Today I had the need to create a user in ASA that would have read-only permissions and also could issue only 2 commands: show run and show conn. Here is how to do it. We talk here about user with a local authentication (with TACACS it is much easier). Just …
The best place to hide something is to place it before your eyes. Recently I discovered a cool feature of the Checkpoint SmartDashboard - ability to print rules directly from the Dashboard , you just go to File -> Print -> Rule Base.. and that's it. Just amazing , I have been using Dashboards throughout …
Backing up firewall configs for disaster recovery is tedious and mundane task. And if you have enough firewalls doing it manually becomes impractical . To address this case I set up a highly secured server that periodically runs script backing up the clients’ firewalls. I use here poll model – this central …
Checkpoint firewalls have 3 means of transferring files in/out - ftp (client ) , SCP (server and client) and SFTP (haven't tried it yet) . At some stage of the debug/upgrade process you will have to move files in either direction. The most secure is SCP protocol. On windows platforms picking the …
Not specific to the Checkpoint but rather any Linux-based system issue Problem usually shows itself in randomly distributed inability of stations to pass the firewall, slowness and other network problems follow. In /var/log/message you see the following record: kernel: Neighbour table overflow. That means ARP table has reached …
HISTORICAL NOTE Aladdin was an Israeli company known for its security eTokens and mail filtering appliances - eSafe. In 2009 it was bought by Safenet primarily for the token/DRM line, and soon the eSafe appliance was discontinued. Later the Safenet was in turn acquired by Gemalto. You can read about …
All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to …
Updated: 07 July 2020 This is a quick reference sheet of all usable options for the fw monitor tool .At the end I put a list of fw monitor examples. The previous experience with the tool is assumed, i'll just say that if you are serious about debugging Checkpoint products …
You may need to download a remote file (usually IOS image, but anything goes) to the Cisco router via HTTP. The command is simple, but be aware of few caveats: Router# copy http[:full URI specification] flash[: local path to save the file] The caveats you should know: - router first …
You can get mail lerts on SSH login to any Linux server using the script below. This script sends mail to predefined email address each time someone successfully logs in by SSH to the machine. I take advantage here of the built-in feature of the OpenSSH daemon – if you create …