Browsing All Posts filed under »Checkpoint«

Are you aware of Identity Awareness?

July 31, 2012

0

Those customers, using user or session or client authentication, can have a new feature to migrate, this is called Identitiy Awareness. There is an example on the youtube for that. An old one to know how it began: http://www.youtube.com/watch?v=A5YIqoAZET8 and a new one how it look like now: http://www.youtube.com/watch?v=eEW9TROfhCE and my fully documented test comes […]

drops on IPSO interface

May 15, 2012

0

On IPSO the counter for packet drops is almost similar with the cisco drop counters. It is really detailed and can show us many kind of drops. To see if the number iof drops raises we have to check it 2-3 times when the issue arises. I guess with snmp we can monitor that value […]

external CA for Remote Access VPN

May 9, 2012

19

Checkpoint has a complete Certificate Authority infrastructure and I would use it for small and medium sized businesses where there is only some user for remote access. For large enterprises or for companies with existing CA infrasturcture it is worth to use their certificates, because it gives much more flexibility. In this example I illustrate […]

Edge troubleshooting note

April 17, 2012

0

Its April, but I have just realised the new features of Checkpoint Edge Firewall, in my point of view it is the worst firewall I have ever seen regarding the granurality in management or in troubleshooting, but it works fine as its expected and its small and nice and can be integrated under the same […]

Network topology with graphviz – Task 3.

March 20, 2012

1

Task 3. Create the input data for digraph: IPSO Firewall ‘clish -c “show route static”‘ output (filename: fw_static_routes_firewall1.txt): S 30.30.30.0/24 via 10.10.10.10, ae1c0, cost 0, age 6132971 S 40.40.40.0/24 via 10.10.10.10, ae1c0, cost 0, age 6132972 S 50.50.50.0/24 via 10.10.10.10, ae1c0, cost 0, age 6132973 S 60.60.60.0/24 via 20.20.20.10, ae2c1, cost 0, age 6132974 S […]

Network topology with graphviz – Task 2.

March 20, 2012

1

Task 2. List the interface name, the network address and the IP Address and the the DNS suffix. IPSO Firewall ‘clish -c “show route direct”‘ output (filename: fw_direct_routes_firewall1.txt): C 127.0.0.1/32 is directly connected, loop0c0 C 10.10.10.0/29 is directly connected, ae1c0 C 20.20.20.0/28 is directly connected, ae2c1 C 80.80.80.0/28 is directly connected, ae3c1 . # awk […]

Network topology with graphviz – Task 1.

March 20, 2012

1

Task 1. List the interface name, the IP address and the DNS suffix for the domain the IP belongs to. IPSO Firewall ‘clish -c “show interfaces”‘ output (filename: fw_interfaces_firewall1.txt): Physical Interface ae1 Up Logical Interface ae1c0 Active On link_avail Up Type i802.3ad IP Address Destination 10.10.10.1 10.10.10.0/29 Physical Interface ae2 Up Logical Interface ae2c0 Active […]

Network topology with graphviz

March 16, 2012

5

I am lazy that’s the truth, I will not paint with a microsoft Visio and not even with dia any networking topologies. It must be possible to do it with a program. A good question would be, how much time we need for a program and how much would it be if we would do […]

save and rotate backups

March 16, 2012

0

This is a really simply and of course my first script to copy firewall backups to a remote server and rotate the backups. – The script generate log files and list the files that were modified (copied or deleted). – The first part of the script checks on the remote server the old backups and […]

Backup the Firewall

February 16, 2012

0

The Firewall backup can be done manually day by day if we have sufficient work force or can be done automatically. In IPSO it is with the GUI and with the CLI very easy, but some question remains even if we read the official doks about it. I play again with CLI, if you need […]