Issue Logs received on the NSM are delayed by 6 minutes. The log viewer hangs for close to 6 minutes and then displays all the logs within a group. Also today`s log directory does not get created within /DevSvr/logs. Solution The NSM device server does a log tuple repair for each log received from the … Read more
Issue Logs received on the NSM are delayed by 6 minutes. The log viewer hangs for close to 6 minutes and then displays all the logs within a group. Also today`s log directory does not get created within /DevSvr/logs. Solution The NSM device server does a log tuple repair for each log received from the … Read more
Issue When upgrading to R70 on SPLAT you may receive the following error, CPwrapper: Wrapper part one completed successfully, data saved Upgrading the operating system. Preparing to upgrade Check Point Products. status=1 Exiting .. Patch installation failed. Please Note : This refers to a copied iso file which has been copied to the device and … Read more
This guide attempts to explain Proxy ARP upon the Check Point SPLAT platform. 1. What is Proxy ARP ? There are 2 ways to get a packet to a device. Route the packet to the device. Add a proxy ARP entry so that the network host answers to the ARP queries for IP addresses not … Read more
Summary When passing BGP traffic through a PIX you will need to configure the PIX to disable random sequence numbers to prevent MD5 Digest mismatches on either router. Please Note : Below presumes you all ready have a policy map defined with the name of global_policy and this has already been assigned to your device … Read more
Issue When allowing eBGP traffic through a Check Point Firewall you may receive the following error message on your BGP peered routers. (This error may occur at the point of pushing a policy to your Check Point Firewall), TCP-6-BADAUTH: Invalid MD5 digest from [Source IP]:[Source Port] to [Dest IP]:179 Solution This is down to the … Read more
Juniper introduces a new feature to the area of routing, called Virtual Routers. The model consists of: interfaces are applied to zones and zones are applied to Virtual Routers. Virtual routers allow for you to segment routing updates in and from the firewall/router. Virtual RoutersThere are 4 different types of routing tables that you can … Read more
Below are the 2 types of syslog messages. This can be useful to quickly determine on a NSM whether the logs are coming from the NSM or directly from the Firewall via syslog. Syslog from the Firewall Mar 18 17:56:52 [FW IP] [FW NAME]: NetScreen device_id=netscreen2 [Root]system-notification-00257(traffic): start_time=”2009-03-18 16:07:06″ duration=0 policy_id=320001 service=msrpc Endpoint Mapper(tcp) proto=6 … Read more
Below are the steps required to migrate a Provider-1 CMA to a Smart Centre Server. This tutorial was based on exporting and migrating from R55 to R65 and will involve the following steps, 1. Export the CMA on the Provider-1 2. Import the CMA into Smart Centre 3. Export and detach license 4. Update the Smart Centre Object … Read more
Issue When trying to run an upgrade_export from a Provider-1 you get the following error, Failed to export. Please close all Check Point clients. If the failure to export persists, stop all Check Point Services and run the upgrade_export command again. Solution Note: The upgrade_export command is run from the $FWDIR/bin/upgrade_tools directory of the CMA. … Read more
There are 3 areas with NSM. DevSvr, GuiSvr and HaSvr. The following files and paths are based on NSM 2008. Below shows the main path structure (Redhat) and what each Server (Svr) does. /usr/netscreen/DevSvr/ – DevSvr – Logging and the NSM database/usr/netscreen/GuiSvr/ – GuiSvr – NSM GUI /usr/netscreen/HaSvr/ – HaSvr – Backups and High Availability. … Read more
When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do not have sufficient privileges to execute commands required to load asdm Solution This is due to the privilege levels not being configured correctly. The following will give you … Read more
Issue Check Point have now replaced the “Support Key Exchange for subnets” with “VPN Tunnel Sharing” for Traditional mode VPNs. The problem this causes is when you upgrade to R65 is that the “Support Key Exchange for subnets” setting isn’t transferred. With all Traditional VPN`s being set to “One VPN tunnel per subnet pair” as … Read more
Source NAT Interface Based Source NAT – Allows the traffic to NAT its source IP to the IP address of the egress interface which it leaves. This feature is enabled on the interface via “NAT-Mode”. And can be disabled via using “Route Mode”. MIP – Provides a static NAT for the specified host, in which … Read more
Below shows you how to enable ICMP inspection on a PIX 8.0(4)28. Please Note : Below presumes you all ready have a policy map defined with the name of global_policy and this has already been assigned to your device using the service-policy command. PIX(config-cmap)# policy-map global_policyPIX(config-pmap)# class inspection_defaultPIX(config-pmap-c)# inspect icmp
The below is based on the netscreen ns5gt and the firefox web browser. Issue After setting up your netscreen for DDNS, in the UI of your netscreen the last response is shown as ‘not-init‘ and within the CLI it shows ‘successful updates: 0‘. To get the id of you ddns config run just the command … Read more
Below is a sample config for 2 site to site vpns from a PIX running 8.0(4)16. One peer being 192.168.2.100, and the other 192.168.1.100. Please note : This isn’t a tutorial but merely just a sample config that can be used as a reference point. isakmp enable outside isakmp policy 10 encryption des … Read more
Below is a list of the main Instant Messenger applications (including ports and destinations) for the denial of use via policy based rules. Please note : With creating policy based rules the following rules will be required, Destination any with a service port of the below ports (excluding http and https) Destination of the below … Read more
Rule Processing Order The general processing order is as follows, Look for a policy between the ingress and egress zones If no policy is found (in step 1), search for a Global policy If no Global policy is found and if the ingress zone is same as the egress zone, apply the intra-zone block i.e … Read more
This article was written based on the ns5gt. By default all interfaces are set to auto negotiate. Show Duplex ns5gt-> get interface trust port phy Port 1: link is up, 100 Mbps, auto negotiated to full duplex Port 2: link is up, 100 Mbps, auto negotiated to full duplex Port 3: link is up, 100 … Read more
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial