Friday 21 December 2012

Checkpoint Policy Installation (a lot of buggy stuff)


- No traffic
- while installing policy, a lot of non-meaningful messages;

Firstly, Check /opt whether it is full or not.. It is vital. believe me.

Tufin - Accelerate Policy analysis calculations & Increase the amount of memory for Java

These configs are tested on 12.2 HF6;


1.      Accelerate Policy analysis calculations.

Instruction:

1.       Login to SecureTrack’s GUI.
2.       Add stcgitest.htm at the end of the address (Example: https://192.168.1.1/stcgitest.htm).
3.       Choose ‘Edit stconf
4.       Click ‘Fetch current conf’.
5.       Change the following XML tag from "0" to "1": <is_calc_topology_based_on_JAVA>1</is_calc_topology_based_on_JAVA>
6.       Save the new configuration by clicking ‘Submit new conf’ on the bottom of the screen.


2.      Increase the amount of memory which can be allocated for Java:

Instruction:

1.       Login to SecureTrack’s CLI as root
2.       Run the command: #vi /usr/jboss-4.2.2.GA/bin/run.conf
3.       Find line: JAVA_OPTS="$JAVA_OPTS -Xms512m -Xmx1024m
4.       Change to: JAVA_OPTS="$JAVA_OPTS -Xms1024m -Xmx4096m
5.       Save the file and exit.
6.       Run the command: #service jboss restart

Tufin Syslog Debug & St Info


SYSLOG Debug

1.       Log in to SecureTrack CLI as ‘root’.
2.       Run the command: #tcpdump -i eth0 -vv -w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port 514
3.       Edit the file: vi /etc/sysconfig/stconf.xml
a.       Find the line  <DetailLevel>normal</DetailLevel> and change ‘normal’ to ‘fine’.
b.      Add the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c.       Save & exit
4.       Run the following commands:
#tail -F /var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &

5.       Run the command #st restart syslog
6.       Commit a change on the device (e.g. add a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7.       Stop writing to temp logs (#killall tail).
8.       revert changes in etc/sysconfig/stconf.xml  
9.       Run #st restart syslog
10.   Send me the log files  + /tmp/Tufin.pcap

-------------------------------------------

st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.

Part 2: Create STINFO file.

1.            Log in to SecureTrack’s CLI as root.
2.            Run the command #st info

Juniper SSG - NS (config buffer problem)


Symptoms


It is caused by the buffer size, when tufin initiates "get config". It displays only limited part of the full config. This creates a problem while tufin is trying to get the full configuration;

Connection error! Reason:
Connection closed by foreign host.


Solution

set console page 0

> set cli screen-length 0


This allows tufin to get the full configuration as Juniper does not limit its display with a limited buffer.


Tufin Troubleshooting


Device Specific Communication Problems


1.      The version of SecureTrack; Please verify this by running the #st ver command from CLI.
2.      the output of the #top -cd1 command.


1)  Rise the debug level to high :
# sed -i 's/expect --/expect -d/g' /usr/local/st/*login # sed -I  's/normal/fine/1' /etc/sysconfig/stconf.xml

2) Then use tail for each one of the log files of the problematic device :
# tail -F /var/log/st/var/log/st/securetrack.client.<Device_IP>_<ID> /tmp/device1.log

Make sure to use a capital F ('#tail -F')

3)  Then run the command:
'#st restart'

4) Wait for 10 minutes (depends on the current timeout you have
defined) and let the tail -f collect all information needed.

5) Send all /tmp/client<IP>.log files to the support engineer.

7) When you have finished please run :
# sed -i 's/expect -d/expect --/g' /usr/local/st/*login # sed -i 's/fine/normal/1' /etc/sysconfig/stconf.xml
# st restart

Tuesday 23 October 2012

Python



  1. Mac OS X
  2. Linux 
python - V

----------------------------------------------------------

     3. Windows binary {x86, x64]} .msi

NIX tarball [tgz, tar.bz2]
traditional unix word - install manually (compressed archive files)

-----------------------------------------------------------

Install everything for windows
Python
  • Register Extension
  • TCL/Tk
  • Documentation
  • Test suite
------------------------------------------------------------
RPM (redhat, fedora)

.deb (ubuntu) - APT (apt-get)

yum (redhat GUI installation package) 

source (configure, make, install)
------------------------------------------------------------

.py

Monday 22 October 2012

Disabling SNX Service (Outbound link of Security Gateway)


Disabling SNX Problem.

When you unchecked SSL Extender and SecureClient Mobile under VPN clients tab (Gateway Properties), the SNX service running on http/https (outbound link of FW) would be disabled as well. 

thanks



Friday 5 October 2012

Login to CP FW with Your Public Key & Changing CP Root Password


After you login with Public key, there was a problem to switch to root access with su – command. 
When you type and change root password with...
#passwd

Although it says root password has changed, it does not change (like a bug).

To solve this issue;
After you give a password to root with the command below 
#/usr/bin/passwd root 

then,
changing mode with '#chmod 4755 /bin/su' is enough to resolve the problem. Now, you can get access from your user account (logged in with the public key) to root access. 

In my understanding, there is a permission issue on the directory placed above which does not allow us to change root password (Although it never says so). 

adios.

Friday 28 September 2012

fw unloadlocal in safe@office!


There is no such a thing, but there is a useful command which can save the day too;

fw delete rule ?

<indexed rules>
1-15 // Depending on size of the rule table.

you may easily delete the last rule which is an implicit deny...

Friday 21 September 2012

Erasing CMI Temp Files


Case: SmartDashboard could not be opened, giving the Connection and GUI Client Error. When the migrate export file used in sandbox, the problem did not persist. To resolve the issue; the CMI Temp files deleted and forced to be re-created on startup.

1. cpstop
2.  cd $FWDIR/conf
 mv applications.C applications.C.old
  mv applications.C.backup applications.C.backup.old
  mv CPMILinksMgr.db CPMILinksMgr.db.old
  mv CPMILinksMgr.db.private CPMILinksMgr.db.private.old

3. cpstart