By default Client Authentication allows you to authenticate using HTTP (on port 900) or Telnet (on port 259). Both of which can pose security risks due to the username and passwords being sent un-encrypted. To secure Client Authenitcation follow the following steps : Change the following line in $FWDIR/conf/fwauthd.conf, 900 fwssd in.ahclientd wait 900 to … Read more
In order to to allow domain based objects through a Check Point firewall we need to understand how the domain objects actually work. When a packet hits a rule with a domain based object the Check Point does a reverse DNS looking up on the IP address against the domain object to see if they … Read more
ADSL (Asymmetric Digital Subscriber Line) is a technology (method) for the transmission of data across a standard phone line. It does this by using frequencies that are not used by standard telephone calls. This is where the term “Broadband” comes from as a broad band of frequencies are used to transmit high speed data and … Read more
Belows shows the steps for backing up your iPhone contacts. Open iTunes Plug in your phone to the computer Open the program “Address book” via Start | Programs | Accessories. Within iTunes click on the phone icon on the left. Click on Info, and under “Contacts” select “Sync contacts from” and then choose “Windows address … Read more
In order to run a tcpdump on ESX you will need to add a service console to your virtual switch. This is achieved via the following steps : Set the Virtual Switch to Promiscuous Within the vShpere Client go to Configuration | Networking. Choose the virtual switch that your would like to capture the traffic … Read more
To resolve the issue of the error : The specified key, name or identifier already exists From the command line of the ESX box run the following command : [root@ESX root]# service mgmt-vmware restart If this fails to resolve the issue run the following commands : service mgmt-vmware restart service vmware-vpxa restart service vmware-vmkauthd … Read more
NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn’t have “port-numbers” like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers. With NAT-T the ESP … Read more
Within the Cisco Adaptive Security Appliance Software Version 8.2(2) you may find that when you have a group-policy (vpn filter) applied to your tunnel group that some traffic is not being allowed through the VPN. This is a bug with 8.2(2), to resolve the issue you will need add the destination ports to the group-policies … Read more
What is EndPoint Connect ? Check Point`s Endpoint Connect software provides a number of client side security based features such as Anti-virus/Anti-spyware. Firewall/Email Protection, Program Control and Remote Access VPN. This document will only details and discuss the Remote Access VPN section of the Endpoint Connect Software. Note : This document will refer to the … Read more
When using the Check Point Web Visualization tool and trying to obtain the policy for a Cluster object you may receive one of the following errors/issues : The policy is saved as an .html file but it is only showing part of the policy. You receive one of the following errors when running the Web … Read more