Increase log size in eSafe

Session logs in eSafe are essential for debugging . By default ,nevertheless each Session log file is limited to 100 megabytes in size , after reaching this limit eSafe stops writing the Session logs until the next log rotation - that is midnight. To fix this , edit the file /opt/eSafe/eSafeCR/esafecfg …



Increase the limit and rotate SSH log files in Checkpoint firewall

All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to …



fw monitor command reference CheckPoint firewall

This is a quick reference sheet of all usable options for the fw monitor tool .At the end I put a list of fw monitor examples. The previous experience with the tool is assumed, i'll just say that if you are serious about debugging Checkpoint products learn it and learn …



Checkpoint Connectra and Internet Explorer 7 and 8

With the arrival of Internet Explorer 7 and 8 remote users connecting to anything SSL-related have to explicitly click on the warning message link to continue browsing . It also includes Remote users connecting by SSL to Checkpoint Connectra that works with self-signed certificate . Sounds like a minor nuisance but ... certificate …



copy http flash – download from HTTP server to the Cisco router

You may need to download a remote file (usually IOS image, but anything goes) to the Cisco router via HTTP. The command is simple, but be aware of few caveats: Router# copy http[:full URI specification] flash[: local path to save the file] The caveats you should know: - router first …



SSH login alert by mail Linux or Unix based systems

You can get mail lerts on SSH login to any Linux server using the script below. This script sends mail to predefined email address each time someone successfully logs in by SSH to the machine. I take advantage here of the built-in feature of the OpenSSH daemon – if you create …



Reinstall Checkpoint UTM-1 firewall, the hard way...

Sometimes machines fail , in the end all machines fail some day anyway. When it happens to the firewall (Checkpoint ) it might be a very frustrating event . By failing I mean machine turns on but doesn’t boot or boots into unusable state. If you have Checkpoint Open Server (i.e …



eSafe has iptables too

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



Ping – setting don't fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Ping. Many times while debugging network problems of various kinds you need to send some packets of desirable size and don’t fragment bit being set. Below I list how to do it for the different equipment/OSes. Let’s start with the most popular operating system among network folks …



Don't rely on SmartViewTracker only - it may lie

Funny case of WYSIWYG misleading the uninitiated. The case involved a seemingly normally functioning firewall Checkpoint which after a client created rule to allow FTP from any to his server in DMZ (no Nat involved) refused to allow connections though. The client being quite experienced himself entered SmartViewTracker did filter …