Find SmartCenter address on the firewall module

I am sure there are gazillion ways to find the IP address of the managing this module SmartCenter/ Security Management Server, but here comes the one I use. Works on firewall module as well as on the SmartCenter itself , even more - gives the same result, surprising no ? [Expert@FW-XL1]# fw …



Playing with RIP on ASA

Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …



Subnet calculator in Checkpoint firewall

Should you ever forget intricacies of the subnetting Checkpoint have subnetting calculator right in their firewalls - ipcalc. Given subnet show the 1st Ip (network) : ipcalc -n 192.168.34.45/27 NETWORK=192.168.34.32 Given subnet show the last IP (broadcast) : ipcalc -b 192.168.34.45/27 …



Restart Checkpoint Smart Center/Management Server only, without traffic interruption

It comes to the top 10 questions I hear on a daily basis so here is how to restart Checkpoint Smart Center only (Security Management Server). It is especially useful in Standalone firewall topology, where the Management Server and Firewall module are installed on the same machine and you don't …



List of valid domain names for load testing DNS

I am currently running a bunch of tests on DNS resolver software called Unbound to see what it is worth and for that needed a list of valid domain names in different but controllable TLDs. The only resource to download such list I could find was 3 million records file …



Restart SNMP daemon on Checkpoint

While not being anything noticeable by itself, the problem was that all monitored snmp values were normal but cpu showed 100% on the Open server with 8 CPUs , it did remind me that you should always record the current state before doing the changes. As I said it was an …



Query non-standard port of SNMP with snmpwalk

TLDR: Add colon to the IP address (no space), then the custom port. Sometimes the simple things are the ones to perplex us the most . Today I needed to add an SNMP monitoring of the Radware Linkproof load balancer listening on the port 7777 . Not a big deal, I thought …



Keep your Checkpoint IPS updated

The IPS protection should be up-to-date, no arguing here. But should it also be automatic ? Well, here Checkpoint thought that not and put no provision for auto updates for the R70.x series. The only way to update IPS protection is either click on Online Update and do it real-time …



Break free from the GUI dependency – checking Fortigate logs on the cli.

Fortinet are doing a lot to keep us away from the command line. And that’s ok in 95% of the cases. But sooner or later you come to meet the 5% of the bad and the ugly when you have no access to the GUI at all. One late …



MAC finder script

While I don't like going down to Layer 2 , recently I had to do it - I didn't know IP address of the Cisco router I wanted to connect to but I had access to the Cisco router sitting in the same network. That would be pretty easy to do #show …