Thursday, April 4, 2019

3DES Remediation and Troubleshooting





[Expert@myvpn01]# unset TMOUT
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]# enabled_blades
fw vpn urlf av appi ips identityServer SSL_INSPECT anti_bot ThreatEmulation mon vpn
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]#

[Expert@myvpn01]# cp -v $CPDIR/registry/HKLM_registry.data $CPDIR/registry/HKLM_registry.data_ORIGINAL
`/opt/CPshrd-R80/registry/HKLM_registry.data' -> `/opt/CPshrd-R80/registry/HKLM_registry.data_ORIGINAL'
[Expert@myvpn01]# ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1

[Expert@myvpn01]# ckp_regedit -p SOFTWARE\\CheckPoint\\FW1 | grep --color DISABLE_3DES
SOFTWARE\CheckPoint\FW1 : { CurrentVersion=[s]6.0 DISABLE_3DES=[s]1 }
[Expert@myvpn01]#

sk128652 Scenario 10


ROLL BACK 
[Expert@myvpn01]#
[Expert@myvpn01]# cp $CPDIR/registry/HKLM_registry.data_ORIGINAL $CPDIR/registry/HKLM_registry.data       
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]# ckp_regedit -p SOFTWARE\\CheckPoint\\FW1 | grep --color DISABLE_3DES
[Expert@myvpn01]#
[Expert@myvpn01]#
[Expert@myvpn01]# cpstop; cpstart



TROUBLESHOOTING 

[Expert@myvpn01]# fw tab -t userc_key -s

[Expert@myvpn01]# fw monitor -e "accept host(73.60.142.217);"

[Expert@myvpn01]# tcpdump -v -nni eth3-02 host 73.60.142.217

[Expert@myvpn01]# tcpdump -v -nni eth3-02 host 73.60.142.217 and port 443

[Expert@myvpn01]# tcpdump -vvv -nni eth3-02 host 73.60.142.217 and port 443

[Expert@myvpn01]# history
    1  unset TMOUT
    2  enabled_blades
    3  cp -v $CPDIR/registry/HKLM_registry.data $CPDIR/registry/HKLM_registry.data_ORIGINAL
    4  ckp_regedit -a SOFTWARE\\CheckPoint\\FW1 DISABLE_3DES 1
    5  ckp_regedit -p SOFTWARE\\CheckPoint\\FW1 | grep --color DISABLE_3DES
    6  cpstop; cpstart
    7  cphaprob stat
    8  fw tab -t userc_key -s
    9  fw monitor -e "accept host(73.60.142.217);"
   10  tcpdump -v -nni eth3-02 host 73.60.142.217
   11  tcpdump -v -nni eth3-02 host 73.60.142.217 and port 443
   12  tcpdump -vvv -nni eth3-02 host 73.60.142.217 and port 443
   13  clusterXL_admin down
   14  clusterXL_admin up
   15  cp $CPDIR/registry/HKLM_registry.data_ORIGINAL $CPDIR/registry/HKLM_registry.data
   16  ckp_regedit -p SOFTWARE\\CheckPoint\\FW1 | grep --color DISABLE_3DES
   17  cpstop; cpstart
   18  history
[Expert@myvpn01]#
Posted by at