Updatable objects appear as 'no longer supported'

 

Symptoms

• In some scenarios, the following validation warning appears on an updatable object: "Object is no longer supported. Enforcing security for this object is not possible." However, the object is still available in the updatable objects picker.

Solution

Updatable objects use CloudGuard infrastructure. To resolve this issue:

1. Restart the CloudGuard controller by running these commands on the Security Management Server:

   • cloudguard stop

   • cloudguard start

2. Open the updatable objects pane

Notes:

• If you are using Smart-1 Cloud Contact Check Point Support to solve the issue.
• If you are using Multi-Domain Management Server, run the commands on the MDS level.

 

Checkpoint enable ICMP redirects

 

To enable ICMP redirects, configure the global kernel parameter fw_icmp_redirects=1 on the Security Gateway.

• To change the parameter On-the-fly:
  1. Run the command: # fw ctl set int fw_icmp_redirects 1
  2. Verify the new parameter setting with: # fw ctl get int fw_icmp_redirects

To set the parameter value to survive reboot (see details in sk26202)

1. Edit the $FWDIR/boot/modules/fwkern.conf file.
2. Add the line: fw_icmp_redirects=1
3. Reboot

 

Windows Firewall - Allow IP address

In rule 

netsh advfirewall firewall add rule name="Name" dir=in action=allow protocol=ANY remoteip=10.20.0.30

Out rule

netsh advfirewall firewall add rule name="Name" dir=out action=allow protocol=ANY remoteip=10.20.0.30

 

 

Enable Service in centos 9 firewall (firewalld)

 

1. 1. Add a profile for SNMP to firewalld.

      nano /etc/firewalld/services/snmp.xml

      Contents of the file is as following (Please mind the using of udp port 161)

      <?xml version="1.0" encoding="utf-8"?>
      <service>
      <short>SNMP</short>
      <description>SNMP protocol</description>
      <port protocol="udp" port="161"/>
      </service>

   2. Reload your firewall for checking any error

      firewall-cmd --reload

   3. Add the service to your public zone

      firewall-cmd --zone=public --add-service snmp --permanent

   4. Reload your firewall again

      firewall-cmd --reload

Now Test Snmp Status from another server

snmpwalk -v 2c -c public IP.of.target.server

Check the hard drive integrity - firewall checkpoint 5800

 To check the integrity of a hard drive in the Gaia/SecurePlatform OS:

    Connect to the machine over console (serial).

    Reboot the machine.

    Press a key on the "Press any key to see the boot menu" screen. The Check Point Boot Menu now opens.

    Select the "Start in maintenance mode".

    Enter the Expert mode credentials.

    Unmount the file system:

    # umount -a

    For the EXT3 file system, run the applicable 'fsck' commands (skip this step if you have a XFS file system):

        Check and update the bad block list, but do NOT repair:

        # fsck -f -n -c -v

        Repair automatically:

        # fsck -f -p -c -v

        Note: If you detect inconsistencies, 'fsck' may require the user to remove the '-p' flag from the syntax. In such a case, use the 'fsck -f -y' command instead to assume 'yes' to all questions.

        # fsck -f -c -v -y
        # sync
       # reboot

DFSR Firewall ports

DFSR Firewall ports

ICMP Echo
Port 53 DNS TCP and UDP  
Port 88 LDAP TCP and UDP
Port 135 Netbios TCP
Port 139 Netbios TCP
Port 138 NTP TCP and UDP
Port 123 time
Port 455 Kerberos TCP
Port 389 LDAP SSL TCPP
Port 636 Microsoft DFS TCP
Port 5722 Microsoft DFSR TCP
Port 49154 Netbios TCP and UDP
Port 49155 Active Directory Trust Policy TCP
Port 49158 CFS TCP and UDP