Funny things people do - how to turn Checkpoint UTM 450 into Windows Media player

in CheckPoint
#Checkpoint
Someone has finally found the best use of the Checkpoint UTM 450 - turned it into the Windows Media player and recorded the instructions so others may follow. In case you still wonder - yes , it certainly voids the warranty. Enjoy youtube.com And to those very few that will try to …



You need no MX record to get mails

in Linux
#Linux
That one is funny. One client of ours that is actually themselves provide ISP services in a far-far-away land asked to add PTR record for their mail server . But that was dull, the interesting part was that their domain had absolutely NO MX record ! Only A record for the mail …



Skynet got blacklisted - Google mail servers entered RBL of Sorbs.net

in Linux
#Linux
When yesterday my client sent me the headers of blocked by eSafe (Aladdin) mails I was quite surprised - the message said " Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this …



How come assigning VPN user to specific group takes just one command but no one does it ?

in Cisco
#Cisco
Group locking, as Cisco call it, has been available since ancient IOS 12.2(13)T (circa 2003) and still – most of the set ups I see of clients’ VPN servers at most use different VPN groups for different privilege access requirements and blissfully ignore the fact that all it …



Turn the Checkpoint firewall into network-neutral router and do it in 2 minutes.

in CheckPoint
#Checkpoint
It was rather unusual request of the client that for no matter which reasons asked me to “shut down the Checkpoint firewall”. What ? “Shutdown, you know, that it just passes the traffic from interface to interface by its routing table no checking , also I need to add few routes on …



Number of connected SecureClient or Secureremote users

in CheckPoint
#Checkpoint
Here is how to see number of connected to the gateway users. Nothing special/interesting and I am sure somewhere in the SecureKnowledgeBase it is to be found but with recent licensing improvements people ask a lot about that. VALS - real-time number of currently connected users. PEAK - largest number of …



Checkpoint - turn netconf.C routes into linux route command

in CheckPoint
#Checkpoint
I must confess that I prefer good solutions today over perfect solutions tomorrow. So when the need aroused to do a script that takes netconf.C and transforms all the route statements in it to the general linux form of "route add xxx" I did this one-liner you can see …



snmp-map in ASA is for passing through traffic only

in Cisco
#Cisco
I don’t know who to blame – me for not being attentive or Cisco documentation for being vague, but when I read about snmp-map inspection that allows you to block selectively by SNMP version I decided it was the way to protect ASA itself from such queries. And only with …



ASA 8.2 now speaks SNMP v3 decently

in Cisco
#Cisco
This article is all about SNMP in ASA. ASA has much less configuration options than IOS does, and this is good. Starting version 8.2 ASA supports version 3 of the SNMP protocol which adds new security model to the whole SNMP stack. But first we will start with old …



sla monitor in Cisco ASA land

in Cisco
#Cisco
SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but …