Monthly Archives: December 2014

Identity Awareness for Dummies

Seems like I have been working on this for years. Had bits and pieces. But thanks to Gene Berger, finally pushed me to pull it together with a huge data dump from him. Thanks Gene!

Last: IdentityAwareness-For-Dummies-v8  – Version 8 3/5/2015 – Shared gateway portals

Latest: IdentityAwareness-For-Dummies-v9  – Version 9 5/15/15  – Fixed picker, TOC

FYI: Check link often, I am constantly updating the document.

Identify and Destroy!

dreez

identity awareness components

Advertisements

Debugging TCP/IP Streams with Wireshark

So we were having stray SYN packets and this young smart Cisco geek guy showed me some Wireshark tricks.

This is how you follow a TCP conversation and the SYN/ACK and sequence numbers.

  1. Add SEQ/ACK/Length to the columns (see below) Apply As Column
  2. Right click on packet in question and Follow TCP stream. NOTE: the stream number that Wireshark adds to unique SRC/DEST IP/port quad conversations.

followtcp

YAF – Yet another Firewall

So just got my mitts on a 1100 and only one question.

WHY?

It is so different from mainline GAIA, its almost like buying Yet Another Firewall YAF. CP’s strength which I adore is Single Glass – Centralized Security Management – Lower Total Cost of Ownership – Etc. So WHY introduce YAF that doesn’t look like or can administrate like GAIA mainline? The GUI is not standard GAIA and the command line is butchered GAIA and the file system is not GAIA-like. I can tell a totally different team of R&D developed this YAF.

For large enterprises that are looking to standardize to lower administrative costs…and are borderline CP customers, why not just tip them over the edge to a competitor because the 1100 is YAF. OK, it may be simple and stripped down and stable,etc…but then what differentiates it from the competitors? Why not just keep the Edge series which were AWESOME and super stable rock solid? I’m not getting it.

And then I think of the R&D and support costs of YAF that distracts CP from its main mission – Single Pane of Glass.

Then again Gil has a jet and I  have a 2006 Scion…

1100 ScreenShot

YADT – Yet Another Debug Tool

Its no state secret that there have been one or two …..ehehmmmmm let’s see how do I say this….design inconsistencies…. in CP code since the solid-as-a-rock-days-R65. Just found another cool tool to help in the debugging. Not sure when this showed up but sure is welcomed. Bugs are a pain in the butt, but when there are tools to help us help ourselves, it takes the edge off.

Thank You CP! Keep it coming (the debug tools I mean, not the bugs)

SmartDashboard….

debug

UPDATE: More info from Chris. Thanks Chris!

If you enable CP_DEV_MODE, you get more debug options.

variable

The SmartConsole logs go into a directory on the PC.  in my case c:\program files (x86)\checkpoint\SmartConsole\R77.20\PROGRAM\data and have a name that starts with rule-base
There is also a utility in c:\program files (x86)\checkpoint\SmartConsole\R77.20\Program named traceutil.exe   This allows specific debugging options to be enabled.

window

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.