Articles tagged with #Checkpoint




Increase the limit and rotate SSH log files in Checkpoint firewall

All modern Operating Sytems today provide extensive logging facilities, and Linux on which Checkpoint products are based is no exception. I talk about the SSHD daemon, not Secure Rules, logs. The SSHD logs, located in /var/log/ are rotated by default every 4 logfiles. I found it very useful to …



fw monitor command reference CheckPoint firewall

This is a quick reference sheet of all usable options for the fw monitor tool .At the end I put a list of fw monitor examples. The previous experience with the tool is assumed, i'll just say that if you are serious about debugging Checkpoint products learn it and learn …



Checkpoint Connectra and Internet Explorer 7 and 8

With the arrival of Internet Explorer 7 and 8 remote users connecting to anything SSL-related have to explicitly click on the warning message link to continue browsing . It also includes Remote users connecting by SSL to Checkpoint Connectra that works with self-signed certificate . Sounds like a minor nuisance but ... certificate …



SSH login alert by mail Linux or Unix based systems

You can get mail lerts on SSH login to any Linux server using the script below. This script sends mail to predefined email address each time someone successfully logs in by SSH to the machine. I take advantage here of the built-in feature of the OpenSSH daemon – if you create …



Reinstall Checkpoint UTM-1 firewall, the hard way...

Sometimes machines fail , in the end all machines fail some day anyway. When it happens to the firewall (Checkpoint ) it might be a very frustrating event . By failing I mean machine turns on but doesn’t boot or boots into unusable state. If you have Checkpoint Open Server (i.e …



Don't rely on SmartViewTracker only - it may lie

Funny case of WYSIWYG misleading the uninitiated. The case involved a seemingly normally functioning firewall Checkpoint which after a client created rule to allow FTP from any to his server in DMZ (no Nat involved) refused to allow connections though. The client being quite experienced himself entered SmartViewTracker did filter …



Checkpoint UTM Appliance or Open Server/Power ?

UTM or Power ? How do you know when logged in with ssh what type of machine you are working with ? I know 3 ways to find it: By the interfaces names , see the difference: UTM (output edited for conciseness) [Expert@Firewall]# ifconfig DMZ Link encap Ethernet HWaddr 00 90 FB …



Change password for console expert user Checkpoint Splat

As seen many times Checkpoint has its own way of doing otherwise simple and straightforward tasks. Changing password for shell account is another example. By default, when installed, Splat creates two console/OS users - admin and root. You can't login remotely (i.e. by ssh) with root as /etc/ssh …



Clear ARP table in Checkpoint

Yesterday my colleague asked how to clear all entries in the ARP table of the NGX in question (Splat). I thought the arp command of the Linux would include some switch for that case too - but it didn't. To delete ARP entry from the ARP cache you use #arp -d …



'Manage VPN tunnels smartly: forget vpn tu,enter the vpn shell'

Deleting IKE/IPsec security associations of established VPNs is inevitable part of any VPN related debug. The standard tool promoted by Checkpoint (take CCSA,CCSE etc.,) is vpn tu that neveretheless has always had a very annoying bug (feature?) - you can delete ALL VPN tunnels at a time and none …