“Load on Module failed – not enough disc space” error

Policy installation / fetch fails on Centrally Managed The fix is included since: Check Point R77.20 HFA 10 (R77.20.10) for 600 / 1100 / 1200R Appliance Check Point R77.20 for 600 / 1100 / 1200R Appliance Check Point R75.20 HFA 70 (R75.20.70) for 600 / 1100 Appliance and Security Gateway 80 As an immediate workaround, manually delete the temporary policy files on the SMB Appliance: Connect to the command line on SMB Appliance. Log in to Expert mode. Delete the temporary policy files: #rm $FWDIR/state/__tmp/FW1/* To increase the size of the partition on-the-fly: [[email protected]]# mount tmpfs /fwtmp -t tmpfs -o size=250m,remount Install the policy again. the size of the partition permanently: Backup the current start up script /pfrm2.0/etc/userScript: [[email protected]]# cp /pfrm2.0/etc/userScript /pfrm2.0/etc/userScript_ORG Note: The userScript file does not exist by default. It should be created. Edit the current start up script /pfrm2.0/etc/userScript [[email protected]]# vi /pfrm2.0/etc/userScript Add the following command in this script: mount tmpfs /fwtmp -t tmpfs -o size=250m,remount Save the changes and exit from Vi editor. Reboot the appliance.

R80 – Importing Log Files from SmartEvent Servers

To import offline log files, add events to the SmartEvent Server. By default, you can import the 14 most recent days of offline logs. To import more days of logs, change the log indexing settings. [email protected]:# evstop [email protected]:# cp $INDEXERDIR/log_indexer_custom_settings.conf $INDEXERDIR/log_indexer_custom_settings.conf_orig Edit $INDEXERDIR/log_indexer_custom_settings.conf in a text editor. [email protected]:# vi $INDEXERDIR/log_indexer_custom_settings.conf Delete these lines; Delete these lines: :time_restriction_for_fetch_all () :time_restriction_for_fetch_all_disp () Add this line; :num_days_restriction_for_fetch_all_integrated (DAYS) [email protected]:# evstart

How to send Check Point Tracker Logs to External Syslog Server

Add following line at the end. Please note this is a single line command so add it appropriately. If required just type it manually [email protected]#: fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall & Permanently; [email protected]#: cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot.ORG Edit cpboot file; [email protected]#: vi /etc/rc.d/init.d/cpboot Add following line at the end. fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall & Next, add syslog log-remote-address x.x.x.x level info save config

Check Point – Useful performance commands

[[email protected]:0]# fw ctl affinity -l -v -a -r CPU 0: eth5 (irq 75) eth1 (irq 235) eth2 (irq 139) eth7 (irq 203) fw_1 CPU 1: eth6 (irq 234) eth3 (irq 171) eth4 (irq 107) fw_0 All: in.acapd usrchkd fwpushd rtmd in.geod pepd vpnd rad mpdaemon pdpd in.msd fwd cprid cpd $FWDIR/conf/fwaffinity.conf [[email protected]]# fw ctl multik stat ID | Active | CPU | Connections | Peak ———————————————- 0 | Yes | 1 | 530 | 2109 1 | Yes | 0 | 478 | 2963 [[email protected]:0]# fw ctl get int fwx_max_conns fwx_max_conns = 0 0 unlimited. [[email protected]:0]# fwaccel conns -s There are 2143 connections in SecureXL connections table

Upgrade from R77.20 to R77.30 upgrade conflict with hotfix “HOTFIX_TURKEY_2015_TIMEZONE_340”

A fix conflict was detected during pre-install validation. To prevent system instability, installation will not continue. Please contact Check Point support with the following information: HFA Check Point SecurePlatform R77 R77_30 Conflict with hotfix HOTFIX_TURKEY_2015_TIMEZONE_340 – details: Remove Registry; $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HOTFIX_TURKEY_2015_TIMEZONE_340 $CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HotFixes HOTFIX_TURKEY_2015_TIMEZONE_340 Remove Hotfix; $CPDIR/bin/CRSValidator -l /opt/SecurePlatform/conf/crs.xml -remove HOTFIX_TURKEY_2015_TIMEZONE_340

Checkpoint Gaia – Reset Expert Password

Gaia Üzerinde Expert Password’ü değiştirmek için; aşağıdaki yöntemi uygulayınız. Checkpoint support üzerinde sk92347 inceleyebilirsiniz. HostName>show configuration set user USERNAME password-hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 R75.40 / R75.40VS / R75.45 / R75.46 / R75.47 versiyonları için, HostName>set expert-password hash HASH_of_CLISH_PASSWORD set expert-password hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 R76 / R77 ve üzeri versiyonlar için, HostName>set expert-password-hash HASH_of_CLISH_PASSWORD set expert-password-hash $1$vCbd0F3d$FjawgvrKBN.4EpAli59Wy/0 Değişiklikleri kaydedin, HostName>save config Yeni şifre için R75.45 ve üzeri, HostName>set expert-password R75.40 için, HostName>set expert-password plain Değişiklikleri kaydedin: HostName>save config

CMA Customer Logs Backup Script

Checkpoint Provider-1 için CMA üzerindeki logların yedeğini almak için script‘i kullanabilirsiniz. Alternatif, find / -name wget cd /tmp Example, /sysimg/CPwrapper/linux/MiniWrapperForMajor/linux/Actions/wget https://raw.githubusercontent.com/korkutozcan/Checkpoint/master/cma_logs_backup.sh /full_path/wget https://raw.githubusercontent.com/korkutozcan/Checkpoint/master/cma_logs_backup.sh veya curl -O https://raw.githubusercontent.com/korkutozcan/Checkpoint/master/cma_logs_backup.sh -k chmod +x cma_log_backup.sh Script’i çalıştırın, ./cma_log_backup.sh github

Checkpoint Disk Space Tip and Tricks

Bölüm tablosunu görmek için df komutunu kullanın, [[email protected]]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda6 1004M 257M 697M 27% / /dev/sda1 145M 17M 121M 13% /boot /dev/sda5 14G 1.7G 12G 13% /opt /dev/sda2 2.0G 1.4G 545M 72% /sysimg /dev/sda7 80G 1.3G 75G 2% /var [[email protected]]# Sorunlu bir bölümü tespit ettikten sonra, bu bölümün içeriğini analiz etmek için “du” komutu kullanın, [[email protected]]# du -h –max-depth=1 /opt | sort -n -r 440M /opt/spwm 440K /opt/CPsplatIS-R75.20 360M /opt/CPsuite-R75.20 150M /opt/CPrt-R75.20 129M /opt/CPshrd-R75.20 63M /opt/KAV 60M /opt/CPportal-R75.20 35M /opt/CPV40Cmp-R75.20 30M /opt/CPNacPortal 29M /opt/aspam_engine 29M /opt/CPSG80CMP-R75.20 24M /opt/CPR7540CMP-R75.20 24K /opt/SecurePlatform 23M /opt/CPUserCheckPortal 23M /opt/CPEdgecmp-R75.20 20M /opt/CPSmartLog-R75.20 18M /opt/CPR7520CMP-R75.20 17M /opt/CPR75CMP-R75.20 16M /opt/CPadvr-R75.20 16M /opt/CPR71CMP-R75.20 16K /opt/lost+found 15M /opt/CPNGXCMP-R75.20 14M /opt/CPCON66CMP-R75.20 8.0K /opt/CPshared 6.1M /opt/postfix 4.2M /opt/CPInstLog 2.1M /opt/MegaRAID 1.9M /opt/CPinfo-10 1.5G /opt [[email protected]]#

Installation failed. Reason: Load on Module failed – failed to load security policy

Checkpoint’te politika yükleme esnasında “Installation failed. Reason: Load on Module failed – failed to load security policy” hatası ile karşılaşırsanız çözüm için aşağıdaki komutları çalıştırmanız yeterli. Checkpoint Security Gateway üzerinde çalışırın komutları, cihazı yeniden başlatmanıza gerek yoktur. Gateway üzerinde trafikte kesinti yaratmayacaktır. CPD process’i üzerinde Online update’ler ve politika yüklemeleri bu process üzerinden gerçekleşir 18191 portunu kullanır. CPD ayrıca 18211 portunu da Internal SIC sertifikasını da yüklemek için bu servisi kullanır. FWM process’i de SmartConsole Applications, Security Management Server uygulamalarının çalıştığı servistir. Bu servisleri kontrol etmek için “cpwd_admin list” komutu ile kontrolünü gerçekleştirebilirsiniz. cpd ve fwm servislerini durdurup tekrardan başlatın, cpwd_admin stop -name FWM -path “$FWDIR/bin/fw” -command “fw kill fwm” cpwd_admin start -name FWM -path “$FWDIR/bin/fwm” -command “fwm” cpwd_admin stop -name CPD -path “$CPDIR/bin/cpd_admin” -command “cpd_admin stop” cpwd_admin start -name CPD -path “$CPDIR/bin/cpd” -command “cpd” Bu işlemleri yaptıktan sonra politikayı tekrar yükleyin.

Ping ve Traceroute aynı anda kullanma Scripti

Böyle bir script’e ihtiyacım oldu o yüzden paylaşmak istedim. sudo curl http://korkutozcan.com/wp-content/uploads/2015/03/pingtrace.sh -o /tmp/pingtrace.sh && sudo chmod +x /tmp/pingtrace.sh Scripti kullanmak için; ./tmp/pingtrace.sh www.google.com.tr Kod; #!/bin/bash #Korkut Ozcan | korkutozcan.com ping $1 -c 3 >> /tmp/ping.log & sudo traceroute $1 >> /tmp/traceroute.log & wait cat /tmp/{ping,traceroute}.log | more rm /tmp/{ping,traceroute}.log