SSH login alert by mail Linux or Unix based systems

You can get mail lerts on SSH login to any Linux server using the script below. This script sends mail to predefined email address each time someone successfully logs in by SSH to the machine. I take advantage here of the built-in feature of the OpenSSH daemon – if you create …



Reinstall Checkpoint UTM-1 firewall, the hard way...

Sometimes machines fail , in the end all machines fail some day anyway. When it happens to the firewall (Checkpoint ) it might be a very frustrating event . By failing I mean machine turns on but doesn’t boot or boots into unusable state. If you have Checkpoint Open Server (i.e …



Ping – setting don't fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Linux FreeBSD Solaris CISCO routers (IOS) Juniper routers (JunOS) Ping. Many times while debugging network problems of various kinds you need to send some packets of desirable size and don’t fragment bit being set. I list below how to do it for the different equipment/OSes. Let’s start …



Don't rely on SmartViewTracker only - it may lie

Funny case of WYSIWYG misleading the uninitiated. The case involved a seemingly normally functioning firewall Checkpoint which after a client created rule to allow FTP from any to his server in DMZ (no Nat involved) refused to allow connections though. The client being quite experienced himself entered SmartViewTracker did filter …



Failed to connect to Fortiguard servers

Note: This post was written for FortiOS version 2.8 and 3.x so some commands have changed, for updated debug steps please read Failed to connect to Fortiguard servers verification and debug updated Today I encountered otherwise easy to diagnose misconfiguration only that Fortinet decided to 'hide' this parameter …



You can't set duplex/speed settings of the Fortigate interfaces?

Sometimes you can't set duplex/speed settings of the Fortigate interfaces. Important FIX: depends on which interface you are trying to set! [ Thanks to Chen for pointing out ] Upon careful examination turns out that you can't set duplex/speed settings of 4-port switch interfaces only, i.e. Internal interface of …



Tracking the source of DOS attack with Cisco IOS

Problem: Enterprise is under Denial Of Service Attack (DDOS) that brings down key elements of the business or the whole network at all. To track the attacker is the first step in handling the attack and unless the flood is coming from inside (most probably not in a well managed …



Checkpoint UTM Appliance or Open Server/Power ?

UTM or Power ? How do you know when logged in with ssh what type of machine you are working with ? I know 3 ways to find it: By the interfaces names , see the difference: UTM (output edited for conciseness) [Expert@Firewall]# ifconfig DMZ Link encap Ethernet HWaddr 00 90 FB …



Change password for console expert user Checkpoint Splat

As seen many times Checkpoint has its own way of doing otherwise simple and straightforward tasks. Changing password for shell account is another example. By default, when installed, Splat creates two console/OS users - admin and root. You can't login remotely (i.e. by ssh) with root as /etc/ssh …



Debug VPN in Fortigate - seeing is believing

You can't really debug VPN problems with static show commands, if VPN fails to function you HAVE to see it happening real-time. Below I list few debug commands to do just that for IPSEC site-to-site tunnels in Fortigate. Here: 192.168.168.254 - IP address on the LAN interface of …