Checkpoint UTM Appliance or Open Server/Power ?

UTM or Power ? How do you know when logged in with ssh what type of machine you are working with ? I know 3 ways to find it: By the interfaces names , see the difference: UTM (output edited for conciseness) [Expert@Firewall]# ifconfig DMZ Link encap Ethernet HWaddr 00 90 FB …



Change password for console expert user Checkpoint Splat

Update 2022: Checkpoint has disabled changing Expert password with passwd altogether. When trying to run the command, no matter what you enter the result will be an error "bad credentials" and "Authentication token manipulation error". You can only change Expert password in Gaia, either in clish, or the WebUI. As …



Debug VPN in Fortigate - seeing is believing

Updated: 2022 You can't really debug VPN problems with static show commands, if VPN fails to function you HAVE to see it happening real-time. Below I list few debug commands to do just that for IPSEC site-to-site tunnels in Fortigate. Here: 192.168.168.254 - IP address on the LAN …



Black hole routing to the rescue - Fortigate OS 4 surprise

Many times there is more than one solution to the problem, and the most obvious is not the best one. I reminded myself this when came to my care Fortigate 60 unit that was periodically blocking traffic, you know this not-saying-much system alert "..has reached connection limit" and then no …



eSafe Certified Professional

HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …



Cisco routers ip accounting to see most bandwidth abusing connections

First of all, Happy New year everyone ! As I promised before (last year :) I'll look at ip accounting in Cisco world. I'll say it at the start - accounting being with us since IOS 10.0 is getting pushed aside by the powerful Netflow feature. And while it is nowhere being …



Finding the station/IP using/abusing most of the bandwidth – PIX/ASA

Here is a short how-to I wrote some (well ,long) time ago for the newcomers to our department. It was written for the PIX , but applies to ASA as well in most cases,see for ASA notes for differences. Usually it starts with client complaining about slow internet, or users …



Clear ARP table in Checkpoint

Update 2022: On modern Check Point systems you don't have to run the script below (which still works) as they come with up-to-date iproute2 network tools. So, to clear all dynamic ARP entries learned on a specific interface, use ip neighbor flush dev interface-name. Yesterday my colleague asked how to …



Prevent brute force attack on VTY in Cisco IOS

Cisco starting IOS 12.3 introduced a simple but powerful feature to guard against brute force password guessing attack on remote access. The usual template followed when configuring VTY access is: Configure ACL containing management IPs to be allowed to access the router through VTY (Optional) Restrict VTY access protocol …



Manage VPN tunnels smartly: forget vpn tu,enter the vpn shell

Deleting IKE/IPsec security associations of established VPNs is inevitable part of any VPN related debug. The standard tool promoted by Checkpoint (take CCSA,CCSE etc.,) is vpn tu that neveretheless has always had a very annoying bug (feature?) - you can delete ALL VPN tunnels at a time and none …