Checkpoint NG/NGX




awk weekly - how to see Checkpoint logs on command line

Until recently I had never had any need to work with Checkpoint log files without SmartView Tracker. But there is always first time . Client complained on some dropped mail traffic and to even say if there is any problem or not I had to look at relevant logs, not a …



VPN client stops working in visitor mode after major update

Yesterday I looked at the Checkpoint VPN Secure Client issue . After an upgrade from NGX R65 to R70 VPN client doesn't connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens often so I bring it …



fw monitor add-on - using tables in Checkpoint fw monitor capture tool

There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about using tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which …



Mail alert on ssh login or any other rule hit in Checkpoint

I once showed SSH login alert the way to send mail alert on successful login by ssh to any Linux-based machine , including Checkpoint firewalls. Now, thanks to folks at cpug.org that draw my attention to it, I will show how to get mail Alert on ANY rule in the …



Enabling antispam or antivirus on the Checkpoint gateway blocks smtp or http traffic

Recently I was unplesantly presented with "it is not a bug ,it is a feature" case with the Checkpoint . There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of …



Print rulebase in Checkpoint firewall

The best place to hide something is to place it before your eyes. Recently I discovered a cool feature of the Checkpoint SmartDashboard - ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that's it. Just amazing , I have been using Dashboards throughout …



Checkpoint – back up centrally for recovery.

Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls. I use here poll model – this central …



Checkpoint winscp troubles

Checkpoint firewalls have 3 means of transferring files in/out - ftp (client ) , SCP (server and client) and SFTP (haven't tried it yet) . At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the …



ARP table overflow in Checkpoint and Linux in general

Not specific to the Checkpoint but rather any Linux-based system issue Problem usually shows itself in randomly distributed inability of stations to pass the firewall, slowness and other network problems follow. In /var/log/message you see the following record: kernel: Neighbour table overflow. That means ARP table has reached …



Increase the limit and rotate SSH log files in Checkpoint firewall

All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to …