IPSO – Commands

Below are the common IPSO commands that can be used, IPSO commands newimage Installs IPSO OS from the local machine newpkg -m localhost Check Point package Install clish IPSO OS CLI ipsctl -a displays all of the IPSO Settings and Values ipsctl -a ifphys:eth-s5p1:errors|more display errors on eth-s5p1 ipsctl -w net:ip:tcp:default_mss 1460 Change MSS to … Read more

IPSO – How to preform a Factory Reset via the CLI

Below shows you how to factory reset a Nokia IPSO,  Nokia[admin]# lsbin     cdrom   dev     image   proc    tmp     varbootmgr config  etc     opt     sbin    usr     webNokia[admin]# cd configNokia[admin]# lsactive  dbNokia[admin]# rm activeNokia[admin]# lsdbNokia[admin]# reboot On reboot select bootmgr to start the wizard,  Verifying DMI Pool Data …….. 1   Bootmgr2   IPSODefault: 1 Starting bootmgr

IPSO – Installing a new image using bootmgr

Below will show you how to install a IPSO image using the bootmgr, this can be useful if you have lost your password, or cannot get into the IPSO CLI for what ever reason. Reboot Device and on startup press 1 1   Bootmgr 2   IPSO Default: 1 Starting bootmgr Loading boot manager.. Install the image … Read more

Check Point – SSH Blocked

Problem You find that your gateway is blocking SSH connections and showing in the logs even though you have the ssh and ssh_version_2 protocols added to your rule. message_info: SSH version 1.x is not allowed Reason On closer inspection when you look at the ssh_version_2 protocol object it says in the comment, Secure Shell, version … Read more

Check Point – Installing an HFA

HFA stands for Hot fix accumulator. Which is a bit like a Windows Service Pack but for your Check Point Firewall.The documentation from the Check Point site on how to install these, is very good, and also contains the IPSO installation instructions. Below are the basic instructions on how to install the latest HFA 30 … Read more

SPLAT – Route / Static ARP startup Script

To create a static route script, create a file in /etc/init.d/ with the routes included. Below is an example, #!/bin/bash /sbin/route add -host 192.168.1.25 gateway 10.1.1.25/sbin/route add -host 192.168.1.19 gateway 10.1.1.19 exit 0 Then link this to the startup script, by running, ln -s /etc/init.d/staticroutes /etc/rc3.d/S68Staticroutes You can then do the same for the static … Read more

Check Point – Ive pushed the Wrong Policy

Issue There may be a time where you install the wrong policy onto a Check Point Firewall. This can block your connections, and screw which traffic is allowed through the firewall. Resolution These steps will show you how to remove and reinstall the correct policy via the CLI on the manager (SCS),   1. First … Read more

Check Point – Moving Files using SCP

Method 1 Even though this maybe more of an article for the Linux area, the only reason I came across this is trying to move the output of a upgrade_export from my SPLAT box, so hence it being under Firewalls – Check Point. If you keep getting prompted with a password box when trying to … Read more

Check Point – Stealth / Drop Rule

Stealth Rule The first rule in the rule base which prevents access to the firewall itself. Implicit Drop / Clean Up Rule This is added by the firewall at the bottom of the rule base. Its role is to drop any traffic that hasn’t been matched to any of the previous rules.

Check Point – Debugging NAT

In order to debug NAT on a checkpoint we need to obtain information via the following, Set the debugging buffer to 2 KB Enable 2 debugging flags Output your data Then to reset the debugging flags. The commands are, fw ctl debug -buf 2048fw ctl debug xlate srcfw ctl kdebug -f >& /tmp/kdebug.outfw ctl debug … Read more

Check Point – Acronyms

FWM    Firewall Management e.g. the SmartCenterICA     Internal CA, normally SmartCenterSIC     Secure Internal CommunicationSCS    Smart Centre ServerVTI     Virtual Tunnel Interface (VPNs)MDG    Multi Domain GUI (Provider-1)MDS    Multi Domain Server, Manager or Container (Provider-1)CMA    Customer Management Add-on (Provider-1) – “Smart Center Server”MLM    Multi Customer Log Module (Provider-1)CLM     Customer Log Module (Provider-1)

Check Point – QoS

DiffServ (Differentiated Services)A layer 3 protocol, defined by the IEFT. Used for adding QoS to IP networks. WFRED(Weighted Flow Random Early Drop)A process for managing packet buffers, by dropping packets during periods of network congestion.This is transparent to the user and requires no configuration. IQ (Intelligent Queuing Engine)Using information from the Check Point INSPECT engine … Read more

Check Point Commands

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).    Check Point Gaia commands can be found here. CP, FW & FWM cphaprob stat List cluster status cphaprob -a if List status of interfaces cphaprob syncstat shows the sync status cphaprob list Shows a status in list form cphastart/stop Stops clustering … Read more

Check Point – Ports

General tcp/257    FireWall-1 log transfertcp/18208  CPRID (SmartUpdate)tcp/18190  SmartDashboard to SCStcp/18191  SCS to FW-1 gateway for policy installtcp/18192  SCS monitoring of firewalls (SmartView Status) SIC Ports tcp/18209   NGX Gateways <> ICAs (status, issue, or revoke).tcp/18210   Pulls Certificates from an ICA.tcp/18211   Used by the cpd daemon (on the gateway) to receive Certificates. Authentication tcp/259      Client Authentication (Telnet)tcp/900      … Read more

Check Point – Exporting SmartCentre settings

This will show you the steps involved in exporting the settings of a Smart Centre Server for importing into a newly installed Smart Centre server, Download the upgrade_export utility and run it from $FWDIR/bin to export the config to a .tgz Transfer the tgz to another machine Uninstall all ngx packages and reboot Install new … Read more

Check Point – Useful Files

Below are some of the various files and commands which you may find useful on a Check Point. Smart Centre Server $CPDIR/conf – Contains parts of the CPShared system    * cp.license  – license of machine    * sic_cert.p12 – SIC certificate$FWDIR/lib – .def files which are used when the rulebase is complied into inspection code for … Read more

Check Point – FW Monitor

Check Point Inspection Points

FW monitor is a great tool for troubleshooting traffic flow issues with your checkpoint. It works by using 4 inspection points, i – Pre Inbound I – Post Inbound o – Pre Outbound O – Post Outbound Examples fw monitor -e “accept dport=6000;” fw monitor -m iO -e ‘accept dport=80;’ fw monitor -e ‘accept dport;’ … Read more

Check Point – Authentication

When adding an authentication action to a rule there are 3 types, User Session Client User authentication works by intercepting connects going through the FW-1 and prompting the user for authentication. To do this the firewall has to modify the traffic, so this authentication type can only be used with FTP, HTTP, Telnet and RLOGIN. … Read more

Check Point – NAT Explained

There are many types of NAT in the land of Check Point. Here’s a quick overview, Static NAT – One to one translation Hide/Dynamic NAT – Allows you to NAT multiple IPs behind one IP/Interface Automatic NAT – Quick basic address NAT translation. Manual NAT – Allows greater flexibility over automatic NAT. Proxy ARP is … Read more

Check Point – Client vs Server Side NAT

Introduction Client and Server side NAT relates to when we perform destination NAT`ing. The “Translate destination on Server side” option is an legacy option which was included due to pre NG versions of checkpoint using Server-Side NAT. Client Side NAT – The destination address is NAT`d by the inbound Kernel Server Side NAT – The … Read more

SPLAT – Proxy ARP

How do I configure proxy ARP on my SPLAT firewall ?  There are 2 ways to get a packet to a firewall. A Route or a Proxy ARP. Using routes is the perferred method but it may be the case where you havent access to the routers and need to use Proxy ARP. Please note: … Read more

Nokia`s VRRP

Nokia`s VRRP protocol allows for an active-standby firewall cluster. Nokia have added an extension to VRRP called VRRP monitored circuit which handles both total firewall failure as well as interface failures. Each virtual router uses a mac address of 00-00-5E-00-01-XX. XX being the Virtual Router ID (VRID).The multicast of 224.0.0.18 and IP protocol number 112 … Read more

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial