Encrypting local files in Solaris

How do I encrypt local file in Solaris ? On Linux I use either OpenSSL or GPG but these are both open source projects not native in the Solaris land. For this Solaris has encrypt/decrypt tools which do what their name say. And of course we talk here about symmetric …



Quick and dirty way to bypass eSafe inspection

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



Authenticating ssh access on the Checkpoint using external Radius server

Radius Athentication - I got asked few times on this feature, and as surfing through the Checkpoint docs can be a bit tedious, I‘ll put it here. SSH user authentication against external server, in this case using Radius protocol, is possible but only if you have VPN Pro featured firewall …



How to know UTM appliance version on the CLI

This one will be short, just a link to the Tobias Lachmann blog where he shows how using dmidecode you can know what is the version of the UTM you are logged in. Determine UTM-1 appliance series from cli ~~blog.lachmann.org/?p=172~~ the site is down, look here …



fw ctl or checkpoint tables by any other name

Today I want to draw your attention to often overlooked information source – Checkpoint state tables. While running, the firewall creates, keeps and updates various tables it needs for correct functioning. These tables contain parameters that are mostly of use for firewall itself, but you can query them on the cli …



Solaris – configure ftp server

SUN Solaris FTP SUN Solaris comes with ftp daemon based on WU-FTPd Washington University project. While not being very enthusiastic about its vulnerabilities discovered over the years and being rather abandoned by its developers ,still, it comes installed by default and as long as Sun ok with that it is …



Fortigate BGP - configure and debug

Everyone today speaks BGP: Cisco ,Juniper and ScreenOS firewalls, Fortigate does it, even SonicWall have it as planned feature. The opportunity to see how it works on Fortinet Fortigate firewall recently presented itself and here is the sum up of how I configured and debugged Fortigate BGP set up. Task …



Scan of the week – scan by country scan by continent

Dis+claimer - all this stuff I bring to your attention is for educational purposes only, and what may be fine and ok here and for me can easily get you somewhere else in trouble so use your discretion here . Happy scanning. "...Don't know much about geography" as the song goes …



Install native telnet client on Checkpoint firewall

Some time ago Telnet from inside Checkpoint firewall I wrote how to use awk to imitate telnet in Checkpoint firewall. Later in comments to that post the reader pointed out that there is a native telnet client located on the Splat installation iso image. That’s true , only I think …



Traffic shaping in Checkpoint the Linux way

Quite often I need to work on the Checkpoint firewall access to which in SmartDashboard is close to impossible due to the overloaded internet connection to the firewall and there is no out of band access alternative. Other times doing debug produces huge files (we talk gigabytes here) and if …