Check Point SPLAT SNMPv3 memory monitoring

Basic implementation of memory monitoring using snmp can lead to false alarm. [Expert@FW1]# free
             total       used       free     shared    buffers     cached
Mem:       8308232    8027236     280996          0     249776    5983656
-/+ buffers/cache:    1793804    6514428
Swap:     18347752          0   18347752 In the example above, the firewall is running (208772 actives connexions)
The OS reports "8027236" of "8308232" used. However, we see that the
'free' + 'buffers' + 'cached' = "280996" + "249776" + "5983656" = "6514428", which is
'logically' free for applications to use, and will be handed out by the kernel appropriately.
According to sk32206:How to determine how much Free Memory is available on Linux/SecurePlatform systems
'Free Real Memory' should be equal to
- 'Free Real Memory' in output of 'cpstat -f memory os' command
- [ ('MemFree' + 'Buffers…

Check Point Splat monitoring SNMPv3

Configure SNMP v3 on SecurePlatform
[Expert@FW]#snmp user del public
[Expert@FW]#snmp user add authuser Nagios pass complexpassphrase priv privatepass
[Expert@FW]#snmp service enable
[Expert@FW]# cat /etc/snmp/snmpd.conf master agentx syslocation "Somewhere" syscontact SOC - Security sysservices 76 rocommunity PASSWORD trap2sink PASSWORD1 cp_cleartrap 10 2 proc syslogd 1 1 disk /var 20% cp_monitor == 2 60 "link 1 down" cp_monitor prErrorFlag.1 != "0" 60 "process monitor" cp_monitor dskErrorFlag.1 != 0 60 "disk monitor" cp_monitor > 100 60 "CPU load 1 min" cp_monitor > 90 60 "CPU load 5 min" cp_monitor < 2000 60 "memAvailSwap" cp_monitor < 2000 60 "memAvailReal" cp_monitor != "active" 20 "Cluster State" cp_monitor…

Google data center security


R75 ICA management tool unreachable

Issue: unable to connect to ICA management tool using https
Check the log file $FWDIR/log/cpca.elg  >> "unable to get ssl params : no such file or directory" <<
Try to connect using http only: $ cpca_client set_mgmt_tool off
$ cpca_client set_mgmt_tool on -no_ssl
If you can connect then do the following in CLI:
 - cpconfig
 - menu 6 : Certificate Authority
 - Do you want to change it (y/n) [n] ? y
 - Please enter the name of this Internal CA: <your_ICA_name> (ie: Smartcenter.intranet.test)
 - Are you sure you want to change the Internal CA name (y/n) [n] ? y
 - exit cpconfig
 - run: cpstop && cpstart
Now try to connect on https://<your-smartcenter-ip>:18265 It should work fine!
Note: CA will remain the same, no impact on certificates.

scp to checkpoint SPLAT

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see
To activate scp file transfer with a CheckPoint SPLAT [fw] scp cpinfo.tgz admin@ authenticity of host ‘xx.xx.xx.xx (xx.xx.xx.xx)’ can’t be established. RSA key fingerprint is 33:ff:72:0d:d6:57:53:16:d6:60:da:7e:f8:61:71:a8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘xx.xx.xx.xx’ (RSA) to the list of known hosts.admin@xx.xx.xx.xx’s password:lost connectionTo resolve this do the following 1. change the admin shell from /bin/cpshell to /bin/bash chsh adminChanging shell for admin. New shell [/bin/cpshell]:/bin/bash
Shell changed.==> this will allow you winscp
2. create a new file “touch /etc/scpusers” 3. edit the file and add the users you want to allow for scp
echo admin >> /etc/scpusers
cat /etc/scpusers
4. restart the ssh service service sshd restart  ==> this will allow you scp
5. SCP to Checkpoint SPLAT Under Wi…
If you have R75 version installed and also the *free* identity awareness blade license you might have this annoying warning message:
FW1[admin]# fw ver
Warning: Can't find ::cpsb-ia in cp.macro. License version might be not compatible
This is Check Point VPN-1(TM) & FireWall-1(R) R75 - Build 254
Don't panic you only need to replace the cp.macro file by a more recent one (see sk30478 ): FW1[admin]# cp cp.macro /var/opt/CPshrd-R75/conf/cp.macro
FW1[admin]# chmod 770 /var/opt/CPshrd-R75/conf/cp.macro