checkpoint-ngngx




SNMP in Gaia default community string

Configuring SNMP in Gaia as opposed to SPLAT has been made much simpler. So simple that it is easy to overlook that default configured read-only community is public . So , it is a good idea to change it while enabling SNMP: set snmp agent on set snmp agent-version any set snmp …



Convert Checkpoint SPLAT routes into Gaia route configuration commands

` Hi there, not much of a script , just the one-liner to turn output of the Secure Platform cli command route/ip route list into the ready for copy&paste; list of Gaia clish commands. Be aware I am not doing any error checking, so examine the final result before applying to …



Checkpoint SNX 75 does work on Mac OS X 10.8 Mountain Lion

While not mentioned explicitly in Release Notes for SNX 75 (it lists there only Mac OS X 10.7, 10.7.1, 10.7.2 Lion, 32-bit and 64-bit as supported versions) , it does work with new version of Apple Mac. Yesterday I did it for R71.40 and it …



SCP file transfers and Checkpoint R75 problems

There is a known issue with transferring big files (bigger than 1 Mb) from/to SecurePlatform firewall by Checkpoint. The file transfer fails with some error about buffers. The problem is that Checkpoint SPLAT comes with old opensshd daemon , which has a bug in it dated 2006 ( https://bugzilla.redhat …



Check duplex and speed settings of all interfaces in one go

One of the first things you do when checking connectivity issues on the Checkpoint (or any networking gear for that matter) is to see speed and duplex parameters of the interfaces. But have you tried to do it on a firewall with 15-20 interfaces ? No fun entering one by one …



Funny way to expire Antispam license in Checkpoint

After years with Checkpoint products I came to conclusion that if you don't have logical explanation why something doesn't work, it is most probably license issue. My client stopped getting emails behind UTM-132 at some remote branch . Doing the basics - telnet to port 25 (Checkpoint answered as it should), Exchange …



awk weekly - Security rule hits statistics . Checkpoint

As I mentioned before once you export firewall logs into human-readable format you can do lots of interesting things - for example script that gives statistics of how many times each Security rule was hit . Be aware that this counts explicit Security rules only - i.e. the ones you see in …



Time-based access limiting on Checkpoint or any Linux for any network service

Time-based access-lists in Cisco world are available since ... last century for sure. But is it possible that Linux doesn't have anything like that ? No way - of course it can do and do it better. Here is how . Access control based on time of the day is available via pam module …



Set NTP time source on Checkpoint to have correct log timestamps

It is hard to argue that logs are as good as correct they are. And correct timestamps of the logs are crucial to this. Internal clock is prone to drifting with time, in my experience I've seen some UTM appliances to drift as much as 40 minutes in just one …



All you need to know about networking in Checkpoint firewall SecurePlatform FAQ

Q. How do I see available interfaces, errors on them , IP addresses . Q. How do I see routing table of the firewall. Q. How do I see duplex, speed, physical link status of the interface . Q. How do I manually set duplex, speed, autonegotiation settings of an interface. Q. How …