Articles tagged with #Checkpoint




SCP file transfers and Checkpoint R75 problems

There is a known issue with transferring big files (bigger than 1 Mb) from/to SecurePlatform firewall by Checkpoint. The file transfer fails with some error about buffers. The problem is that Checkpoint SPLAT comes with old opensshd daemon , which has a bug in it dated 2006 ( https://bugzilla.redhat …



Check duplex and speed settings of all interfaces in one go

One of the first things you do when checking connectivity issues on the Checkpoint (or any networking gear for that matter) is to see speed and duplex parameters of the interfaces. But have you tried to do it on a firewall with 15-20 interfaces ? No fun entering one by one …



Funny way to expire Antispam license in Checkpoint

After years with Checkpoint products I came to conclusion that if you don't have logical explanation why something doesn't work, it is most probably license issue. My client stopped getting emails behind UTM-132 at some remote branch . Doing the basics - telnet to port 25 (Checkpoint answered as it should), Exchange …



awk weekly - Security rule hits statistics . Checkpoint

As I mentioned before once you export firewall logs into human-readable format you can do lots of interesting things - for example script that gives statistics of how many times each Security rule was hit . Be aware that this counts explicit Security rules only - i.e. the ones you see in …



Time-based access limiting on Checkpoint or any Linux for any network service

Time-based access-lists in Cisco world are available since ... last century for sure. But is it possible that Linux doesn't have anything like that ? No way - of course it can do and do it better. Here is how . Access control based on time of the day is available via pam module …



Set NTP time source on Checkpoint to have correct log timestamps

It is hard to argue that logs are as good as correct they are. And correct timestamps of the logs are crucial to this. Internal clock is prone to drifting with time, in my experience I've seen some UTM appliances to drift as much as 40 minutes in just one …



All you need to know about networking in Checkpoint firewall SecurePlatform FAQ

Q. How do I see available interfaces, errors on them , IP addresses . Q. How do I see routing table of the firewall. Q. How do I see duplex, speed, physical link status of the interface . Q. How do I manually set duplex, speed, autonegotiation settings of an interface. Q. How …



Enable RADIUS Authentication for SSH and WEBGui access to the Checkpoint firewall

User actions accountability is one of the building blocks of Non-repudiation in Security. In Checkpoint , nevertheless, the default (and widely used) user authentication for SSH and WEBGui sessions is local. Actually Checkpoint thought about that long ago and have been offering Radius authentication for users accessing the SecurePlatform and Gaia …



Enable SNMP v3 in Checkpoint video walkthrough

SNMP version 3 has been with us for so many years but so very few Checkpoint folks use it that I decided to do this screencast/video showing how to enable and use SNMP v3 in Checkpoint firewall. NOTE - the language of narration is Hebrew . http://vimeo.com/22473169



Two tips to secure SSH access from specific IPs to specific users in Checkpoint or any Linux

Today I'll bring you two tips to secure SSH access to the Checkpoint firewall beyond firewall rules itself. SSH access is the most powerful way to own the firewall so it should be secured to the paranoid level and even then it is never enough. Tip 1 Change the listening …