Tag Archives: Tips and Tricks

Identity Awareness for Dummies

Seems like I have been working on this for years. Had bits and pieces. But thanks to Gene Berger, finally pushed me to pull it together with a huge data dump from him. Thanks Gene!

Last: IdentityAwareness-For-Dummies-v8  – Version 8 3/5/2015 – Shared gateway portals

Latest: IdentityAwareness-For-Dummies-v9  – Version 9 5/15/15  – Fixed picker, TOC

FYI: Check link often, I am constantly updating the document.

Identify and Destroy!


identity awareness components

2012 CPX Review

Greatings CPX’ers.

I attended 2012 CPX in Orlando this year and I personally learned a TON. I approached it differently this year and basically bypassed the presentations and hunted down CP internal people to get answers (see my other discussion on CPX).  They were all very accommodating and I hope I can share the Best Of CPX that I learned.

The most significant things I got from the conference (so you don’t have to read my cryptic notes) are:

–          GAIA is released

–          R75.40 is released with MDM (But no MDM on GAIA for a month or so)

–          SmartLog!!!!! The most exciting product in the CheckPoint suite next to MDM!! You HAVE to check this out. And its FREE!!!

–          Hit counts in SmartConsole!!!! Finally!!!

–          GRC regulatory info will be integrated into SmartEvent. So you could get PCI compliance information in the future

–          No plan for 64bit MDM

–          No plan to put MDM database into a real database (bummer for many reasons)

–          Edges are getting whacked, replaced by Series-80

–         Licensing will never be fixed. They don’t even think its a problem.

Forgive the general rambling nature…I’m trying to remember from my cryptic notes what I extracted from my conversations.

=====================  Gill Schwed CEO and founder ===================================

Gil Swed (CEO and founder):  Similar to last year but the vision speech has changed again. Last year GRC was big, this year more product oriented mapping it to GRC.  Last year I thought (mistakenly??) that CP wanted to become a big security player in software && services with purchase of GRC, but I didn’t get that this year.

He spent some time on the CP Threat Cloud that gateways from all customers report into and then distribute back to gateways and used by IPS, App Control, AntiBot  (not sure what else) to report threats back to gateways to shutdown attacks.  This should approach real-time as we progress.

Best part was Gil talking about his Tesla and he listens to Arab music on his MP3.

======================Anon Director of 3D =============================================

Talked about 3D and how CP is now taking it seriously.  CP said they would share their policy with whoever asks.

======================= Kelman – Directory of Support Toronto Canada====================

I’d say the hit of the conference. Great mapping of policy, procedures technology, politics to the Star Wars background. Hilarious. Great job.

====================== App Control ==================================

Couldn’t hear nor understand this one, but I think these are some of the upgrades:

–          Bandwidth limits

–          Can be accelerated by SecureXL and Core XL

–          Rule Time limit

–          Granular user check (not sure what they mean)

–          Support HTTP proxy config (not sure)

  • Transparent mode (not sure)
  • Per interface (not sure)
  • Safe search (not sure)

==================== R75.40  =======================================

–          Was released during conference

–          https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk67581&js_peid=P-114a7bc3b09-10006&partition=General&product=Security#Downloads

–          No P1 on GAIA, maybe May

–          GAIA is released;

–          SMARTLOG: I think the most exciting, revolutionary product next to MDM/P1

–          All the other products have incremental improvements

–          Hit counts in SmartConsole!!!! Finally

==================== GAIA =======================================

Cool things from GAIA:

–          It is released here:

–          https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=14900

–          Large customer has in production so theoretically it works

–          Has auto update

  • Notify
  • Schedule update
  • Verify update occurred

–          NOTE: the configuration data is now stored in a database. So if you update files they will get overwritten when you do a database save. This is from IPSO days.

–          NOTE: Several configuration items are not stored in database and won’t be migrated. RSA in /var/ace, cron, SNMP, $FWDIR/local.arp, and any custom modified commands/data.

–          DANGER: GAIA may remap network ports, make sure you label them!!!

–          64 bit GAIA is limited to 24gig is the tested service support. But it should recognize as much memory as you put in. Need 6 gig of memory as a base for 64 bit.

–          Very cool, will share VMware shared folders with a host.

–          Once installed you can switch between 32 and 64 bit GAIA, it is a configuration item and reboot. So no reinstall to go to 64 bit

–          No support for IPV6 to IPV4 NAT gateway. Bummer

–          SPLAT to GAIA upgrade is 1 command that will translate into GAIA commands

–          GAIA is mainly based on SPLAT and some of it was already in R75? (not sure)’

–          NOTE: There is no plan for 64 bit P1/MDM.

–          SmartProvisioning improvements—One can only pray

–          VRRP is preferred HA mode – but he couldn’t tell me why. Not sure what conversion will be like

–          Like cisco, you can dump GAIA commands into a file for its configuration, and then change the template to roll out to different gateways (like modify IP address and host name)

–          NOTE: R75.40 P1 cannot! Run on GAIA yet. Late Q2????

–          Why do you need 64bit GAIA?? Was told that concurrent connections take a ton of memory. Much more than IPS, AppControl, etc. (I’d like to see more data on this)

–          OPINION: I”d let it bake a bit (1 more year) and let things settle down. Unless you have some need for high connection throughput via 64bit memory – if its not broke don’t fix it.

==============================P1 MDM=============================================

–          Overall, very disappointing. Not much in roadmap

–          R75.40 out 4/18/2012

–          MDM on GAIA is very close in 32 bit mode

–          No plans for 64 bit MDM

–          Not working on back end database

–          Will be 2-3 years before big new features are delivered (not sure what they are)

–          They are working on some multi-threading to enhance performance

–          SmartCenter is going away, all will be Domain in MDM. No more standalone SmartCenter

–          Renaming global objects:


===================Product Roadmap =====================================

–          I missed 75% of this

–          COOL thing is they are planning on having Smart Even report PCI regulatory compliance, somewhat similar to Tufin/Algosec/Firemon, etc. This is part of the GRC purchase they did last year.

–          FYI: Edges are history, replaced by Series80

======================Random Gossip ==========================================

–          Edges are going away, will be merged into Series-80 a flash based system with GAIA

–          Floating IP addresses are being worked on for VMotion support

============================ E80.40 Endpoint Client

–          Management is finally in SmartCenter

–          SCV (secure compliance verification) is old, Endpoint compliance is new system “Policy Server”

–          Will have its own blades for ; malware, encryption,vpn, webcheck, firewall, compliance, usb encrypt

–          Endpoint VPN and Endpoint E8040 will merge In 2013

============================ SmartLog=======================================

==============è STOPç=======================

==============è STOPç=======================

==============è STOPç=======================

Everything you are doing. Stop looking at other products. Stop all your paper work.

SmartLog is revolutionary. It is the iPhone of SIM products. And they are giving it away for free. This product could replace all your SIM products like RSA Envision (which is horrible unless you like to wait 10 minutes and construct database queries).

SmartLog puts a google like face on Tracker. It is super fast. Get this: You can direct ALL your logs to one platform now!!! Did you hear that MDM crowd. No more hunting through log servers, its all in 1 place!!!!

I am still amazed they are giving it away for free.!! I was almost child-like giddy laughing when I listened to Dudi (head developer) give me all the details. This product is amazing, I’m not sure CP knows what they have created.

So STOP what are doing and download and install NOW!!!

Here are the tidbits:

–          You can suck in your old logs

–          You can search through billions of records quickly. We saw ½ billion in a couple seconds

–          32 or 64 bit, doesn’t matter (I didn’t get this part, should be 64 bit)

–          Can be installed on almost any platform: GAIA, splat, windows

–          Works with MLM environments. You can check off what DLM you want to query. 1 or all.

–          Give it TONS of memory, it will gobble all you give it. That’s why I thought it should be 64-bit

–          Make sure it is on a kick ass box, otherwise it can fall behind real-time and never catch up.

–          MAX: 1 billion logs per day

–          FIFO for delete when disk gets full.

–          It will gobble up 70% more disk space for the index file.

–          Admin manual is only 17 pages!!!

–          SmartLog is part of all SmartManagers or Domain Log Servers. You have to Enable it in SmartConsole

–          3 pieces: SmartLog console, SmartLog Index Server, SmartLog aware Log Servers.

–          If you install SmartLog Index Server on a standalone platform, it has to use LEA to suck logs from the log servers. NOTE: This can be slow (3K-10K records/sec) and so you might fall behind real-time. You might want to have 2 SmartLog servers. One for old records and One for real-time recording.

–          SmartConsole Install

–          If you install the SmartLog Index Server on the same box as the Log Server, then the indexes will be built fast, but you lose 70% of your disks to the index. Classic time vs. space….DISK IS CHEAP!

–          WIP: Index server is in the SmartConsole ISO? Not sure how to put the Index Server on a MLM? VMware lab!!!

How to attend CPX

How To Attend CPX

Once again I attended CPX and came away euphoric.  WHY? Because I finally figured out how to attend CPX.

Attending CPX is like going to your doctor with some weird symptoms and not asking questions. You assume the person in the white coat knows it all and will magically figure out all your illnesses, give you the blue pills and go home. Of course you will go home and continue to be sick and you will blame it on the doctor.

CheckPoint is based in Israel whose educational culture is based on the British system of schooling. You sit and listen and absorb the great knowledge handed down to you….and don’t ask questions. At CPX, if you choose to just sit and impassively listen to sales lectures you should not come. The presentations are mostly sanitized standardized sales rah-rahs you hear from your local reps so you can get the slides at home.

That’s what I did at CPX 2011 and I was  disappointed. But you know what? This year I figured out it was my fault and not CheckPoint’s. Their culture is different.  They really want to be helpful and share information but they lean heavily on the Internal to External rule. They have a subtle stealth rule probably because Israel is only 26 miles wide and could be crushed in a day and so security is huge in the Israeli psyche. Also the language barrier makes it harder for some of the techies to carry on a dialogue in a public venue so they may be shy or nervous. But they really do want to share, keep that in mind.

The meat of the conference is the tech labs, and 1-on-1’s. This is where you will get your monies worth and much much more. And this is how….

This is the CPX secret sauce I learned from a good friend. Before you go to CPX survey your customers, peers, etc  about the issues they are having.  At the bar, at lunch, in the elevator, smoking a cig, ask people “Hi hows it going? Where are you from? What do you do? Hey do you see these problems too?? Do you have similar issues? HEY! Do you want to go get some answers???” With this list and your posse’ you go on an attack. CP has a 1-on-1 booth staffed by two lovely people that will setup interviews to answer your questions. Unfortunately they might not really know who to direct you to, but they will get you started.  If you can’t schedule a 1-1, then in the hallway just ask CP people “Who knows about XXXX and where is SO AND SO” and they will hunt them down for you.

Once you get a 1-on-1 you start asking your questions not once but 5 times to as many people you can. Why? Because the first 4 people probably don’t know but want to be helpful. Ask each CP person “Who would know the REAL answer???”, and then go hunt them down.  Even in the hallway or bar if you run into a CP person ask them your list of questions and who would know the right answer. After a while you will get the name of a person that will appear several times. THAT”s the person that knows the answer!!!!

Feel free to vent frustration but make sure you remain positive and constructive.  They really want to know where the problems are. Try to get details on HOW the system works so you can help them fix the problem knowing system internals. Ask them what can YOU do to make their job easier…. Like running test cases, setting problem up in VMware, prioritizing new functionality, baking them a cake. Whatever. Makes good dialogue.

The results are amazing and so much worth your time. You will find you will be building relationships with really good people that have personal commitments to their company, their cool technology and their nation…..and more importantly resolving your issues. You can get the inside unsanitized scoop on what’s coming down the pike. I even was able to vent a bit about their licensing (sorry about that Ofer), and come away feeling refreshed and euphoric. We even had some sessions where we just laughed ourselves silly like schoolgirls.

You obviously will need to put yourself out there but after the first couple sessions it almost becomes a hunting game. Remember YOU have to choose to pursue how much you want to get out of CPX. If you choose NOT to actively pursue truth and justice, then stay home. Leaves more time for me to get answers at my sessions.

So we are signing up for 2013 CPX in Washington DC April 24-26 (I think).  Anyone that wants to be in the Dreez posse’ let me know!

CHOOSE your CPX future.


Helen's Loom

"Peculiar travel suggestions are dancing lessons from God." - Kurt Vonnegut

Life Stories from Dreez

These are stories from my travels. Generally I like to write stories about local people that I meet and also brag about living the retirement dream with my #1 wife Gaby. She is also my only wife.