Thank you! We have actually increased by over 200 subs the last month so hopefully it increase over the next months :) I think its fun to make the videos so i dont mind, but always fun if more ppl watch it. I found it really hard to find good check point content on youtube so tought i could contribute with some content :D

Thank you! It’s really fun to see that the videos are helpful :) Haha that’s pretty cool, I haven’t heard that before. Am aware that there are a few ppl at check point watching them :) I guess check point owe me a few beers at the next CPX event :D

@@MagnusHolmberg-NetSec don't know about CP but I do own you a couple of beers. Let me know if you visit Madrid someday and will gladly pay my debt 😊

@@bonelessss hehe no worries! If you see me in an event just say hi :)

Thank you for watching and am glad it helped :) enjoy the rest of the serie.

Thank you :) Yes I personally think that the CCSA certificate skips out many vital things and they are not even within CCSE. Within a larger organization you will learn it after working with the products after some months or a year. But within a small environment it’s hard to get recommendation, blueprints etc, So this “CCSA” course includes what I think is expected from a certified tech working or wanting to work with check point :) Regarding you tube content, it’s generally hard to find something :( hopefully we can add some more. The ppl at my work is asking for content regarding MDS and VSX :)

Welcome to the channel! Yes when it comes to the MDS / VSX i will for sure have it included as its a large part of managing a larger environment. within this specific playlist (the ccsa) i try to keep it pretty streamline, well some hickups are needed to actually learn :) But i try to avoid things that goes more on a CCSE level. I will not be able to build bonds etc in the lab, but i will take screenshots and some short clips from real production VSX installations with bonds so its possible to actually see bonds/vlan/multiq etc. Thank you for watching and i do hope you learn something :)

Thank you, hope you enjoy the rest of the content for this course :D

Thank you :)

Aha thats a good suggestion on a video actually. Its more and more common as if you need to go back in the logs for a security incident they will ask for longs a longtime back aswell. I will see if i can prepp a video for that.

Your welcome, I don’t really have any pdf / PowerPoint. But there are instructions within the installation and upgrade guide sc1.checkpoint.com/documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/html_frameset.htm?topic=documents/R80.30/WebAdminGuides/EN/CP_R80.30_Installation_and_Upgrade_Guide/206107

Am not sure of the full process for the install database and what actually happens in the background. But in general when doing changes within mgmt objects on the mgmt server i always do the install database. So in regards to a logserver, if its not done the logs can display incorrect objects for example. All of this serie is based on real world and my experience, if doing like this it do work :) Honestly i havn´t digged to much in to why you need to do specific things. So i will qoute Timothy_Hall on one of his forum posts. ‎ " 2018-09-24 02:39 PM I get this question all the time in the CCSA classes I teach, and the best way I've found to explain it is the following: "Install Database" is more or less a subset of an "Install Policy" operation to a security gateway. Prior to starting the verification and compilation of a gateway's security policy, the SMS (and any other secondary SMS's or separate Log Servers) needs to "get its own house in order" by checking for any configuration changes on the SMS object or other Global Property settings that affect its own operation. This could be any change on the SMS object itself such as enabling the Compliance blade, the SmartEvent blade, a change in firewall log retention policy, and/or any changes made to locally-defined user accounts in the SmartDashboard/SmartConsole as mentioned above. If there are any changes detected the SMS implements them in its own live configuration before proceeding. In R77.30 the "Install Database" operation invoked the command "fwm dbload" on the SMS which performed some or perhaps all of the "Install Database" operation, but I'm not sure if this command is still relevant in R80.10. Note that a publish operation in R80+ management simply commits proposed/candidate changes in an administrator's session to the SMS's postgres database configuration, and is a completely different type of operation. " Also see the documentation :) sc1.checkpoint.com/documents/R80/CP_R80_SmartDashboard_OLH/html_frameset.htm?topic=documents/R80/CP_R80_SmartDashboard_OLH/1XsAOD74nmuI7gyc1V59rg2

Hi, yes logserver can be separated from the mgmt server. Yes a logserver licens is needed Regards Magnus

2TB during what timeframe? I think sizing of boxes are counted logs/seconds. For our log servers we use 8 CPU and 64GB ram, but it really depends on the environment. We have customers that split there logs out on 3 log servers due to the amount of user logs from web filtering from 100K users.

@@MagnusHolmberg-NetSec 2TB I can save only one month, sometimes 15 days.

@@MagnusHolmberg-NetSec Can I have other disk with 2TB and make a LVM to add in /var/log? having 4tb ?

@@luisfcaetano sure you add more disc after and extend the volume It’s the next video in this playlist ;) kzbin.info/www/bejne/h3uphoSrg9ipgNU I do gzip everything that is older then 15 days and ship it to a different box. If gzip the logs they take about 10% of the space (you can not search for them if gzip) so this is just to be able to save more logs then the 15days or so. It will require CPU to gzip and transfer logs. Do you see that the CPU load is working hard? (More or less check so there is not a process or something that just stuck and eating all the performance) we have something similar about 1-1.5TB per 15days in our MLM (multi domain logserver) What version are you running?

​ @Magnus Holmberg I running on R80.40 take 119. Sometimes on day I create a file with old logs (tar.gz) , but I don't have a script to do this automate. I'll create one. I have another question about Smart Event, I need a specific license to use like CPSM-LOGS? When I activated the blade SmartEvent I received a alert about that I don't have a license. And one more question, Do you have a SIEM ? or Syslog like grafana or ELK ?

thank you :)

MDS / VSX serie is in the process, first 2 videos is out and next one is coming in few days. :) kzbin.info/aero/PL4Jm1LJEII4ZIFjiPJKzwEIGJxfFBF9XQ

No worries!

hehe ye i will fix the VPN video this month, just have been very busy,.

@@MagnusHolmberg-NetSec No Problem Sir :-)