Thursday, January 18, 2024

subnetting on checkpoint

 

https://jodies.de/ipcalc

Address: 192.168.0.1 11000000.10101000.00000000 .00000001

Netmask:   255.255.255.0 = 24    11111111.11111111.11111111 .00000000
Wildcard:  0.0.0.255             00000000.00000000.00000000 .11111111
=>
Network:   192.168.0.0/24        11000000.10101000.00000000 .00000000 (Class C)
Broadcast: 192.168.0.255         11000000.10101000.00000000 .11111111
HostMin:   192.168.0.1           11000000.10101000.00000000 .00000001
HostMax:   192.168.0.254         11000000.10101000.00000000 .11111110
Hosts/Net: 254                   (Private Internet)


Should you ever forget intricacies of the subnetting Checkpoint bothered not to strip subnetting calculator from their Splat – ipcalc, so use it and litter not your memory with useless info.Given subnet show the 1st Ip (network) :

# ipcalc -n 192.168.34.45/27
NETWORK=192.168.34.32

Given subnet show the last IP (broadcast) :

# ipcalc -b 192.168.34.45/27
BROADCAST=192.168.34.63

Be careful though what you feed as no proof-reading is done by the ipcalc :

# ipcalc -b 192.168.34.45/33
BROADCAST=255.255.255.255
Posted by at

Thursday, January 11, 2024

 
[Expert@myfirewall]# cphaprob -l list

Built-in Devices:

Device Name: Interface Active Check
Current state: OK

Device Name: Recovery Delay
Current state: OK

Device Name: CoreXL Configuration
Current state: OK

Registered Devices:

Device Name: Fullsync
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 1.31105e+06 sec

Device Name: Policy
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 1.31105e+06 sec

Device Name: routed
Registration number: 2
Timeout: none
Current state: OK
Time since last report: 164.8 sec

Device Name: cxld
Registration number: 3
Timeout: 30 sec
Current state: OK
Time since last report: 102116 sec
Process Status: UP

Device Name: fwd
Registration number: 4
Timeout: 30 sec
Current state: OK
Time since last report: 102116 sec
Process Status: UP

Device Name: cphad
Registration number: 5
Timeout: 30 sec
Current state: OK
Time since last report: 4.1131e+06 sec
Process Status: UP

Device Name: VSX
Registration number: 6
Timeout: none
Current state: OK
Time since last report: 4.1131e+06 sec

Device Name: Init
Registration number: 7
Timeout: none
Current state: OK
Time since last report: 4.1131e+06 sec

Device Name: Local Probing
Registration number: 8
Timeout: none
Current state: OK
Time since last report: 185.2 sec

[Expert@myfirewall]# 

Posted by at

Friday, January 5, 2024

Fixes to R81.20

 
FIXES
1. Set grub2 password
myfirewall01> set grub2-password
Enter new grub2 password: 
Enter new grub2 password (again): 
myfirewall01> 


2. Update TRAC File

/var/opt/CPsuite-R81.20/fw/conf/trac_client_1.ttm
make a backup copy of file
      )
                :automatic_mep_topology (
                        :gateway (
                                :map (
                                        :false (false)
                                        :true (true)
                                        :client_decide (false)     [ change from Client_Decide to False]
                                )
                                :default (false)  [ change from True to False]
                        )
                )


3. Fix http2
Description:
Similar change was successfully implemented and tested on the lower region (TestVPN)

1. Disable HTTP2 Header Length on myfirewall01 and myfirewall02
To disable http2:
ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 1
cpstop;cpstart

To enable http2 again:
ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 IGNORE_ALPN_EXTENSION 0
cpstop;cpstart
No production impact, low risk.


Posted by at
Subscribe to: Posts (Atom)