Undocumented command to install policy on Locally managed Checkpoint UTM 1100 series appliance

I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case - crypt.def, do not take effect . It is actually …



Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence

I don’t work on the command line of CUCM often, but when the need arises here is the short list of commands to keep. For ssh connection you use the OS Administration username/password created during the CUCM installation. BTW the CLI commands below are valid for all the …



Cisco reflexive access-lists are still on CCNP Security exam

Today I was surprised to hear from someone who just took one of the CCNP Security exams that they still test for Reflexive access-lists - what a nostalgy. I was sure it has long been ousted by ip inspect and Zone Based Firewall, but no - it is still tested and still …



How to know if a license or a subscription is about to expire for Check Point product

There are two ways to be warned when some license or subscription based service from Check Point is about to expire: - Every time we login into the SmartUpdate (part of the SmartConsole suite) if there are any licenses/services to expire within next 30 days we’ll see a pop …



Overlooked but nice utility from Checkpoint - cpview

Checkpoint has made available starting with R77.30 this helpful diagnostics and debug utility called cpview of which not many are aware. This is basically a Bash script that runs a bunch of native Checkpoint commands in the background and displays the output on the terminal while updating the data …



Checkpoint Mobile Access support for SHA-256 SSL certificates

The new era of sha-256 (as opposed to sha-1) signed SSL certificates is slowly gaining the pace, not without a gentle push from the browser providers . And Checkpoint is catching up in its new version R77.30 for Open Servers. While on both versions - 77.20 and 77.30 cpopenssl …



SNMP in Gaia default community string

Configuring SNMP in Gaia as opposed to SPLAT has been made much simpler. So simple that it is easy to overlook that default configured read-only community is public . So , it is a good idea to change it while enabling SNMP: set snmp agent on set snmp agent-version any set …



RIPE database query for a route object, or why my network is not advertised

via BGP to the world wordpress_id: 2027 category: Cisco tags: Cisco, Linux Once it was a nice-to-have configuration that most ISPs in the world ignored anyway, but today it is a must if you are planning to advertise your networks via BGP through your uplink provider - your route object in …



Cisco CUCM CDR report - call duration and called numbers extraction script

Yesterday I had to extract some data from a CDR report for a client, namely call start time, its duartion and the called number. And while I am sure Google has zillion scripts to be found, it was much faster to hack this one-liner . The script extracts the following fields …



Convert Checkpoint SPLAT routes into Gaia route configuration commands

` Hi there, not much of a script , just the one-liner to turn output of the Secure Platform cli command route/ip route list into the ready for copy&paste; list of Gaia clish commands. Be aware I am not doing any error checking, so examine the final result before applying to …