servers fail to start after upgrade to R77.30 Gaia OS sk106708
- Values of some kernel parameters configured in $FWDIR/boot/modules/fwkern.conf file are not applied sk106309
- The Check Point Performance Sizing Utility sk88160
- Check Point support for Red Hat Enterprise Linux sk44925 RHEL support
- Information sent to Check Point servers for license validation and services updates sk108288
- VMware Tools support on SecurePlatform and Gaia sk61684
- SHA-1 and SHA-256 certificates in Check Point Internal CA (ICA) sk103840
- Using the Check Point Appliance Hardware Diagnostic Tool sk97251
- Software Blades / Features and supported Operating Systems sk109045
