Friday, 21 December 2012
Checkpoint Policy Installation (a lot of buggy stuff)
- No traffic
- while installing policy, a lot of non-meaningful messages;
Firstly, Check /opt whether it is full or not.. It is vital. believe me.
Tufin - Accelerate Policy analysis calculations & Increase the amount of memory for Java
These configs are tested on 12.2 HF6;
1. Accelerate
Policy analysis calculations.
Instruction:
1. Login to SecureTrack’s
GUI.
2. Add stcgitest.htm
at the end of the address (Example: https://192.168.1.1/stcgitest.htm).
3. Choose ‘Edit stconf’
4. Click ‘Fetch current
conf’.
5. Change the following
XML tag from "0" to "1":
<is_calc_topology_based_on_JAVA>1</is_calc_topology_based_on_JAVA>
6. Save the new
configuration by clicking ‘Submit new conf’ on the bottom of the screen.
2. Increase
the amount of memory which can be allocated for Java:
Instruction:
1. Login to SecureTrack’s
CLI as root
2. Run the command: #vi
/usr/jboss-4.2.2.GA/bin/run.conf
3. Find line: JAVA_OPTS="$JAVA_OPTS
-Xms512m -Xmx1024m
4. Change to: JAVA_OPTS="$JAVA_OPTS
-Xms1024m -Xmx4096m
5. Save the file and
exit.
6. Run the command: #service
jboss restart
Tufin Syslog Debug & St Info
SYSLOG Debug
1. Log in to SecureTrack CLI as ‘root’.
2. Run the command: #tcpdump -i eth0 -vv
-w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port
514
3. Edit the file: vi /etc/sysconfig/stconf.xml
a.
Find
the line <DetailLevel>normal</DetailLevel> and change
‘normal’ to ‘fine’.
b.
Add
the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c.
Save
& exit
4. Run the following commands:
#tail -F
/var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
5. Run the command #st restart syslog
6. Commit a change on the device (e.g. add
a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7. Stop writing to temp logs (#killall
tail).
8. revert changes in etc/sysconfig/stconf.xml
9. Run #st restart syslog
10. Send me the log files +
/tmp/Tufin.pcap
-------------------------------------------
st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.
Part 2: Create STINFO
file.
1.
Log in to SecureTrack’s CLI as root.
2.
Run the command #st info
Juniper SSG - NS (config buffer problem)
Symptoms
It is caused by the buffer size, when tufin initiates "get config". It displays only limited part of the full config. This creates a problem while tufin is trying to get the full configuration;
Connection error! Reason:
Connection closed by foreign host.
Solution
set console page 0 | > set cli screen-length 0 |
This allows tufin to get the full configuration as Juniper does not limit its display with a limited buffer.
Tufin Troubleshooting
Device Specific Communication Problems
1.
The version of
SecureTrack; Please verify this by running the #st ver command
from CLI.
2.
the output of the #top -cd1 command.
1) Rise the debug level to high :
# sed -i 's/expect --/expect -d/g' /usr/local/st/*login # sed -I
's/normal/fine/1' /etc/sysconfig/stconf.xml
2) Then use tail for each one of the log files of the problematic device
:
# tail -F
/var/log/st/var/log/st/securetrack.client.<Device_IP>_<ID>
/tmp/device1.log
Make sure to use a capital F ('#tail -F')
3) Then run the command:
'#st restart'
4) Wait for 10 minutes (depends on the current timeout you have
defined) and let the tail -f collect all information needed.
5) Send all /tmp/client<IP>.log files to the support engineer.
7) When you have finished please run :
# sed -i 's/expect -d/expect --/g' /usr/local/st/*login # sed -i
's/fine/normal/1' /etc/sysconfig/stconf.xml
# st restart
Subscribe to:
Posts (Atom)