Everyone today speaks BGP: Cisco ,Juniper and ScreenOS firewalls, Fortigate does it, even SonicWall have it as planned feature. The opportunity to see how it works on Fortinet Fortigate firewall recently presented itself and here is the sum up of how I configured and debugged Fortigate BGP set up. Task …
Dis+claimer - all this stuff I bring to your attention is for educational purposes only, and what may be fine and ok here and for me can easily get you somewhere else in trouble so use your discretion here . Happy scanning. "...Don't know much about geography" as the song goes …
Some time ago Telnet from inside Checkpoint firewall I wrote how to use awk to imitate telnet in Checkpoint firewall. Later in comments to that post the reader pointed out that there is a native telnet client located on the Splat installation iso image. That’s true , only I think …
Quite often I need to work on the Checkpoint firewall access to which in SmartDashboard is close to impossible due to the overloaded internet connection to the firewall and there is no out of band access alternative. Other times doing debug produces huge files (we talk gigabytes here) and if …
I updated the script and moved it to the 1st page : http://yurisk.info/2012/01/31/awk-weekly-rule-hits-statistics-checkpoint-again/ Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
Goooood day everyone again, today I have had another fight with the spam that my client fell victim of. Once upon a time there was not so powerful UTM providing internet to not so crowded office in not so security-aware Central Europe. All would be good and well if not …
I am using Cisco IPS sensor 4235 unless specified otherwise Initial Configuration. By default , out of the box the sensor has the following defaults: Management IP: 10.1.9.201/24 Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24 Telnet access: disabled …
Until recently I had never had any need to work with Checkpoint log files without SmartView Tracker. But there is always first time . Client complained on some dropped mail traffic and to even say if there is any problem or not I had to look at relevant logs, not a …
Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …
Yesterday I looked at the Checkpoint VPN Secure Client issue . After an upgrade from NGX R65 to R70 VPN client doesn't connect when Visitor mode is enabled . The moment you disable Visitor mode the same client to the same firewall works just fine. This happens often so I bring it …