blog.IT

Configure SNMP v3 on SecurePlatform   [Expert@FW]# snmp user del public [Expert@FW]# snmp user add authuser Nagios pass complexpassphrase priv privatepass [Expert@FW]# snmp service enable [Expert@FW]# cat /etc/snmp/snmpd.conf master agentx syslocation "Somewhere" syscontact SOC - Security sysservices 76 rocommunity PASSWORD trap2sink 192.168.1.2 PASSWORD1 cp_cleartrap 10 2 proc syslogd 1 1 disk /var 20% cp_monitor 1.3.6.1.2.1.2.2.1.8.1 == 2 60 "link 1 down" cp_monitor prErrorFlag.1 != "0" 60 "process monitor" cp_monitor dskErrorFlag.1 != 0 60 "disk monitor" cp_monitor 1.3.6.1.4.1.2021.10.1.5.1 > 100 60 "CPU load 1 min" cp_monitor 1.3.6.1.4.1.2021.10.1.5.2 > 90 60 "CPU load 5 min" cp_monitor 1.3.6.1.4.1.2021.4.4.0 < 2000 60 "memAvailSwap" cp_monitor 1.3.6.1.4.1.2021.4.6.0 < 2000 60 "memAvailReal" cp_monitor 1.3.6.1.4.1.2620.

Issue: unable to connect to ICA management tool using https Check the log file $FWDIR/log/cpca.elg  >>  "unable to get ssl params : no such file or directory" << Try to connect using http only: $ cpca_client set_mgmt_tool off $ cpca_client set_mgmt_tool on -no_ssl If you can connect then do the following in CLI:  - cpconfig  - menu 6 : Certificate Authority  - Do you want to change it (y/n) [n] ? y  - Please enter the name of this Internal CA: <your_ICA_name> (ie: Smartcenter.intranet.test)  - Are you sure you want to change the Internal CA name (y/n) [n] ? y  - exit cpconfig  - run: cpstop && cpstart   Now try to connect on  https://<your-smartcenter-ip>:18265 It should work fine! Note: CA will remain the same, no impact on certificates.

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see To activate scp file transfer with a CheckPoint SPLAT [fw] scp cpinfo.tgz  admin@192.168.1.1: The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts. admin@xx.xx.xx.xx’s  password: lost connection To resolve this do the following 1. change the admin shell from /bin/cpshell to /bin/bash chsh admin Changing shell for admin. New shell [/bin/cpshell]: /bin/bash Shell changed . ==> this will allow you winscp 2. create a new file “touch /etc/scpusers” 3. edit the file and add the users you want to allow for scp echo admin >> /etc/scpusers result: cat /etc/scpusers admin 4. restart the ssh service service sshd restart

If you have R75 version installed and also the *free* identity awareness blade license you might have this annoying warning message: FW1[admin]# fw ver   Warning: Can't find ::cpsb-ia in cp.macro. License version might be not compatible This is Check Point VPN-1(TM) & FireWall-1(R) R75 - Build 254 Don't panic you only need to replace the cp.macro file by a more recent one (see sk30478  ): FW1[admin]#  cp cp.macro /var/opt/CPshrd-R75/conf/cp.macro FW1[admin]#  chmod 770 /var/opt/CPshrd-R75/conf/cp.macro