With previous generation of Check Point UTM appliances (so called UTM-1 which included UTM 132, 270, 450 etc.) it was a really nagging issue when firewall run out of space on its hard disk. It was especially problematic for the root partition cause it is used for update downloads, upgrade …
Check Point Gaia route missing after adding via ip route add problem Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate …
The firewall-cmd doesn't have an option to show all zones and to which one the server interfaces belong, so here is a one-line to show that: #for ii in `ls /usr/lib/firewalld/zones/`; do echo ${ii%%.xml}: ; firewall-cmd --zone=${ii%%.xml} --list-interfaces; done The output: block: dmz: drop: external …
Check Point provided us many ways to debug issues. Some are easier, some are harder. The first thing to do when you have dropped traffic is to see whether the packets are being dropped by the firewall or not. The first impulse is to look at SmartView Tracker's logs and …
Do not miss Netflow capability of Check Point Gaia R77 and above. In the past measuring the traffic passing through firewall wasn't easy - you had to either query interface counters via SNMP or run custom Bash scripts on the firewall itself to get interface statistics. The problem with both of …
Usually colorization is put in action via alias : alias ls='ls --color=auto' You can turn off the colors each time you run ls: ls --color=never or change the alias itself to disable fancy colors permanently or even simple \ls . But to change the colors you'd need to cause …
Many times you get to work on some UTM appliance remotely via ssh and need to know which exact model it is. It takes just one cli Expert level command to know: dmidecode | grep "Product Name". Then you go and compare the output with the UTM models table which Tobias …
I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case - crypt.def, do not take effect . It is actually …
Note: For quick reference, I put all the commands below as a cheat sheet PDF: Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence I don’t work on the command line of CUCM often, but when the need arises here is the short list of …
Today I was surprised to hear from someone who just took one of the CCNP Security exams that they still test for Reflexive access-lists - what a nostalgy. I was sure it has long been ousted by ip inspect and Zone Based Firewall, but no - it is still tested and still …