HOWTO: Debug Policy Verification

Solution
Follow these steps:

Connect to command line on Security Management Server / Multi-Domain Security Management Server.

Log in to Expert mode.

On Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server:

[[email protected]:0]# mdsenv
Start the debug of FWM daemon:

[[email protected]:0]# fw debug fwm on TDERROR_ALL_ALL=5
[[email protected]:0]# fw debug fwm on OPSEC_DEBUG_LEVEL=3
Verify the policy under debug:

Policy Syntax
Security Policy :fwm -d verify $FWDIR/conf/.W 1>> /var/log/Security_Policy_Verification_debug.txt 2>> /var/log/Security_Policy_Verification_debug.txt
Threat Prevention Policy :fwm -d verify -p threatprevention $FWDIR/conf/.W 1>> /var/log/Threat_Prevention_Policy_Verification_debug.txt 2>> /var/log/Threat_Prevention_Policy_Verification_debug.txt
Desktop Policy :fwm -d verify $FWDIR/conf/.S 1>> /var/log/Desktop_Policy_Verification_debug.txt 2>> /var/log/Desktop_Policy_Verification_debug.txt
QoS Policy :fgate -d verify $FWDIR/conf/.F 1>> /var/log/QoS_Policy_Verification_debug.txt 2>> /var/log/QoS_Policy_Verification_debug.txt
Notes:

– is the name of the involved policy package as appears in SmartDashboard R7x / SmartConsole R8x
Take all the relevant outputs / screenshots.

Stop the debug of FWM daemon:

[[email protected]:0]# fw debug fwm off TDERROR_ALL_ALL=0
[[email protected]:0]# fw debug fwm off OPSEC_DEBUG_LEVEL=0

Upgrade to InterScan Messaging Security Virtual Appliance (IMSVA) 9.1

Upgrade 9.0 Patch 1 to 9.1

Backup IMSVA 9.0 Patch 1
Mount External Disk

mount /dev/sdb /var/udisk
# mkdir /var/udisk/app_data_backup

Copy all files to the disk:

cp -–preserve --recursive /var/app_data/* /var/udisk/app_data_backup/

Stop IMSVA Services:

# /opt/trend/imss/script/imssctl.sh stop
service crond stop

Start IMSVA Services:

# /opt/trend/imss/script/imssctl.sh start
service crond start

Use the following command in the CLI console to verify there are no
messages in the Postfix queue:

# postqueue –p

Upgrading a Single IMSVA
Restart the server that you want to upgrade with the IMSVA Installation DVD.
Screenshot_2016-09-05_11-19-49
Screenshot_2016-09-05_11-20-13
imsva-upgrade-2
verify the upgrade:

# tail -f /var/app_data/installlog

2016/09/03 23:53:04 EEST [5446:-142989632] Upgrade succeeded. [installer.py:276]

restart IMSVA services from the CLI console:

# /mnt/backup/dry_run.sh

verify the upgrade:

# tail -f /var/app_data/installlog

To roll back to IMSVA 9.0 Patch 1, use the following commands:

# /mnt/backup/confirm.sh
Do you want to complete the upgrade process[yes/no]:yes
The dry run has stopped.
InterScan Messaging Security Virtual Appliance has upgraded to 9.1 successfully.

R80 – Importing Log Files from SmartEvent Servers

To import offline log files, add events to the SmartEvent Server. By default, you can import the 14
most recent days of offline logs. To import more days of logs, change the log indexing settings.

[email protected]:# evstop
[email protected]:# cp $INDEXERDIR/log_indexer_custom_settings.conf $INDEXERDIR/log_indexer_custom_settings.conf_orig

Edit $INDEXERDIR/log_indexer_custom_settings.conf in a text editor.

[email protected]:# vi $INDEXERDIR/log_indexer_custom_settings.conf

Delete these lines;

Delete these lines:
:time_restriction_for_fetch_all ()
:time_restriction_for_fetch_all_disp ()

Add this line;

:num_days_restriction_for_fetch_all_integrated (DAYS)
[email protected]:# evstart

Steam : Fix libGL error: unable to load driver: i965_dri.so

libGL error: unable to load driver: i965_dri.so
libGL error: driver pointer missing
libGL error: failed to load driver: i965
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast

Downgrade libcrypt

sudo pacman -U /var/cache/pacman/pkg/lib32-libgcrypt-1.6.5-1-x86_64.pkg.tar.xz 

Remove Libraries;

find ~/.local/share/Steam/ \( -name "libgcc_s.so*" -o -name "libstdc++.so*" -o -name "libxcb.so*" -o -name "libgpg-error.so*" \) -print -delete

How to send Check Point Tracker Logs to External Syslog Server

Add following line at the end. Please note this is a single line command so add it appropriately.
If required just type it manually

[email protected]#: fw log -f -t -n -l 2> /dev/null | awk 'NF' | sed '/^$/d' | logger -p local4.info -t CP_FireWall &

Permanently;

[email protected]#: cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot.ORG

Edit cpboot file;

[email protected]#: vi /etc/rc.d/init.d/cpboot

Add following line at the end.

fw log -f -t -n -l 2> /dev/null | awk 'NF' | sed '/^$/d' | logger -p local4.info -t CP_FireWall &

Next,

add syslog log-remote-address x.x.x.x level info
save config

Check Point – Useful performance commands

[[email protected]:0]# fw ctl affinity -l -v -a -r
CPU 0:  eth5 (irq 75) eth1 (irq 235) eth2 (irq 139) eth7 (irq 203)
        fw_1
CPU 1:  eth6 (irq 234) eth3 (irq 171) eth4 (irq 107)
        fw_0
All:    in.acapd usrchkd fwpushd rtmd in.geod pepd vpnd rad mpdaemon pdpd in.msd fwd cprid cpd

$FWDIR/conf/fwaffinity.conf

[[email protected]]# fw ctl multik stat 
ID | Active  | CPU    | Connections | Peak    
----------------------------------------------
 0 | Yes     | 1      |         530 |     2109
 1 | Yes     | 0      |         478 |     2963 
[[email protected]:0]# fw ctl get int fwx_max_conns
fwx_max_conns = 0

0 unlimited.

[[email protected]:0]# fwaccel conns -s 
There are 2143 connections in SecureXL connections table

Upgrade from R77.20 to R77.30 upgrade conflict with hotfix “HOTFIX_TURKEY_2015_TIMEZONE_340”

A fix conflict was detected during pre-install validation.
To prevent system instability, installation will not continue.
Please contact Check Point support with the following information:
HFA Check Point SecurePlatform R77 R77_30
Conflict with hotfix HOTFIX_TURKEY_2015_TIMEZONE_340 – details:

Remove Registry;

$CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HOTFIX_TURKEY_2015_TIMEZONE_340
$CPDIR/bin/ckp_regedit -d //SOFTWARE//CheckPoint//SecurePlatform//6.0//HotFixes HOTFIX_TURKEY_2015_TIMEZONE_340

Remove Hotfix;

$CPDIR/bin/CRSValidator -l /opt/SecurePlatform/conf/crs.xml -remove HOTFIX_TURKEY_2015_TIMEZONE_340