I hope this blog serves you well May God Bless You, Keep you safe and bring you peace! JaiSaiRam
IPSec VPN Application URL Filtering
Mobile Access QOS - rate limiting
IPS Data Loss Prevention DLP
Anti Bot Threat Emulation
Anti Virus ClusterXL
Anti Spam/Email Security Monitoring
Identity Awareness
Firewall Security Book SandBlast -Threat-Emulation
Checkpoint Stateful Inspection Patent No 5,606,668 so who invented Checkpoint's Stateful Inspection Nir Zuk or Gil Shwed? Inventor: Gil Shwed, Jerusalem, Israel
Checkpoint Gaia R81.20 with Software Blades
Firewall Application ControlIPSec VPN Application URL Filtering
Mobile Access QOS - rate limiting
IPS Data Loss Prevention DLP
Anti Bot Threat Emulation
Anti Virus ClusterXL
Anti Spam/Email Security Monitoring
Identity Awareness
Firewall Security Book SandBlast -Threat-Emulation
Checkpoint Stateful Inspection Patent No 5,606,668 so who invented Checkpoint's Stateful Inspection Nir Zuk or Gil Shwed? Inventor: Gil Shwed, Jerusalem, Israel
How to -Configuration |
Checkpoint Command |
Revert back to Factory default | set fcd revert Gaia_R77.30 |
How to load configuration from file | load configuration config |
How to add static route | set static-route 10.0.0.0/8 nexthop gateway address 10.15.29.13 on |
How to set Management interface | set management interface eth3-04 |
How to set Hostname | set hostname myvpn-fwa |
How to set Domain Name | set domainname mydomain.com |
How to set DNS | set dns suffix mydomain.com |
set dns primary 216.188.176.160 | |
set dns secondary 100.250.210.160 | |
How to set NTP | set ntp active on |
set ntp server primary 216.188.176.160 version 1 | |
set ntp server secondary 100.250.210.16 version 1 | |
How to turn on an Interface | set interface eth3-01 state on |
set interface eth3-01 auto-negotiation on | |
set interface eth3-01 mtu 1500 | |
set interface eth3-01 ipv4-address 16.11.190.78 mask-length 25 | |
set interface eth3-01 comments "internet" | |
How to shutdown interface | set interface eth3-02 state off |
How to set default route | set static-route default nexthop gateway address 16.11.19.2 on |
How to turn off a default route | set static-route default nexthop gateway address 192.168.1.254 off |
How to add a static route | set static-route 148.91.83.0/24 nexthop gateway address 10.150.249.113 on |
How to config OSPF | set ospf area backbone off |
set ospf area 25.10.10.3 on | |
set ospf interface eth1-01 area 25.10.10.3 on | |
set ospf interface eth1-01 cost 1 | |
set ospf interface eth1-01 priority 0 | |
Add User | add user scp uid 0 homedir /home/scp |
set user scp gid 100 shell /bin/bash | |
set user scp password-hash $1$iAGC7iEO$PtD4i6lb)7/KpeJ8iSfdGE1 | |
How to Print Static-Routes | netstat -nr | grep -v D |
netstat -rn |grep eth1 | awk -F' ' ' {print $1, $2, $3}' | sort >routes.txt | |
netstat -rn |grep eth1 | awk -F' ' ' {print $1, $2, $3}' | sort | wc -l | |
Unload Local Firewall Policy fwnload local Ace directory is created when the VPN firewall is first pushed. sdconf.rec - Seed File from RSA for testvpn-fwb sdopts.rec - file contains the gateway IP address for RSA CLIENT_IP=100.105.249.61 sdstatus.12 - Created automatically with gateway first contacted RSA for authentication [Expert@mytestvpn-fwb:0]# cd /var/ace [Expert@mytestvpn-fwb:0]# ls -lt total 12 -rw-rw-r-- 1 admin root 2418 Mar 10 23:22 sdstatus.12 -rw-r----- 1 admin root 22 Mar 10 22:07 sdopts.rec -rw-r----- 1 admin root 2757 Mar 8 13:58 sdconf.rec [Expert@[Expert@mytestvpn-fwb:0]# cat sdopts.rec CLIENT_IP=10.15.249.61 [Expert@mytestvpn-fwb:0]# :0]# [Expert@mytestvpn-fwb:0]# cat sdopts.rec CLIENT_IP=100.105.249.61 Expert@mytestvpn-fwb:0]# Update default settings in trac_client_1.ttm on both member cluster :client_decide (client_decide) to :client_decide (false) :default (true) to :default (false) mytestvpn-fwa:# mytestvpn-fwa:# cd /var/opt/CPsuite-R77/fw1/conf more trac_client_1.ttm mytestvpn-fw :automatic_mep_topology ( :gateway ( :map ( :false (false) :true (true) :client_decide (client_decide) ) :default (true) bostestvpn-fw :automatic_mep_topology ( :gateway ( :map ( :false (false) :true (true) :client_decide (false) ) :default (false) License Seats [Expert@MY-VPN]# grep --binary-files=text sc_users $FWDIR/database/fwauth.NDB :sc_users (25500) [Expert@MY-VPN]# |