Check Point Gaia route missing after adding via ip route add problem

Check Point Gaia route missing after adding via ip route add problem Well, it is actually a feature not a bug of all Check Point firewalls working on Gaia. If you haven't noticed as opposed to good old SPLAT firewall platform the Gaia is selective about which routes to propagate …



RHEL get firewall zones and their interfaces in one go

The firewall-cmd doesn't have an option to show all zones and to which one the server interfaces belong, so here is a one-line to show that: #for ii in `ls /usr/lib/firewalld/zones/`; do echo ${ii%%.xml}: ; firewall-cmd --zone=${ii%%.xml} --list-interfaces; done The output: block: dmz: drop: external …



fw ctl zdebug drop - Check Point firewall ultimate debug command

Check Point provided us many ways to debug issues. Some are easier, some are harder. The first thing to do when you have dropped traffic is to see whether the packets are being dropped by the firewall or not. The first impulse is to look at SmartView Tracker's logs and …



Do not miss Netflow capability of Check Point Gaia R77 and above

Do not miss Netflow capability of Check Point Gaia R77 and above. In the past measuring the traffic passing through firewall wasn't easy - you had to either query interface counters via SNMP or run custom Bash scripts on the firewall itself to get interface statistics. The problem with both of …



Change colors of ls output in the bash shell

Usually colorization is put in action via alias : alias ls='ls --color=auto' You can turn off the colors each time you run ls: ls --color=never or change the alias itself to disable fancy colors permanently or even simple \ls . But to change the colors you'd need to cause …



How to know Checkpoint UTM Appliance model from the cli

Many times you get to work on some UTM appliance remotely via ssh and need to know which exact model it is. It takes just one cli Expert level command to know: dmidecode | grep "Product Name". Then you go and compare the output with the UTM models table which Tobias …



Undocumented command to install policy on Locally managed Checkpoint UTM 1100 series appliance

I was trying the other day to exclude on UTM 1180 gateway some IP address and service combination from being encrypted inside VPN tunnel and noted that any changes you do to the firewall files on the CLI, in this case - crypt.def, do not take effect . It is actually …



Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence

Note: For quick reference, I put all the commands below as a cheat sheet PDF: Useful CLI commands for Cisco CUCM, Cisco Unity Connection and IM and Presence I don’t work on the command line of CUCM often, but when the need arises here is the short list of …



Cisco reflexive access-lists are still on CCNP Security exam

Today I was surprised to hear from someone who just took one of the CCNP Security exams that they still test for Reflexive access-lists - what a nostalgy. I was sure it has long been ousted by ip inspect and Zone Based Firewall, but no - it is still tested and still …



How to know if a license or a subscription is about to expire for Check Point product

There are two ways to be warned when some license or subscription based service from Check Point is about to expire: - Every time we login into the SmartUpdate (part of the SmartConsole suite) if there are any licenses/services to expire within next 30 days we’ll see a pop …