HOWTO: Change Postfix configuration for Threat Emulation MTA

How to change Postfix configuration for Threat Emulation MTA Solution ID sk109699 Product Threat Emulation, Threat Extraction, Anti-Spam Version R77, R77.10, R77.20, R77.30, R80.10   Procedure: Connect to command line on Security Gateway (over SSH, or console). Log in to Expert mode. Create the $FWDIR/conf/mta_postfix_options.cf file:[[email protected]]# touch $FWDIR/conf/mta_postfix_options.cf Edit the $FWDIR/conf/mta_postfix_options.cf file:[[email protected]]# vi $FWDIR/conf/mta_postfix_options.cf Add the desired…

Read More

Check Point Firewall – Connection Table Analysis

# fw tab -t connections -u > /var/log/connstat_Connections_Table.txt C:\Users\Windows7\Desktop>connStat.exe -help Usage: connStat -f [-a|-c|-s|-r|-l|-p|-d|-n ] -a Show all flags -c Connection state info -s Top X Services used -r Top X Rule used -l Top X Least Used Rules -d Top Clients and Servers -i Interfaces connection directions -p Top Protocols -n Specify X C:\Users\Windows7\Desktop>connStat.exe…

Read More

HOWTO: Check Point upgrade R77.x to R80.10

Pre-R80 Management Server Migration Tool – sk108623 – Download Target Version and Products: [[email protected]:0]# ./pre_upgrade_verifier –help This is Check Point Pre-Upgrade Verifier for version R80. Usage: pre_upgrade_verifier -p SecurityManagementPath -c CurrentVersion -t TargetVersion [-u | -a][-f FileName] [-w] Or: pre_upgrade_verifier -p SecurityManagementPath -c CurrentVersion -i [-f FileName] [-w] -p Path of the installed Security Management…

Read More

HOWTO: Debug Policy Verification

Solution Follow these steps: Connect to command line on Security Management Server / Multi-Domain Security Management Server. Log in to Expert mode. On Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server: [[email protected]:0]# mdsenv Start the debug of FWM daemon: [[email protected]:0]# fw debug fwm on TDERROR_ALL_ALL=5 [[email protected]:0]# fw debug fwm…

Read More

R80 – Importing Log Files from SmartEvent Servers

To import offline log files, add events to the SmartEvent Server. By default, you can import the 14 most recent days of offline logs. To import more days of logs, change the log indexing settings. [email protected]:# evstop [email protected]:# cp $INDEXERDIR/log_indexer_custom_settings.conf $INDEXERDIR/log_indexer_custom_settings.conf_orig Edit $INDEXERDIR/log_indexer_custom_settings.conf in a text editor. [email protected]:# vi $INDEXERDIR/log_indexer_custom_settings.conf Delete these lines; Delete these…

Read More

How to send Check Point Tracker Logs to External Syslog Server

Add following line at the end. Please note this is a single line command so add it appropriately. If required just type it manually [email protected]#: fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall & Permanently; [email protected]#: cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot.ORG Edit cpboot file; [email protected]#:…

Read More

Upgrade from R77.20 to R77.30 upgrade conflict with hotfix “HOTFIX_TURKEY_2015_TIMEZONE_340”

A fix conflict was detected during pre-install validation. To prevent system instability, installation will not continue. Please contact Check Point support with the following information: HFA Check Point SecurePlatform R77 R77_30 Conflict with hotfix HOTFIX_TURKEY_2015_TIMEZONE_340 – details: Remove Registry; $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HOTFIX_TURKEY_2015_TIMEZONE_340 $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HotFixes HOTFIX_TURKEY_2015_TIMEZONE_340 Remove Hotfix; $CPDIR/bin/CRSValidator -l /opt/SecurePlatform/conf/crs.xml -remove HOTFIX_TURKEY_2015_TIMEZONE_340

Read More

Checkpoint Gaia – Reset Expert Password

Gaia Üzerinde Expert Password’ü değiştirmek için; aşağıdaki yöntemi uygulayınız. Checkpoint support üzerinde sk92347 inceleyebilirsiniz. HostName>show configuration set user USERNAME password-hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 R75.40 / R75.40VS / R75.45 / R75.46 / R75.47 versiyonları için, HostName>set expert-password hash HASH_of_CLISH_PASSWORD set expert-password hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 R76 / R77 ve üzeri versiyonlar için, HostName>set expert-password-hash HASH_of_CLISH_PASSWORD set expert-password-hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 Değişiklikleri kaydedin,…

Read More

Checkpoint Disk Space Tip and Tricks

Bölüm tablosunu görmek için df komutunu kullanın, [[email protected]]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda6 1004M 257M 697M 27% / /dev/sda1 145M 17M 121M 13% /boot /dev/sda5 14G 1.7G 12G 13% /opt /dev/sda2 2.0G 1.4G 545M 72% /sysimg /dev/sda7 80G 1.3G 75G 2% /var [[email protected]]# Sorunlu bir bölümü tespit ettikten sonra, bu…

Read More