Until recently I had never had any need to work with Checkpoint log files without SmartView Tracker. But there is always first time . Client complained on some dropped mail traffic and to even say if there is any problem or not I had to look at relevant logs, not a …
Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …
Yesterday I looked at the Checkpoint VPN Secure Client issue . After an upgrade from NGX R65 to R70 VPN client doesn't connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens often so I bring it …
There is something I didn’t include in the previous post fw monitor command reference about fw monitor as I think it is rather optional and you can do well without it . I talk about using tables in defining filter expressions. INSPECT – proprietary scripting language by the Checkpoint on which …
UPDATE 2019: I updated the access details below. Also, if you work for a Fortinet partner you can request access to the demo appliances via Partner's Portal. As someone said best things in life are free. Here are links to the demo Forigate firewall, ForiAnalyzer and FortiManager open to access …
I once showed SSH login alert the way to send mail alert on successful login by ssh to any Linux-based machine , including Checkpoint firewalls. Now, thanks to folks at cpug.org that draw my attention to it, I will show how to get mail Alert on ANY rule in the …
Finally it is here – built-in sniffer on the Cisco IOS platform ! Starting IOS 12.4(20) release Cisco introduces brand new feature called Embedded Packet Capture (EPC) that allows us to capture raw packets on the Cisco router and then later analyze it offline. It can capture any traffic passing …
Recently I was unplesantly presented with "it is not a bug ,it is a feature" case with the Checkpoint . There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of …
Juniper or Checkpoint wordpress_id: 419 category: Linux tags: Checkpoint, Solaris, Linux, Cisco As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers …
Today I've noticed some strange error on my Cisco 1841 router : %FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event After searching the net, i've found some Cisco bug that describes this. "FIB-4-FIBCBLK errors with dns view Symptoms Message "%FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF …