Recently I was unplesantly presented with "it is not a bug ,it is a feature" case with the Checkpoint . There was some UTM with TS (Total Security) valid license that includes antivirus and antispam services that client paid for and even asked to enable. So far so good. Part of …
Juniper or Checkpoint wordpress_id: 419 category: Linux tags: Checkpoint, Solaris, Linux, Cisco As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers …
Today I've noticed some strange error on my Cisco 1841 router : %FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event After searching the net, i've found some Cisco bug that describes this. "FIB-4-FIBCBLK errors with dns view Symptoms Message "%FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF …
Recently I had to do late night restart of a Fortigate and was looking for "Reload in..." I found it, but in Fortigate it is a little different. It's called Daily Restart, and if you want to use it once you need to remember to remove this command later. config …
Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with a local authentication (with TACACS it is much easier). Just …
The best place to hide something is to place it before your eyes. Recently I discovered a cool feature of the Checkpoint SmartDashboard - ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that's it. Just amazing , I have been using Dashboards throughout …
Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls. I use here poll model – this central …
Checkpoint firewalls have 3 means of transferring files in/out - ftp (client ) , SCP (server and client) and SFTP (haven't tried it yet) . At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the …
Not specific to the Checkpoint but rather any Linux-based system issue Problem usually shows itself in randomly distributed inability of stations to pass the firewall, slowness and other network problems follow. In /var/log/message you see the following record: kernel: Neighbour table overflow. That means ARP table has reached …
HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …