Subscribe:
RSS feed
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
Failover can we generate with a lot of way. One way is with cphaprob, the most complicated way if you do not know it, but I am here for you to understand and use it instead of just an ifdown/ifup for an interface. :-) On the other hand it is an important command for the […]
August 7, 2012
This is a note from a CCSE training when I lost the connection with the training and started my own analysation of the Checkpoint processes. To understand what goes on in the Checkpoint products its worth not just learn the well known processes but just to take a look on the whole operation. Take a […]
August 7, 2012
I have always looked for a good documentation about fw monitor and I have find 2 usable doc. One is the official pdf and one in a post from a Checkpoint Expert (you can find them on my posts somewhere..) Actually there is no need to look for a documentation on google as it is […]
August 7, 2012
You can put your own script in Checkpoint Firewall or Management with SPLAT. If you need just a specific info from SPLAT continuously, that can be reached with a simple command you can implement it in SPLAT with a bash script. 1. To start your script on boot you have to put it in /etc/rc.d/rc.local. […]
July 31, 2012
Those customers, using user or session or client authentication, can have a new feature to migrate, this is called Identitiy Awareness. There is an example on the youtube for that. An old one to know how it began: http://www.youtube.com/watch?v=A5YIqoAZET8 and a new one how it look like now: http://www.youtube.com/watch?v=eEW9TROfhCE and my fully documented test comes […]
June 30, 2012
It is the 3rd Firewall I tries at home on my laptop, that is required for my work. Cisco ASA works in GNS3 http://blog.gns3.net/2009/12/how-to-emulate-cisco-asa/ Checkpoint Firewall works in Virtualbox too, that is a great advantage for me as it is free and really easy to use. And now the Fortigate can work in test enviroment […]
June 30, 2012
Sometimes the Fortigate devices has problem and they do not want to boot anymore (my experience is 2 from about 50 Boxes). Sometimes we have to buy a new one, but in this case I mention we should not. The message crc error is a problem that we can solve alone. Official link for RIM: […]
June 20, 2012
Actually this feature is a feature that I have never seen in Cisco ASA or in Checkpoint Firewall. And after reading the original documentation for that I have realised that it knows much more than I have ever expected! :-) The post contains useful notes from the original doc and my summary for the FCNSP […]
June 19, 2012
In this Post I will demonstrate for myself how to create a custom signature and how to modify an IPS Sensor. 1. Custom signature configuration. The configuration of the IPS happens in the following order. 1. Define a signature 2. Define your IPS sensor 3. Add IPS sensor to the firewall policy Used Version: v4.0,build0521,120313 […]
June 19, 2012
On Fortigate we can use LDAP Server for user authentication. What I miss here is the 2 important things what Cisco calls AAA -Authentication -Authorization –> missing -Accounting –> missing – Fortigate Supports LDAP, RADIUS, TACACS, with LDAP it can only authenticate users, authorization is only possible with TACACS. – With Fortigate we cannot define […]
itsecworks 
August 7, 2012
1