Cisco ASA 5500 Series Content Security and Control Security Services Module or just CSC-SSM and how it looks

While the reason for me getting involved with this ASA 5510 module is of less interest (client was getting notification message " LogServer has recently stopped on InterScan for CSC SSM" , more about that at the end of the post) , the module itself looks cute , so I bring here some output …



How to enable SCP protocol on Checkpoint firewall for transferring files - video

Hi everyone, in this video I tell and show how to enable SCP file transfer in Checkpoint firewall. I am beta testing it at the present therefore a bit shy to present to the wide audience, but be sure to check later when this idea of my site goes public …



New Year present from Checkpoint - R75 download

New Year present from Checkpoint - R75 Well, saying 'present' I was a bit sarcastic - just another release in the NGX family - R75 , that is now available for download: R75 release . So go ahead , install it , use it, enjoy its new features and bugs and report back to the mothership . Note …



Check Point Certified Master Architect Certification is more accessible than ever

Hello, fellow checkpoint-heads. I know you have been waiting for this for a long long time, and now it happens - Checkpoint announced that Check Point Certified Master Architect Certification lab can be taken at "convenience of your desktop" - that is Online. You don't need to ride your horses over the …



New spam on the block

May be not new , but new to me - spam mails that instead of direct links to their websites list links cached in google. So , you get in the email not http://degayfisk.com/ but http://google.nr/search?q=cache:c2tHRUQ2mx4J:google.co.nz It is ,by the way, recognized …



Best open source Netflow/sFlow analyzing software

People ask me frequently what software I would recommend for Netflow analysis , especially with security implementations in mind. I made my choice a long ago and haven't been complaining so far - Nfsen graphical frontend that has Nfdump as its data processing backend . It provides most flexibility, configurability; its filter syntax …



Class A 2.0.0.0 is inaccessible from behind Edge devices bug

This is a not critical but rather annoying bug in the Checkpoint Edge devices firmware 8.1.x preventing any host behind it to reach class A network 2.0.0.0/8 . If you notice this problem then it is most probably because recently the pool 2.16.0 …



IP address pools of Facebook to block, if you need to

Once upon a time I mentioned that blocking Facebook is easy as they have a uniform IP addresses pool . Since then they added more , here is the new and old pools: NetRange: 69.63.176.0 - 69.63.191.255 CIDR: 69.63.176.0/20 OriginAS: AS32934 NetName: TFBNET2 …



Grab bag of IPF firewall commands for FreeBSD and Solaris 10

Nothing new here , just a round-up of the commands/configs I happen to need from time to time. Google probably has better references for that.I talk about Pf firewall used in FreeBSD, OpenBSD and Solaris systems. Enable and disable firewall: pfctl –e Enable packet filter real time pfctl –ef …



The D-day for CheckPoint UTM-1 Edge Appliances happened today - reboots are reported all over the world

Today we have got reports from the clients that all their Check Point UTM-1 Edge devices did a reboot early at night, at about 03:00 AM Israel time 31st of October. While no official press-release has been seen so far from the Checkpoint, looking at cpug.org posts where …