Author Archives: Farzand Ali

Check Checkpoint: create a csv file and run it through mgmt_cli Excel sheet file format with column headings: name,subnet,subnet-mask #mgmt_cli add network –batch IPs-ListFile.csv -r true How to import multiple objects into R80.x Management database using .csv file and then add them to a group: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk113078 https://community.checkpoint.com/t5/General-Management-Topics/Format-of-csv-file-to-add-object-in-group/td-p/8987 .csv files needs to be where you willContinue reading “How to import multiple objects into R80.x Management database using .csv file and then add them to a group”

  fwaccel off (turn SecureXL off) vpn debug trunc vpn debug on vpn debug on TDERROR_ALL_ALL=5 Replicate the issue or wait for some time for VPN re-establishment vpn debug off vpn debug trunc off fwaccel on (turn SecureXL on) upload the following files to Checkpoint TAC so that they can run it inside their IKEContinue reading “VPN Debugging Commands to extract .elg and .xml files for troubleshooting”

1. Enable Config Sync (untick on both)(commit). 2. Specify Panorama Server on HA Firewalls and Enable Policy, Objects and Templates options (commit). 3. Add Firewalls as Manages devices in Panorama using serial numbers (Tick Group HA Peers) (commit Panorama). 4. Import Device configuration to Panorama (Post Rule/Leave ticked) (Primary) 5. Import Device configuration to PanoramaContinue reading “Steps: Adding HA devices to Panorama”

Why conduct a penetration test? An organisation should carry out a penetration test: In response to the impact of a serious breach on a similar organisation; To comply with a regulation or standard, such as the PCI DSS (Payment Card Industry Data Security Standard) or the EU GDPR (General Data Protection Regulation); To ensure the security of newContinue reading “Why Conduct Pen Test?”

(use pscp for windows) https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html ASA: ssh scopy enable PC: pscp C:\Users\fali\Desktop\asa964-17-lfbff-k8.SPA ABCCorp@196.29.167.170:disk0:asa964-17-lfbff-k8.SPA (use pscp -1 …… for version 1) ASA:  no boot system disk0:/asa952-6-lfbff-k8.SPA boot system disk0:/asa964-17-lfbff-k8.SPA boot system disk0:/asa952-6-lfbff-k8.SPA wr mem reload in 8:00

Enforce DAP Based on CSD Host Scan for Domain Registry Key Note:  (Enable: Check Cisco Security Discovery option  under the profile):

SSL Protocol: These are the following list of protocols which have been released till date: SSL 1.0, 2.0 and 3.0 TLS 1.0 (or SSL 3.1, released in 1999) TLS 1.1 (or SSL 3.2, released in 2006) TLS 1.2 (or SSL 3.3, released in 2008)

1.DAP rules (Dynamic Access Policy)(NAC)(e.g. if firewall present on client machine etc.) 2.User Profile rules (User Account)(e.g. Two simultanous logins) 3.User Profile Group rules (Group Policy attached to the User profile)(e.g. WebTypeACL) 4.Connection Profile Group rules (selected at pre-login based on URL, Alias or Cert)(e.g. no http from portal) DefaultWebVPNGroup DefaultRAGroup Custom connection profile 5.DfltGrpPolicyContinue reading “RA VPN Profiles and Policies Flow (Pre and Post Login)”

# fw accel off (Turn Off secureXL) # tcpdump -nei eth1-08 port 22 or 23 -w /var/log/FTP_tcpd_ethx.pcap # tcpdump -nei Mgmt port 22 or 23 -w /var/log/FTP_tcpd_ethy.pcap # fw monitor -p all -e ‘accept host(10.50.x.);’ # fw monitor -e “accept src=10.200.7.30 and dst=172.24.32.101;” # fw monitor -e “accept dst=10.200.7.30 and src=172.24.32.101;” # fw monitor -pContinue reading “Capture and Monitor traffic Checkpoint”