Articles

Check Point SPLAT SNMPv3 memory monitoring

Basic implementation of memory monitoring using snmp can lead to false alarm. [ Expert@FW1]# free              total       used       free     shared    buffers     cached Mem:       8308232    8027236     280996           0     249776    5983656 -/+ buffers/cache:    1793804    6514428 Swap:     18347752          0   18347752 In the example above, the firewall is running (208772 actives connexions) The OS reports "8027236" of "8308232" used. However, we see that the 'free' + 'buffers' + 'cached' = " 280996 " + "249776" + "5983656" = "6514428", which is 'logically' free for applications to use, and will be handed out by the kernel appropriately. According to sk32206 : How to determine how much Free Memory is available on Linux/SecurePlatform systems ' Free Real Memory ' should be equal to - 'Free Real Memory' in output of 'cpstat -f memory

Check Point Splat monitoring SNMPv3

Configure SNMP v3 on SecurePlatform   [Expert@FW]# snmp user del public [Expert@FW]# snmp user add authuser Nagios pass complexpassphrase priv privatepass [Expert@FW]# snmp service enable [Expert@FW]# cat /etc/snmp/snmpd.conf master agentx syslocation "Somewhere" syscontact SOC - Security sysservices 76 rocommunity PASSWORD trap2sink 192.168.1.2 PASSWORD1 cp_cleartrap 10 2 proc syslogd 1 1 disk /var 20% cp_monitor 1.3.6.1.2.1.2.2.1.8.1 == 2 60 "link 1 down" cp_monitor prErrorFlag.1 != "0" 60 "process monitor" cp_monitor dskErrorFlag.1 != 0 60 "disk monitor" cp_monitor 1.3.6.1.4.1.2021.10.1.5.1 > 100 60 "CPU load 1 min" cp_monitor 1.3.6.1.4.1.2021.10.1.5.2 > 90 60 "CPU load 5 min" cp_monitor 1.3.6.1.4.1.2021.4.4.0 < 2000 60 "memAvailSwap" cp_monitor 1.3.6.1.4.1.2021.4.6.0 < 2000 60 "memAvailReal" cp_monitor 1.3.6.1.4.1.2620.

Google data center security

Image

R75 ICA management tool unreachable

Issue: unable to connect to ICA management tool using https Check the log file $FWDIR/log/cpca.elg  >>  "unable to get ssl params : no such file or directory" << Try to connect using http only: $ cpca_client set_mgmt_tool off $ cpca_client set_mgmt_tool on -no_ssl If you can connect then do the following in CLI:  - cpconfig  - menu 6 : Certificate Authority  - Do you want to change it (y/n) [n] ? y  - Please enter the name of this Internal CA: <your_ICA_name> (ie: Smartcenter.intranet.test)  - Are you sure you want to change the Internal CA name (y/n) [n] ? y  - exit cpconfig  - run: cpstop && cpstart   Now try to connect on  https://<your-smartcenter-ip>:18265 It should work fine! Note: CA will remain the same, no impact on certificates.

scp to checkpoint SPLAT

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see To activate scp file transfer with a CheckPoint SPLAT [fw] scp cpinfo.tgz  admin@192.168.1.1: The authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts. admin@xx.xx.xx.xx’s  password: lost connection To resolve this do the following 1. change the admin shell from /bin/cpshell to /bin/bash chsh admin Changing shell for admin. New shell [/bin/cpshell]: /bin/bash Shell changed . ==> this will allow you winscp 2. create a new file “touch /etc/scpusers” 3. edit the file and add the users you want to allow for scp echo admin >> /etc/scpusers result: cat /etc/scpusers admin 4. restart the ssh service service sshd restart
If you have R75 version installed and also the *free* identity awareness blade license you might have this annoying warning message: FW1[admin]# fw ver   Warning: Can't find ::cpsb-ia in cp.macro. License version might be not compatible This is Check Point VPN-1(TM) & FireWall-1(R) R75 - Build 254 Don't panic you only need to replace the cp.macro file by a more recent one (see sk30478  ): FW1[admin]#  cp cp.macro /var/opt/CPshrd-R75/conf/cp.macro FW1[admin]#  chmod 770 /var/opt/CPshrd-R75/conf/cp.macro