Displaying posts filed under

Checkpoint NG/NGX

Mar
8
2010

awk weekly – Checkpoint Anti Spam statistics or viva la Open Relays

Goooood day everyone again,
today I have had another fight with the spam cartel that my client fell victim of. Once upon a time there was not so powerful UTM providing internet to not so crowded office in not so security-aware Central Europe.
All would be good and well if not this problem – they could not [...]

Mar
3
2010

Abra – the new toy from the Checkpoint

Checkpoint announced availability (for inquiries yet) of their new project Abra – secured virtualized desktop solution. I myself haven’t seen nor tried this so can only judge from different sources. In essence we talk here about USB stick of approx. 5 Gb or 8 Gb that includes virtual image of the applications you need to [...]

Feb
26
2010

awk weekly – how to see Checkpoint logs on command line

Hey Everyone, I decided to start a weekly column of awk scripting where I will bring interesting (I am being subjective I know) short scripts that made my life easier in dealing with actual problems in the wild or just look cool.
Until recently I had never had any need to work with Checkpoint log files [...]

Feb
25
2010

VPN client stops working in visitor mode after major update

Yesterday I got asked to check the VPN client issue . After upgrade from NGX R65 to R70 VPN client doesn’t connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens
often so I bring it here . Actually I see [...]

Feb
13
2010

fw monitor add-on

There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which filtering expressions are [...]

Feb
1
2010

Mail alert on ssh login or any other rule hit in Checkpoint

I once SSH login alert presented the way to send mail alert after successful login by ssh to any Linux-based machine , including Checkpoint firewalls. Now, thanks to folks at cpug.org that draw my attention to it, I will show how to get mail Alert on ANY rule in the security rulebase of [...]

Jan
26
2010

Enabling antispam or antivirus on the Checkpoint gateway blocks smtp or http traffic

Recently I was unplesantly presented with “it is not a bug ,it is a feature” case with the Checkpoint .
There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of the routine I checked on [...]

Jan
23
2010

IP Options are evil – drop them , drop them on Cisco Asa/IOS Microsoft ISA Juniper or Checkpoint

As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers supporting IP protocol must implement Ip Options filed . It is up to the vendor to decide [...]

Dec
31
2009

Print rulebase in Checkpoint

The best place to hide something is to place it before your eyes. Thanks to theacademypro.com I discovered a cool feature of the SmartDashboard – ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that’s it. Just amazing , I have been using Dashboards  throughout [...]

Dec
30
2009

Checkpoint – back up centrally for recovery.

Backing up firewall configs for disaster recovery  is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls.
I use here poll model – this central server connects by SSH [...]