Goooood day everyone again,
today I have had another fight with the spam cartel that my client fell victim of. Once upon a time there was not so powerful UTM providing internet to not so crowded office in not so security-aware Central Europe.
All would be good and well if not this problem – they could not [...]
Mar
8
2010
8
2010
awk weekly – Checkpoint Anti Spam statistics or viva la Open Relays
Mar
3
2010
3
2010
Abra – the new toy from the Checkpoint
Checkpoint announced availability (for inquiries yet) of their new project Abra – secured virtualized desktop solution. I myself haven’t seen nor tried this so can only judge from different sources. In essence we talk here about USB stick of approx. 5 Gb or 8 Gb that includes virtual image of the applications you need to [...]
Feb
26
2010
26
2010
awk weekly – how to see Checkpoint logs on command line
Hey Everyone, I decided to start a weekly column of awk scripting where I will bring interesting (I am being subjective I know) short scripts that made my life easier in dealing with actual problems in the wild or just look cool.
Until recently I had never had any need to work with Checkpoint log files [...]
Feb
25
2010
25
2010
VPN client stops working in visitor mode after major update
Yesterday I got asked to check the VPN client issue . After upgrade from NGX R65 to R70 VPN client doesn’t connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens
often so I bring it here . Actually I see [...]
Feb
13
2010
13
2010
fw monitor add-on
There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which filtering expressions are [...]
Feb
1
2010
1
2010
Mail alert on ssh login or any other rule hit in Checkpoint
I once SSH login alert presented the way to send mail alert after successful login by ssh to any Linux-based machine , including Checkpoint firewalls. Now, thanks to folks at cpug.org that draw my attention to it, I will show how to get mail Alert on ANY rule in the security rulebase of [...]
Jan
26
2010
26
2010
Enabling antispam or antivirus on the Checkpoint gateway blocks smtp or http traffic
Recently I was unplesantly presented with “it is not a bug ,it is a feature” case with the Checkpoint .
There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of the routine I checked on [...]
Jan
23
2010
23
2010
IP Options are evil – drop them , drop them on Cisco Asa/IOS Microsoft ISA Juniper or Checkpoint
As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers supporting IP protocol must implement Ip Options filed . It is up to the vendor to decide [...]
Dec
31
2009
31
2009
Print rulebase in Checkpoint
The best place to hide something is to place it before your eyes. Thanks to theacademypro.com I discovered a cool feature of the SmartDashboard – ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that’s it. Just amazing , I have been using Dashboards throughout [...]
Dec
30
2009
30
2009
Checkpoint – back up centrally for recovery.
Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls.
I use here poll model – this central server connects by SSH [...]