Juniper or Checkpoint wordpress_id: 419 category: Linux tags: Checkpoint, Solaris, Linux, Cisco As you probably noticed IP header has variable length placeholder for the IP Options field. It has been there since the beginning , once a good idea for debug now turned into trouble. RFC 791 states that hosts/routers …
Today I've noticed some strange error on my Cisco 1841 router : %FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF samecable event After searching the net, i've found some Cisco bug that describes this. "FIB-4-FIBCBLK errors with dns view Symptoms Message "%FIB-4-FIBCBLK: Missing cef table for tableid 65535 during CEF …
Recently I had to do late night restart of a Fortigate and was looking for "Reload in..." I found it, but in Fortigate it is a little different. It's called Daily Restart, and if you want to use it once you need to remember to remove this command later. config …
Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with a local authentication (with TACACS it is much easier). Just …
The best place to hide something is to place it before your eyes. Recently I discovered a cool feature of the Checkpoint SmartDashboard - ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that's it. Just amazing , I have been using Dashboards throughout …
Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls. I use here poll model – this central …
Checkpoint firewalls have 3 means of transferring files in/out - ftp (client ) , SCP (server and client) and SFTP (haven't tried it yet) . At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the …
Not specific to the Checkpoint but rather any Linux-based system issue Problem usually shows itself in randomly distributed inability of stations to pass the firewall, slowness and other network problems follow. In /var/log/message you see the following record: kernel: Neighbour table overflow. That means ARP table has reached …
HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …
All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to …