Archive for the ‘CPUG’ Category

Back to Chur in September – CPUGCON 2010

Friday, July 16th, 2010

I will be travelling to the Check Point Usergroup Conference (CPUGCON) in Chur this September!

Thanks to my employer MCS for giving me the opportunity.

Barry Stiefel accepted my presentations for “Best Practices For The Check Point Appliances” and “Check Point Troubleshooting” and I’m happy to speak again in front of such a great audience.

It turned out last year that half of the attendees were working for Check Point partners, so enormous amount of knowledge and experience there.

Make sure to attend, too!

Where else can you meet people like yourself, dealing with the same topics and the same problems? Benefit from their experience and their solutions.

Check out the conference presentations (work in progress) and meet the speakers.

And please don’t hesitate to speak to me and share some feedback about this blog when you see me in Chur.

Tobias Lachmann

Posted in CPUG, CPUGCON | Comments Off

Check Point User Group Conference 2010

Sunday, June 6th, 2010

Don’t forget to register for the Check Point User Group Conference 2010 in lovely Chur.

Barry will update the site ongoing to keep you informed about agenda, speakers and other details.

I’m not sure if I can attend CPUGCON this year, but I will try. If I get accepted again as speaker, I might afford the trip.

At the moment I submitted presentations about troubleshooting, DLP, VPN-1 VE and UTM-1 appliances.

We’ll see how many of those can make it to the agenda.

Tobias Lachmann

Posted in CPUG, CPUGCON | Comments Off

How to build an UTM-1 cluster with SmartCenter HA (aka Full Cluster)

Sunday, May 9th, 2010

Maybe you’ve seen my presentation on CPUGCON 2009 about migration to an UTM-1 cluster from a distributed environment.

Now I was asked to provide a how-to about building this kind of UTM-1 Full Cluster from scratch.

Actually this is very easy. Building UTM-1 clusters was supported from the start, but the SmartCenter could only reside on one appliance. With the introduction of NGX R65 with Messaging Security, we also got SmartCenter High-Availability for free.

In our setup we assume that we have two appliances, one primary and one secondary. Setup both with the normal First Time Configuration Wizard.

Make sure to install the primary on as locally managed and primary cluster member.

The secondary appliance is also installed as locally managed but as secondary cluster member.

On the secondary appliance you also have to fill in a SIC secret to establish the communication later.

After completing the First Time Configuration Wizards on both appliances, connect with the SmartDashboard to the primary UTM-1 appliance.

Now the wizard for configuring the cluster pops up. When defining the secondary cluster member, fill in the SIC secret entered in the WebUI wizard.

Fill in all the details that reflect your cluster. Make sure to have at least one dedicated sync network.

Topology could look like this afterwards:

Now you can define rules, push the policy and make the cluster work. After that check the Management HA in the SmartDashboard:

This picture shows that both cluster members have a SmartCenter installed and are working in Management High-Availability mode.

That’s it for building an UTM-1 cluster with Management High Availability – also known as UTM-1 Full Cluster.

Tobias Lachmann

Posted in CPUG, General, Secure Platform, UTM-1 | Comments Off

Don’t shoot the messenger

Thursday, April 22nd, 2010

Some days ago I was informed by a friend of mine that he nearly lost his status as a Check Point partner.

What has happened?

Well, he was openly speaking in the Check Point User Group (CPUG) forum about the new software blade licensing and what he liked and disliked about it. Instead of appreciating open feedback, Check Point got angry about this.

We had hard times selling the advantages of software blades to the customers and nearly no one bought the upgrade.
That’s why Check Point changed the cost for upgrades in the end, because of all the negative feedback.

So, what’s my point about this?

Like Shakespeare said: “Don’t shoot the messenger!”

Partners and also certified professionals are brand ambassadors for Check Point in front of the customers.

So maybe it’s a good idea to get their feedback before major changes are announced and involve them as soon as possible in the process of development.

As for me, I had some really good conversations with guys from product management and development. They asked me about my customers, how they use the products and what I can and cannot sell to the customers. About the necessity of certain features and so on. And I appreciate this and I think this is the absolutely right way.

But unfortunately, as events have shown, this is not the way Check Point is following with everybody…. sad.

Tobias Lachmann

PS: The make the picture complete: since upgrade to software blades is free and we have great new features with the R70.x versions, we can easily argue the upgrade to the customer.

Posted in CPUG, General, Software Blades | Comments Off

Short article about CPUGCON 2009

Thursday, December 17th, 2009

My employer released the new customer magazin recently.
We have a short article about the CPUG conference 2009 and my presentations. Writen in german.

Tobias Lachmann

Posted in CPUG, General | Comments Off

CPUG On Tour – One day Check Point User Conferences

Thursday, December 3rd, 2009

Barry Stiefel, founder of Check Point User Group CPUG, is putting together a tour of one day conferences in the US. These are kind of “small” CPUGCON events for all the folks from the states that couldn’t make their way to Switzerland in september.

I thing this is very cool indeed and everyone should considering visiting one of the events, either in Atlanta, New York City or Chicago.

Find more details on the conference website: CPUG On Tour

Tobias Lachmann

PS: Barry, thanks for having my picture on the frontpage. I like the caption of the photo ;-)

Posted in CPUG, General | Comments Off

Presentations from Check Point User Group Conference (CPUGCON) 2009

Wednesday, October 21st, 2009

I think I get started with this blog by posting links to the presentations I held on the Check Point User Group Conference in Chur, Switzerland.

The first presentation is purely for beginners:  Troubleshooting in the Check Point environment, Part I

The second one, which was more liked by the crowd at CPUGCON, is really advanced troubleshooting: Troubleshooting in the Check Point environment, Part II

I benefit from my daily work with a Check Point Collaborative Support Provider (CCSP) for these two presentations, as they reflect the things I’m constantly facing.

From the project side, I did lot’s of migrations from distributed Check Point installations to Check Point UTM-1 Full-Cluster. This means that the firewall / vpn part is working in active/standby cluster and we have also Management High Availability with the two SmartCenters. This is described in the presentation: Migration from a Distributed Environment to a UTM-1 Cluster

Best regards

Tobias Lachmann

Posted in CPUG, Secure Platform, Troubleshooting, UTM-1, UTM-1 Edge, VPN-1 | Comments Off

Welcome to my Check Point blog!

Tuesday, October 20th, 2009

Hello everyone!

After spending more than 8 years working with Check Point products, I thought it may be a good idea to let the world know my findings from time to time.

Becoming an expert means making errors and trying out things… but who says that two persons need to make the same (bad) experience? Maybe someone can just read this blog and find the solution he’s looking for….

For more information about myself, check out the speakers page on CPUGCON website.

Tobias Lachmann

Me at Check Point User Group Conference 2009
Me at Check Point User Group Conference 2009

Posted in CPUG, General | Comments Off