Always Networks Blog - Check Point

Check Point Certified System Administrator (CCSA) Study Notes - R77

Fri 22 January 2016

I'm now a Check Point Certified System Administrator (CCSA)! I took the R77 exam and passed. I have to say I was a little disappointed with the exam - there were 100 questions in 90 minutes, but I found a lot of the questions were repeated - albeit with a slightly different phrasing.

Below are the notes I made while I was studying. Definitely lab it (download …

Read whole post...

Checkpoint GAiA BGP Network Origination

Fri 30 January 2015

I was recently involved in a project upgrading the core firewall pair from Checkpoint R71.40 SPLAT to R77.20 GAiA. While very different, a lot of the configuration is pretty straight forward, and well documented in various articles on the Checkpoint website.

This setup runs BGP on the firewalls, to learn routes from our internal VRF's and also the WAN VRF where our MPLS …

Read whole post...

Checkpoint VPN Error: According to the policy the packet should not have been decrypted

Magnifying Glass

I encountered an issue recently while trying to allow access to a new subnet over an existing VPN. The far end device was a Cisco router, and had an access list matching an entire class A subnet which was applied to the crypto map. The traffic destined for the new subnet was arriving at our firewall, and showing in the logs as dropped, with the …

Read whole post...