Comments for yurisk.info http://yurisk.info Technical Blog about IT Security and Networking Tue, 07 Sep 2010 19:08:31 +0000 hourly 1 http://wordpress.org/?v=3.0 Comment on awk weekly – rule hits statistics . Checkpoint again by Yuri http://yurisk.info/2010/03/13/awk-weekly-rule-hits-statistics-checkpoint-again/comment-page-1/#comment-1236 Yuri Tue, 07 Sep 2010 19:08:31 +0000 http://yurisk.info/?p=572#comment-1236 Well , strange - I run today this script against NGX R65 and R70.10 and had expected results. Hard to say why it doesnt work for you w/o looking at the log file format you use, so ... BTW I think of rewriting this script to calculate hit counts based on rules ID and not numbers that change after you add/remove rules, so watch for update Well , strange – I run today this script against NGX R65 and R70.10 and had expected results. Hard to say why it doesnt work for you w/o looking at the log file format you use, so …
BTW I think of rewriting this script to calculate hit counts based on rules ID and not numbers that change after you add/remove rules, so watch for update

]]> Comment on 8 Things to do before opening ticket with Checkpoint by guy yovel http://yurisk.info/2010/06/25/things-to-do-before-opening-ticket-with-checkpoint/comment-page-1/#comment-1220 guy yovel Sat, 04 Sep 2010 12:57:05 +0000 http://yurisk.info/?p=925#comment-1220 I am impressed, you are absolutely correct. Check point support is pretty bad, I might say. Indeed if you have critical situation and proven network or system down due to check point software then you will get good service. Your case will be immediately escalated to higher support level and software developers will be involved fast enough, so you can expect a fixing patch in few days. This is very logic attitude from company perspective because customer can forgive on slow handling of medium severity case but will be very disappointed for slow acting when his business in troubles. But in reality most, and I estimate this in 95%, the cases will be moderate severity and therefore the case will be 1 out of 30 cases per support engineer in average. Even if the support engineer is really want to assist, you are only one out of 30 other cases. So you can expect big delays and very slow work on your issue. So if you as customer or check point partner is professional enough to assist with debugging, self replication and workaround the issue will progress much faster then if you are passive and wait for instructions from the TAC. By the way in most cases the check point TAC is not acting as real technical and more as kind of call center. And the difference is huge….. Best regards, Guy Yovel guyovel ATT nana.co.il I am impressed, you are absolutely correct. Check point support is pretty bad, I might say. Indeed if you have critical situation and proven network or system down due to check point software then you will get good service. Your case will be immediately escalated to higher support level and software developers will be involved fast enough, so you can expect a fixing patch in few days. This is very logic attitude from company perspective because customer can forgive on slow handling of medium severity case but will be very disappointed for slow acting when his business in troubles.

But in reality most, and I estimate this in 95%, the cases will be moderate severity and therefore the case will be 1 out of 30 cases per support engineer in average. Even if the support engineer is really want to assist, you are only one out of 30 other cases. So you can expect big delays and very slow work on your issue. So if you as customer or check point partner is professional enough to assist with debugging, self replication and workaround the issue will progress much faster then if you are passive and wait for instructions from the TAC. By the way in most cases the check point TAC is not acting as real technical and more as kind of call center. And the difference is huge…..

Best regards,
Guy Yovel
guyovel ATT nana.co.il

]]> Comment on awk weekly – rule hits statistics . Checkpoint again by Junior Toledo http://yurisk.info/2010/03/13/awk-weekly-rule-hits-statistics-checkpoint-again/comment-page-1/#comment-1217 Junior Toledo Wed, 01 Sep 2010 00:49:17 +0000 http://yurisk.info/?p=572#comment-1217 Hi, I'm running this command, but do not get the result of all rules only the total hits. I need to change some syntax for that to happen? I'm just getting this result: Rule number: Hits: 1565351 Thanks, Junior Toledo Hi,

I’m running this command, but do not get the result of all rules only the total hits.
I need to change some syntax for that to happen?

I’m just getting this result:
Rule number: Hits: 1565351

Thanks, Junior Toledo

]]> Comment on Print rulebase in Checkpoint by Crystal http://yurisk.info/2009/12/31/print-rulebase-in-checkpoint/comment-page-1/#comment-1196 Crystal Mon, 16 Aug 2010 11:02:09 +0000 http://yurisk.info/?p=361#comment-1196 I know how to print a rulebase, but what if you would like to print out the database of the objects with IP addresses in the rule base. thanks I know how to print a rulebase, but what if you would like to print out the database of the objects with IP addresses in the rule base.

thanks

]]> Comment on Change IP address on the interface without losing the connection by Yuri http://yurisk.info/2010/06/02/change-ip-address-on-the-interface-without-losing-the-connection/comment-page-1/#comment-1185 Yuri Sat, 14 Aug 2010 05:35:08 +0000 http://yurisk.info/?p=848#comment-1185 Hi Karia , good point - it was a standalone firewall , so SIC wasnt an issue, so if I recall right I didnt need to reestablish the SIC communication. No , it wasnt a cluster. Yuri Hi Karia ,
good point – it was a standalone firewall , so SIC wasnt an issue, so if I recall right I didnt need to reestablish the SIC communication.
No , it wasnt a cluster.
Yuri

]]> Comment on Change IP address on the interface without losing the connection by Karia http://yurisk.info/2010/06/02/change-ip-address-on-the-interface-without-losing-the-connection/comment-page-1/#comment-1184 Karia Wed, 11 Aug 2010 16:11:03 +0000 http://yurisk.info/?p=848#comment-1184 Great....Its really difficult. 1. SIC is established VIA externall IP,did u established SIC after this change? 2. Did the box in cluster? Great….Its really difficult.

1. SIC is established VIA externall IP,did u established SIC after this change?
2. Did the box in cluster?

]]> Comment on Capture packets at IOS Cisco router or finally we have a sniffer by Kyle http://yurisk.info/2010/02/01/capture-packets-at-ios-cisco-router-or-finally-we-have-a-sniffer/comment-page-1/#comment-1181 Kyle Tue, 27 Jul 2010 20:30:37 +0000 http://yurisk.info/?p=466#comment-1181 Yuri - thank you - good write up on this. Yuri – thank you – good write up on this.

]]> Comment on You can't set duplex/speed settings of the Fortigate interfaces? by Chris http://yurisk.info/2009/06/10/you-cant-set-duplexspeed-settings-of-the-fortigate-interfaces/comment-page-1/#comment-1174 Chris Tue, 13 Jul 2010 19:13:32 +0000 http://yurisk.info/?p=152#comment-1174 How do I set the wan1 port to auto? i tried everything I could think of. I must be missign something How do I set the wan1 port to auto? i tried everything I could think of. I must be missign something

]]> Comment on You can't set duplex/speed settings of the Fortigate interfaces? by jarbro http://yurisk.info/2009/06/10/you-cant-set-duplexspeed-settings-of-the-fortigate-interfaces/comment-page-1/#comment-1166 jarbro Thu, 08 Jul 2010 19:04:04 +0000 http://yurisk.info/?p=152#comment-1166 Thank you, thank you! Your post reminded me of a setting I had put on my wan1 interface which was causing serious link speed degradation. Once I set my wan1 interface back to auto everything was back in tip-top shape. You have no idea how long I banged my head against the wall on this one. Thank you, thank you! Your post reminded me of a setting I had put on my wan1 interface which was causing serious link speed degradation. Once I set my wan1 interface back to auto everything was back in tip-top shape. You have no idea how long I banged my head against the wall on this one.

]]> Comment on MAC finder script by Yuri http://yurisk.info/2010/07/02/mac-finder-script/comment-page-1/#comment-1165 Yuri Mon, 05 Jul 2010 15:23:48 +0000 http://yurisk.info/?p=959#comment-1165 Thanks Giuliano for the pointer, for a single MAC I also will use whatever is more available - Google being the winner for me, but when it gets to finding 10,20,20 MACs it gets real ugly without automation. Yuri Thanks Giuliano for the pointer, for a single MAC I also will use whatever is more available – Google being the winner for me, but when it gets to finding 10,20,20 MACs it gets real ugly without automation.
Yuri

]]>