Capture packets at IOS Cisco router or finally we have a sniffer

Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline. It can capture any traffic passing …



Enabling antispam or antivirus on the Checkpoint gateway blocks smtp or http traffic

Recently I was unplesantly presented with "it is not a bug ,it is a feature" case with the Checkpoint . There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of …



IP Options are evil - drop them , drop them on Cisco Asa/IOS Microsoft ISA

Juniper or Checkpoint wordpress_id: 419 category: Linux tags: Checkpoint, Solaris, Linux, Cisco As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers …



'Cisco log: Missing cef table for tableid 65535 during CEF samecable event'

Today I've noticed some strange error on my Cisco 1841 router : %FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event After searching the net, i've found some Cisco bug that describes this. "FIB-4-FIBCBLK errors with dns view Symptoms Message "%FIB-4-FIBCBLK: Missing cef table for tableid 65535 …



Scheduled Daily Reboot of FortiGate

Recently I had to do late night restart of a Fortigate and was looking for "Reload in..." I found it, but in Fortigate it is a little different. It's called Daily Restart, and if you want to use it once you need to remember to remove this command later. config …



Cisco ASA privilege separation for a local user or read only user on ASA

Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with local authentication (with TACACS it is much easier). Just as …



Print rulebase in Checkpoint firewall

The best place to hide something is to place it before your eyes. Recently I discovered a cool feature of the Checkpoint SmartDashboard - ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that's it. Just amazing , I have been using Dashboards throughout …



Checkpoint – back up centrally for recovery.

Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls. I use here poll model – this central …



Checkpoint winscp troubles

Checkpoint firewalls have 3 means of transferring files in/out - ftp (client ) , SCP (server and client) and SFTP (haven't tried it yet) . At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the …



ARP table overflow in Checkpoint and Linux in general

Not specific to the Checkpoint but rather any Linux-based system issue Problem usually shows itself in randomly distributed inability of stations to pass the firewall, slowness and other network problems follow. In /var/log/message you see the following record: kernel: Neighbour table overflow. That means ARP table has reached …