If you firewall isn’t Gratuitous ARPing when it fails over, you will need to edit the file $FWDIR/boot/modules/fwkern.conf, and add the following line (if it doesn’t exist create it), fwha_use_arp_packet_queue=1 Then reboot the machine.
Background PIX or ASA running 7.0 later introduce a security feature in which any packets containing an MSS larger then the announced size during the 3 way handshake will be dropped.During the 3 way hand shake both sides announce their MSS (Maximum Segment Size). The MSS is the largest TCP payload that the host can … Read more
In this article we will be looking at the various console commands available to us on the Juniper Netscreen. From entering the get command we can see the current console settings along with console session details, ns5gt-> get console Console timeout: 10(minute), Page size: 22/22, debug: buffer privilege 200, config has not been changed! ID … Read more
Have you lost, forgotten, misplaced the NSM password ?Below are the steps to reset your “super” account password, NSM 2006.x and below Log into the NSM via SSH as root Stop the NSM Server (you should be able to find the init scripts in /etc/init.d) Run the following command /usr/netscreen/GuiSvr/utils/.hashPasswd <new password>, you will receive … Read more
How do i reset SIC ? Go into the CLI of the Firewall and type cpconfig then choose Secure Internal Communication. You will then be prompted to enter a passcode. Enter anything it doesnt matter. Then exit cpconfig using option 10. cpfw[admin]# cpconfig This program will let you re-configure your Check Point products configuration. Configuration … Read more
The following steps will allow HFA30 to install on flash based system if the /opt has less then 400mb. Before we start you should ideally have the following free, /opt = 212184 /prevserve = 480694 mkdir ~/hfa30 cd ~/hfa30 tar xzvf ~/VPN-1_R65_HFA_30.ipso.tgz rm ~/VPN-1_R65_HFA_30.ipso.tgz df -k The output from df -k should now show over … Read more
A great debugging tool feature on the Juniper Netscreens is snoop. Snoop is packet capturing tool which allows you to analysis your traffic on a per packet level. Below shows you a example of enabling snoop and viewing its output, 5gt->undebug all5gt->snoop5gt->snoop filter ip 10.1.1.1005gt->snoop info5gt->clear db 5gt->get db str Ok, so what do these … Read more
Desktop Policy / Split Tunneling In the world of Check Point remote access there are 2 types of clients that are used for remote VPN access. They are, Secure Remote – Basic Free client Secure Client – Non-free licensed client allowing the enforcement of desktop policies. Desktop Policy Within the Desktop Policy Tab of your … Read more
Below you will find a bunch of commands that can be used to gain a clear picture of a PIX/ASA`s system health, sh resource usage system sh memory sh cpu sh service-policy sh asp drop sh logging | i -1- sh fail | i This
To enable and disable the voyager please see below, To enable ipso[admin]#clishNokiaIP390:102> set voyager daemon-enable tNokiaIP390:103> save configNokiaIP390:104> exit To disable ipso[admin]#clishNokiaIP390:102> set voyager daemon-enable fNokiaIP390:103> save configNokiaIP390:104> exit
Issue When trying to log into Smart Portal on a pre-R65 Check Point firewall using Internet Explorer 7, you are unable to log in. Resolution Within Internet Explorer disable MS XML.This can be done via Tools > internet Options >Advanced > Security, and untick “Enable native XML HTTP support”.
Below shows you the process of installing a new Check Point package via the CLI, cp1[admin]# newpkg -m IPSO_wrapper_R65.tgzEnter pathname to the packages [ or ‘exit’ to exit ]: /var/emhome/adminLoading Package ListPackage Description: Check Point Suite wrapper package NGX R65Would you like to :1. Install this as a new package2. Upgrade from an old package3. … Read more
Interface get counter statistics Show interface statistics (CRC errors etc) get interface trust port phy Show physical ports for a certain zone get driver phy Show all link states of interfaces get counter statistics interface ethernet3 Show hardware stats on interface set interface [interface] no-subnet-conflict-check Allows you to configure multiple interfaces in the same IP … Read more
To enable debugging (which will write an event to the messages file and console upon a critical device failure) run the following syntax, ipso[admin]# ipsctl -w net:log:partner:status:debug 1 To turn off the console output, enter the following, ipso[admin]# ipsctl -w net:log:sink:console 0
Below shows you how to upgrade your ASA to verson 8.04. 1. Enable scopy on your ASA firewall(config)#ssh scopy enable 2. Copy the image from your PC to the ASA, the command below is done on your PC via “Start / Run / CMD”. Download pscp here. pscp [image].bin [user]@[asa_ip]:[image].bin 3 .Change the boot order, … Read more
Below are the common IPSO commands that can be used, IPSO commands newimage Installs IPSO OS from the local machine newpkg -m localhost Check Point package Install clish IPSO OS CLI ipsctl -a displays all of the IPSO Settings and Values ipsctl -a ifphys:eth-s5p1:errors|more display errors on eth-s5p1 ipsctl -w net:ip:tcp:default_mss 1460 Change MSS to … Read more
Below shows you how to factory reset a Nokia IPSO, Nokia[admin]# ls bin cdrom dev image proc tmp var bootmgr config etc opt sbin usr web Nokia[admin]# cd config Nokia[admin]# ls active db Nokia[admin]# rm active Nokia[admin]# ls db Nokia[admin]# reboot On reboot select bootmgr to start the wizard, Verifying DMI Pool Data …….. 1 … Read more
Below will show you how to install a IPSO image using the bootmgr, this can be useful if you have lost your password, or cannot get into the IPSO CLI for what ever reason. Reboot Device and on startup press 1 1 Bootmgr 2 IPSO Default: 1 Starting bootmgr Loading boot manager.. Install the image … Read more
Below provides the nessecary steps required to create an a packet capture on an ASA/PIX, and the relevant download method. Note : You will requre pscp (putty pscp) installed onto your PC. Download pscp here. This is only available in the later versions of PIX & ASA. First of all start the capture. capture capturefile … Read more
This guide will show you how to create a policy based VPN on a Netscreen firewall. The encryption domain will be, Local Gateway : 2.2.2.2 Local Endpoint : 10.1.1.0 /24 Remote Gateway : 1.1.1.1 Remote Endpoint : 192.1.1.0 /24 1. Log into the Netscreens GUI 2. Click VPNs > Autokey IKE (Autokey IKE Screen is … Read more
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial