Skip to content


Convert Checkpoint SPLAT routes into Gaia configuration commands

Hi there, not much of a script , just the one-liner to turn output of the Secure Platform cli command route/ip route list into the ready for copy&paste list of Gaia clish commands.
Be aware I am not doing any error checking, so examine the final result before applying to a production system.
See ya.
You should run it on SPLAT cli being in expert mode.

ip route list | awk ‘/via/ {print " set static-route ",$1," nexthop gateway address " $3," on "}’

set static-route 172.19.0.0/16 nexthop gateway address 172.12.255.4 on
set static-route 172.20.0.0/16 nexthop gateway address 10.20.20.6 on
set static-route default nexthop gateway address 19.9.15.33 on

Posted in Awk weekly, Checkpoint NG/NGX.


PTR bulk resolver in Perl to see what is in the name

There are 50 ways to do PTR resolving in bulk,and this is just one of them. It doesn’t pretend to be the fastest/coolest/best, the only thing
I can claim – it works. So use it for pleasure and work.


# Yuri
# 19.02.2013
# this script accepts range of IP addresses to do PTr resolving for
# the range has to be in this format: startIp-endIp.startIp-endIp.startIp-endIp.startIp-endIp.
# Only answers are printed, i.e. if there is no answer  nothing is printed
use warnings;
use strict;
use Net::DNS ;

my $res = Net::DNS::Resolver->new();
  my $input = shift ;
     $input =~ /(.+)-(.+)\.(.+)-(.+)\.(.+)-(.+)\.(.+)-(.+)/ ;
     print "Resolving ptrs for the following range: $input\n" ;
     print "Started working at: " . scalar gmtime . "\n" ;
     my ($oct1_start,$oct1_end,$oct2_start,$oct2_end,$oct3_start,$oct3_end,$oct4_start,$oct4_end) = ($1,$2,$3,$4,$5,$6,$7,$8) ;
 foreach my $oct1 ($oct1_start..$oct1_end) {
   foreach my $oct2 ($oct2_start..$oct2_end) {
     foreach my $oct3 ($oct3_start..$oct3_end) {
       foreach my $oct4 ($oct4_start..$oct4_end) {
   my $answer = $res->query("${oct1}.${oct2}.${oct3}.${oct4}") ;
 if (defined $answer) {
my @ptr = $answer->answer;
foreach my $record_ptr (@ptr) {
#print " NEw " . $record_ptr->print ;
 my $str = substr($record_ptr->string,rindex($record_ptr->string,'R')+1) ;
 print "$oct1.$oct2.$oct3.$oct4  "  . $str . "\n";
}

}
} } }}

  print "Run completed at: " . scalar gmtime . "\n" ;

Example run: #perl script.pl 194-194.90-90.33-33.0-255

Posted in Awk weekly.

Tagged with .


Bash script to generate random passwords

Here I stumbled on great intro into Bash scripting for NetOps by John Kristoff ” Introduction to Shell and Perl scripting for Network Operators” and could’t help but do it my way. Here it is, bash
script that generates random password of printable characters, up to 15 at least.

#!/bin/bash
# usage: randompass.sh [n] [count]  - n is number of characters in password
# to generate 9 by default, and count - number of passwords to generate, 1 by default
n=${1:-9}
counter=${2:-1}
for ii in `seq 1 $counter` ;do
dd count=1 bs=15  if=/dev/urandom 2>/dev/null |
   od -a   |
 sed '2d'  |
 sed 's/0000000 \(.*\)/\1/' |
 tr -d ' '  | cut -c 1-$n |
 sed 's/\([a-z]\)/\U&/3' |
 sed 's/\([A-Z]\)/\l&/4'
done 

Download the script
Example.

randompass.sh 7 7

o&sOh~K
deL(HMd
dc23DBg
HK?S@iE
_$SL*Ad
si|}Del
%I-ba

Posted in Awk weekly.

Tagged with , .


Disabling SSL Deep inspection proxy in Fortigate should be easier

This one can be filed under Fortinet ‘undocumented/unwanted’ feature rather than bug.The case in question: Fortigate 80C , firmware 4 something, all  subscriptions are up-to-date, no crazy configurations, life is beautiful… Until client adds to his LAN some back-up device that works by gathering data from clients installed on PCs and then pushes updates from behind Fortigate to the Internet residing cloud storage.

The problem with it occurred on install of the backup box and its reason also was clear as vodka – the backup box uses POP3s protocol (POP3 encrypted with SSL using certificates) to communicate with cloud servers and when this communication is passing the Fortigate, the Fortigate intercepts it for SSL Deep inspection (man-in-the-middle) and presents to the cloud servers its own (i.e. Fortigate) SSL certificate, thus preventing the bakup box to use its own SSL certificate.  The remote cloud servers, of course, refuse to accept it.

So, what’s the fuss? Just disable SSL inspection and that’s it, no ? According to the Fortinet yes, http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=FD31820   “ FortiGate Intercepts POP3S, SMTPS and IMAPS certificates “ . But the real life says no.

First, the document above lists commands that Fortigate 80C didn’t recognize, ok , no big deal. We tried to remove any protection profile from hosts in question, add protection profile with HTTPS inspection disabled – still nada .

In the end, as the client didn’t really need this feature at all, we just disabled SSL inspection for good, and it finally did the job.

The steps and output from the device are below.

FGT80C # get firewall ssl setting

caname : Fortinet_CA_SSLProxy
cert-cache-capacity : 100
cert-cache-timeout : 10
no-matching-cipher-action: bypass
proxy-connect-timeout: 30
session-cache-capacity: 500
session-cache-timeout: 20
ssl-dh-bits : 1024
ssl-max-version : tls-1.0
ssl-min-version : ssl-3.0
ssl-send-empty-frags: enable

Get the statistics/diagnostics info about SSL Proxy in Fortigate:

FGT80C # diagnose test application ssl 0

SSL Proxy Test Usage
1: Dump Memory Usage
2: Drop all connections
3: Display PID
4: Display connection stat
5: Toggle AV Bypass mode
6: Display memory statistics
44: Display info per connection
11: Display connection TTL list
12: Clear the SSL certificate cache
13: Clear the SSL session cache
14: Display PKey file checksum
15: Clear the SSL server name cache
99: Restart proxy
SSL Proxy stats:

FGT80C # diagnose test application ssl 4

Current connections (all proxies) = 12/8048
Running time (HH:MM:SS:usec) = 57:21:06.569388
Bytes sent = 499 (kb)
Bytes received = 909 (kb)
Error Count (alloc) = 0
Error Count (accept) = 0
Error Count (bind) = 0
Error Count (connect) = 0
Error Count (read) = 0
Error Count (write) = 0
Error Count (retry) = 0
Error Count (poll) = 0
Error Count (unhandled state) = 0
Error Count (SSL handshake) = 0
Error Count (SSL internal) = 0
Last Error = 0
IPC Connection Count = 1
IPC Hand-off Count = 7838
IPC Packet Sent Count = 0
IPC Error Count (connect) = 0
IPC Error Count (handoff) = 0
IPC Error Count (send) = 0
IPC Error Count (socketpair) = 0
IPC Error Count (timeout) = 0
Client cipher failure = 0
Server cipher failure = 0
SSL decryption failure = 0
SSL internal error = 0
SSL public key too big = 0
Total Connections Proxied = 0
Web request backlog drop = 0
Web response backlog drop = 0
AV Bypass is off
Drop on backlog is on
Accounting is off

This one is important, it shows connections under SSL inspection
Here 13.43.12.77 is remote cloud server (sanitized) and 192.168.10.150 is backup box in LAN.

FGT80C# diagnose test application ssl 44

Current https connections = 0
Current imaps connections = 0
proxy=pop3s id=8070 clt=45(r=0, w=0) srv=46(r=1, w=0) c:192.168.10.150:36905 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=3541

proxy=pop3s id=8069 clt=43(r=0, w=0) srv=44(r=1, w=0) c:192.168.10.150:56246 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=3540

proxy=pop3s id=8068 clt=41(r=0, w=0) srv=42(r=1, w=0) c:192.168.10.150:56245 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=3401

proxy=pop3s id=8067 clt=26(r=0, w=0) srv=27(r=1, w=0) c:192.168.10.150:36902 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=3399

proxy=pop3s id=8039 clt=24(r=0, w=0) srv=25(r=1, w=0) c:192.168.10.150:40980 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=2625

proxy=pop3s id=8032 clt=35(r=0, w=0) srv=36(r=1, w=0) c:192.168.10.150:39432 -> s:13.43.12.77995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=2424

proxy=pop3s id=8029 clt=28(r=0, w=0) srv=29(r=1, w=0) c:192.168.10.150:39429 -> s:13.43.12.77:995 c2s/s2c=0/0 state=SSL_CONTINUE_SETUP_STATE duration=0 expire=2415

Current pop3s connections = 12
Current smtps connections = 0
Current ftps connections = 0
- Disable SSL proxy for AV scanning :

FGT80C # diagnose test application ssl 5

SSL AV Bypass is now on

FGT80C3909621311 # diagnose test application ssl 4

Current connections (all proxies) = 12/8048
Running time (HH:MM:SS:usec) = 57:22:37.346514
Bytes sent = 499 (kb)
Bytes received = 909 (kb)
Error Count (alloc) = 0
Error Count (accept) = 0
Error Count (bind) = 0
Error Count (connect) = 0
Error Count (read) = 0
Error Count (write) = 0
Error Count (retry) = 0
Error Count (poll) = 0
Error Count (unhandled state) = 0
Error Count (SSL handshake) = 0
Error Count (SSL internal) = 0
Last Error = 0
IPC Connection Count = 1
IPC Hand-off Count = 7839
IPC Packet Sent Count = 0
IPC Error Count (connect) = 0
IPC Error Count (handoff) = 0
IPC Error Count (send) = 0
IPC Error Count (socketpair) = 0
IPC Error Count (timeout) = 0
Client cipher failure = 0
Server cipher failure = 0
SSL decryption failure = 0
SSL internal error = 0
SSL public key too big = 0
Total Connections Proxied = 0
Web request backlog drop = 0
Web response backlog drop = 0
AV Bypass is on
Drop on backlog is on
Accounting is off

- Making sure it worked:

FGT80C3909621311 # diagnose test application ssl 44

Current https connections = 0
Current imaps connections = 0
Current pop3s connections = 0
Current smtps connections = 0
Current ftps connections = 0

Posted in Fortigate, Uncategorized.

Tagged with .


md5 sha256 sha-1 tiger and whirlpool sum checker for Windows

Trying out Amazon AWS Glacier with fastglacier.com as the upload GUI app I looked at few SHA256 sum calculating tools, and found this one by Jesse Kornblum to be the best for Windows.
It has some quite useful options like recursive folders calculation, file size limitation, reading file names from file and hash comparing. Be aware it is command-line only.

Posted in Privacy.