Check Point Firewalls

In order to debug NAT on a checkpoint we need to obtain information via the following, Set the debugging buffer to 2 KB Enable 2 debugging flags Output your data Then to reset the debugging flags. The commands are, fw ctl debug -buf 2048fw ctl debug xlate srcfw ctl kdebug -f >& /tmp/kdebug.outfw ctl debug … Read more

FWM    Firewall Management e.g. the SmartCenter ICA     Internal CA, normally SmartCenter SIC     Secure Internal Communication SCS    Smart Centre Server VTI     Virtual Tunnel Interface (VPNs) MDG    Multi Domain GUI (Provider-1) MDS    Multi Domain Server, Manager or Container (Provider-1) CMA    Customer Management Add-on (Provider-1) – “Smart Center Server” MLM    Multi Customer Log Module (Provider-1) CLM     Customer Log … Read more

DiffServ (Differentiated Services)A layer 3 protocol, defined by the IEFT. Used for adding QoS to IP networks. WFRED(Weighted Flow Random Early Drop)A process for managing packet buffers, by dropping packets during periods of network congestion.This is transparent to the user and requires no configuration. IQ (Intelligent Queuing Engine)Using information from the Check Point INSPECT engine … Read more

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).    Check Point Gaia commands can be found here. CP, FW & FWM cphaprob stat List cluster status cphaprob -a if List status of interfaces cphaprob syncstat shows the sync status cphaprob list Shows a status in list form cphastart/stop Stops clustering … Read more

General tcp/257    FireWall-1 log transfertcp/18208  CPRID (SmartUpdate)tcp/18190  SmartDashboard to SCStcp/18191  SCS to FW-1 gateway for policy installtcp/18192  SCS monitoring of firewalls (SmartView Status) SIC Ports tcp/18209   NGX Gateways <> ICAs (status, issue, or revoke).tcp/18210   Pulls Certificates from an ICA.tcp/18211   Used by the cpd daemon (on the gateway) to receive Certificates. Authentication tcp/259      Client Authentication (Telnet)tcp/900      … Read more

This will show you the steps involved in exporting the settings of a Smart Centre Server for importing into a newly installed Smart Centre server, Download the upgrade_export utility and run it from $FWDIR/bin to export the config to a .tgz Transfer the tgz to another machine Uninstall all ngx packages and reboot Install new … Read more

Below are some of the various files and commands which you may find useful on a Check Point. Smart Centre Server $CPDIR/conf – Contains parts of the CPShared system    * cp.license  – license of machine    * sic_cert.p12 – SIC certificate$FWDIR/lib – .def files which are used when the rulebase is complied into inspection code for … Read more

There are many types of NAT in the land of Check Point. Here’s a quick overview, Static NAT – One to one translation Hide/Dynamic NAT – Allows you to NAT multiple IPs behind one IP/Interface Automatic NAT – Quick basic address NAT translation. Manual NAT – Allows greater flexibility over automatic NAT. Proxy ARP is … Read more

Nokia`s VRRP protocol allows for an active-standby firewall cluster. Nokia have added an extension to VRRP called VRRP monitored circuit which handles both total firewall failure as well as interface failures. Each virtual router uses a mac address of 00-00-5E-00-01-XX. XX being the Virtual Router ID (VRID).The multicast of 224.0.0.18 and IP protocol number 112 … Read more