Seems like I have been working on this for years. Had bits and pieces. But thanks to Gene Berger, finally pushed me to pull it together with a huge data dump from him. Thanks Gene!
Last: IdentityAwareness-For-Dummies-v8 – Version 8 3/5/2015 – Shared gateway portals
Latest: IdentityAwareness-For-Dummies-v9 – Version 9 5/15/15 – Fixed picker, TOC
FYI: Check link often, I am constantly updating the document.
Identify and Destroy!
dreez
So we were having stray SYN packets and this young smart Cisco geek guy showed me some Wireshark tricks.
This is how you follow a TCP conversation and the SYN/ACK and sequence numbers.
- Add SEQ/ACK/Length to the columns (see below) Apply As Column
- Right click on packet in question and Follow TCP stream. NOTE: the stream number that Wireshark adds to unique SRC/DEST IP/port quad conversations.
So just got my mitts on a 1100 and only one question.
WHY?
It is so different from mainline GAIA, its almost like buying Yet Another Firewall YAF. CP’s strength which I adore is Single Glass – Centralized Security Management – Lower Total Cost of Ownership – Etc. So WHY introduce YAF that doesn’t look like or can administrate like GAIA mainline? The GUI is not standard GAIA and the command line is butchered GAIA and the file system is not GAIA-like. I can tell a totally different team of R&D developed this YAF.
For large enterprises that are looking to standardize to lower administrative costs…and are borderline CP customers, why not just tip them over the edge to a competitor because the 1100 is YAF. OK, it may be simple and stripped down and stable,etc…but then what differentiates it from the competitors? Why not just keep the Edge series which were AWESOME and super stable rock solid? I’m not getting it.
And then I think of the R&D and support costs of YAF that distracts CP from its main mission – Single Pane of Glass.
Then again Gil has a jet and I have a 2006 Scion…
Its no state secret that there have been one or two …..ehehmmmmm let’s see how do I say this….design inconsistencies…. in CP code since the solid-as-a-rock-days-R65. Just found another cool tool to help in the debugging. Not sure when this showed up but sure is welcomed. Bugs are a pain in the butt, but when there are tools to help us help ourselves, it takes the edge off.
Thank You CP! Keep it coming (the debug tools I mean, not the bugs)
SmartDashboard….
UPDATE: More info from Chris. Thanks Chris!
If you enable CP_DEV_MODE, you get more debug options.
The SmartConsole logs go into a directory on the PC. in my case c:\program files (x86)\checkpoint\SmartConsole\R77.20\PROGRAM\data and have a name that starts with rule-base
There is also a utility in c:\program files (x86)\checkpoint\SmartConsole\R77.20\Program named traceutil.exe This allows specific debugging options to be enabled.