Firewalls

Problem You find that your gateway is blocking SSH connections and showing in the logs even though you have the ssh and ssh_version_2 protocols added to your rule. message_info: SSH version 1.x is not allowed Reason On closer inspection when you look at the ssh_version_2 protocol object it says in the comment, Secure Shell, version … Read more

HFA stands for Hot fix accumulator. Which is a bit like a Windows Service Pack but for your Check Point Firewall.The documentation from the Check Point site on how to install these, is very good, and also contains the IPSO installation instructions. Below are the basic instructions on how to install the latest HFA 30 … Read more

To create a static route script, create a file in /etc/init.d/ with the routes included. Below is an example, #!/bin/bash /sbin/route add -host 192.168.1.25 gateway 10.1.1.25/sbin/route add -host 192.168.1.19 gateway 10.1.1.19 exit 0 Then link this to the startup script, by running, ln -s /etc/init.d/staticroutes /etc/rc3.d/S68Staticroutes You can then do the same for the static … Read more

If you cannot delete the administrator via cpconfig, or the fwm commands then remove the administrator (the complete line) from the following file /$FWDIR/conf/fwmusers

Issue There may be a time where you install the wrong policy onto a Check Point Firewall. This can block your connections, and screw which traffic is allowed through the firewall. Resolution These steps will show you how to remove and reinstall the correct policy via the CLI on the manager (SCS), 1. First of … Read more

Method 1 Even though this maybe more of an article for the Linux area, the only reason I came across this is trying to move the output of a upgrade_export from my SPLAT box, so hence it being under Firewalls – Check Point. If you keep getting prompted with a password box when trying to … Read more

Stealth Rule The first rule in the rule base which prevents access to the firewall itself. Implicit Drop / Clean Up Rule This is added by the firewall at the bottom of the rule base. Its role is to drop any traffic that hasn’t been matched to any of the previous rules.

In order to debug NAT on a checkpoint we need to obtain information via the following, Set the debugging buffer to 2 KB Enable 2 debugging flags Output your data Then to reset the debugging flags. The commands are, fw ctl debug -buf 2048fw ctl debug xlate srcfw ctl kdebug -f >& /tmp/kdebug.outfw ctl debug … Read more

FWM    Firewall Management e.g. the SmartCenter ICA     Internal CA, normally SmartCenter SIC     Secure Internal Communication SCS    Smart Centre Server VTI     Virtual Tunnel Interface (VPNs) MDG    Multi Domain GUI (Provider-1) MDS    Multi Domain Server, Manager or Container (Provider-1) CMA    Customer Management Add-on (Provider-1) – “Smart Center Server” MLM    Multi Customer Log Module (Provider-1) CLM     Customer Log … Read more

DiffServ (Differentiated Services)A layer 3 protocol, defined by the IEFT. Used for adding QoS to IP networks. WFRED(Weighted Flow Random Early Drop)A process for managing packet buffers, by dropping packets during periods of network congestion.This is transparent to the user and requires no configuration. IQ (Intelligent Queuing Engine)Using information from the Check Point INSPECT engine … Read more

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).    Check Point Gaia commands can be found here. CP, FW & FWM cphaprob stat List cluster status cphaprob -a if List status of interfaces cphaprob syncstat shows the sync status cphaprob list Shows a status in list form cphastart/stop Stops clustering … Read more