Cpwd_admin list // check for the
fwm whether it is up
fw
debug fwm 0 TDERROR_ALL_ALL=5
tail
–f $FWDIR/log/fwm.elg
Monday, 4 February 2013
Network Troubleshooting – Check Point
Route –n > routes.txt
ifconfig -a > interfaces.txt
SecureXL is enabled or disabled <check on cpconfig>
fw monitor -e "accept src=IP_Number or dst=IP_Number;" -o monitor.out
fw ctl zdebug + drop > ctlzdebug.txt
fw ctl zdebug + dtop > ctlzdebug2.txt
[to stop the logging “Ctrl + C”]
Monday, 21 January 2013
Removing old Check Point packages and files after an upgrade
| |||||||||||||||||||||||
| |||||||||||||||||||||||
 | |||||||||||||||||||||||
| SYMPTOMS | |||||||||||||||||||||||
| |||||||||||||||||||||||
| |||||||||||||||||||||||
Tuesday, 8 January 2013
Checkpoint IPSec VPN with Non-Checkpoint Products (Such as, PFsense, DrayTek etc.)
Non-Check Point products does not have "ike_use_largest_possible_subnets (supernetting)" feature, this is the reason why we need to disable that feature on Check Point.
(Exchanging keys with another vendor gateway uses
largest possible subnet –Check Point uses the best possible subnet to increase the performance while doing IKE key exchanges by default)
DNS packets should not be allowed firstly, otherwise that results DNS resolution problems for VPN domains.
------------------------------------------------------------------------------------
# dbedit Enter Server name (ENTER for 'localhost'): Enter User Name: fwadmin Enter User Password: abc123
Friday, 21 December 2012
Checkpoint Policy Installation (a lot of buggy stuff)
- No traffic
- while installing policy, a lot of non-meaningful messages;
Firstly, Check /opt whether it is full or not.. It is vital. believe me.
Tufin - Accelerate Policy analysis calculations & Increase the amount of memory for Java
These configs are tested on 12.2 HF6;
1. Accelerate
Policy analysis calculations.
Instruction:
1. Login to SecureTrack’s
GUI.
2. Add stcgitest.htm
at the end of the address (Example: https://192.168.1.1/stcgitest.htm).
3. Choose ‘Edit stconf’
4. Click ‘Fetch current
conf’.
5. Change the following
XML tag from "0" to "1":
<is_calc_topology_based_on_JAVA>1</is_calc_topology_based_on_JAVA>
6. Save the new
configuration by clicking ‘Submit new conf’ on the bottom of the screen.
2. Increase
the amount of memory which can be allocated for Java:
Instruction:
1. Login to SecureTrack’s
CLI as root
2. Run the command: #vi
/usr/jboss-4.2.2.GA/bin/run.conf
3. Find line: JAVA_OPTS="$JAVA_OPTS
-Xms512m -Xmx1024m
4. Change to: JAVA_OPTS="$JAVA_OPTS
-Xms1024m -Xmx4096m
5. Save the file and
exit.
6. Run the command: #service
jboss restart
Tufin Syslog Debug & St Info
SYSLOG Debug
1. Log in to SecureTrack CLI as ‘root’.
2. Run the command: #tcpdump -i eth0 -vv
-w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port
514
3. Edit the file: vi /etc/sysconfig/stconf.xml
a.
Find
the line <DetailLevel>normal</DetailLevel> and change
‘normal’ to ‘fine’.
b.
Add
the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c.
Save
& exit
4. Run the following commands:
#tail -F
/var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
5. Run the command #st restart syslog
6. Commit a change on the device (e.g. add
a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7. Stop writing to temp logs (#killall
tail).
8. revert changes in etc/sysconfig/stconf.xml
9. Run #st restart syslog
10. Send me the log files +
/tmp/Tufin.pcap
-------------------------------------------
st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.
Part 2: Create STINFO
file.
1.
Log in to SecureTrack’s CLI as root.
2.
Run the command #st info
Juniper SSG - NS (config buffer problem)
Symptoms
It is caused by the buffer size, when tufin initiates "get config". It displays only limited part of the full config. This creates a problem while tufin is trying to get the full configuration;
Connection error! Reason:
Connection closed by foreign host.
Solution
set console page 0 | > set cli screen-length 0 |
This allows tufin to get the full configuration as Juniper does not limit its display with a limited buffer.
Tufin Troubleshooting
Device Specific Communication Problems
1.
The version of
SecureTrack; Please verify this by running the #st ver command
from CLI.
2.
the output of the #top -cd1 command.
1) Rise the debug level to high :
# sed -i 's/expect --/expect -d/g' /usr/local/st/*login # sed -I
's/normal/fine/1' /etc/sysconfig/stconf.xml
2) Then use tail for each one of the log files of the problematic device
:
# tail -F
/var/log/st/var/log/st/securetrack.client.<Device_IP>_<ID>
/tmp/device1.log
Make sure to use a capital F ('#tail -F')
3) Then run the command:
'#st restart'
4) Wait for 10 minutes (depends on the current timeout you have
defined) and let the tail -f collect all information needed.
5) Send all /tmp/client<IP>.log files to the support engineer.
7) When you have finished please run :
# sed -i 's/expect -d/expect --/g' /usr/local/st/*login # sed -i
's/fine/normal/1' /etc/sysconfig/stconf.xml
# st restart
Tuesday, 23 October 2012
Python
- Mac OS X
- Linux
----------------------------------------------------------
3. Windows binary {x86, x64]} .msi
NIX tarball [tgz, tar.bz2]
traditional unix word - install manually (compressed archive files)
-----------------------------------------------------------
Install everything for windows
Python
- Register Extension
- TCL/Tk
- Documentation
- Test suite
------------------------------------------------------------
RPM (redhat, fedora)
.deb (ubuntu) - APT (apt-get)
yum (redhat GUI installation package)
source (configure, make, install)
------------------------------------------------------------
.py
Subscribe to:
Posts (Atom)