var/log space is full even after clearing the firewall logs in management server (Checkpoint)


If you are a firewall administrator you might have faced this issue in various occasions.

When Smartview monitor shows as var/log full then login to CLI and check with the command df  –k to ensure the space availability.

Usually when the Var/log is full then the few recommended steps are,

  • ü  Remove unwanted backups in the CPbackup
  • ü  Clear the unwanted files for database revision control
  • ü  Remove any hotfix or tgz file uploaded for installation
  • ü  Remove any cpinfo or zdebug logs in the server.


This will be the maximum troubleshooting you could do as per technical documentations available.
But sometimes you will not see any difference in disk space even after clearing them. So what could be the solution here!!

Yes to solve this, first question I would ask you is,

Have you upgraded your firewall recently?

Most of them will reply to “Yes”

If yes then your job is easy. So to the location var/log/opt/cpsuite<olderversion number before upgrade>/fw1

When you check here we will have ton of logs. So clear those and we are good to go.

Now check with smartview monitor and you will have sufficient amount of space available in your checkpoint management server.






1 comment:
Labels:

Checkpoint ebook for beginners - CCSE R75 Session-01


As a beginner I would like you to be clear on few concepts explained below,

I have seen people who have device experience are not good at these concepts. So read carefully.

SVN – Secure virtual Network Architecture:

SVN allows us to configure and manage various components from a common point.  Consider you create a new policy where this SVN helps us to apply it throughout the organization and help to maintain the uniformity.
SVN helps us to maintain the security of four components in your organization like networks, host, users and applications.


Three tier Architecture:

Checkpoint works with three tier architecture and comprises of the below components

Smart Client – With which you create policies
Smart Server – Where the policies are stored
Enforcement Modules – Where the security rules are applied.

With this three tier architecture we keep the administration, management and enforcement as separate entities.

Once we are clear with these we can move on to the session where we you can learn the exact functionalities of the above components.




1 comment:
Labels:

Checkpoint - Introuduction to checkpoint CCSE R75 certification

Checkpoint is the word which can make you feel secured from all kinds of network threats.

Yes, I would proudly say I am a very big fan of checkpoint, who holds its certification and happy to work with that technology.

When you are a network or a windows guy who is more interested in security, then I would strongly recommend checkpoint because they are the leader in security market.

Now every company owns their checkpoint device with latest version of OS running on them.
So I am sure you will get the job easily in security industry if you learn checkpoint. (Because that’s the way I got my job J )

So its good to get your latest checkpoint certification CCSE R75.

When I think about the title of my blog (Make it simple) first thing that strikes my mind is Checkpoint.

Checkpoint brought a revolution in this firewall product like,
ü  Provides a best GUI (anyone can create a firewall rules)
ü  Provides various products like smart monitor, tracker, update etc which could make you complete your task in few minutes.
What is interesting?

Lots of stuff are interesting about checkpoint. But i would like to give you a most exceptional one which is not available with any other products.

Every service provider who manages the infra of any company will have a tool where you create a CR and assign for approval. Firewall rules or any change will be implemented once the CR is approved.

You might be aware of this task if you are into this infra industry. OMG!! It’s really hectic.
Even this was made easy by checkpoint with smart workflow where you create a session and implement once it is approved.
In this post I have just mentioned few points which I like the most with checkpoint but there is lot more.

This post is a kind of introduction to my checkpoint tutorial and advanced troubleshooting which will be presented soon in my upcoming posts.

Guys! Let us start our journey towards CCSE R75.




2 comments:
Labels:

How ping works with machines in different subnet ?


As stated earlier a packet will be created like below

Destination IP
Source IP
Data
Protocol field

 
Now when you ping from the source to destination,

àThe ARP table is checked for the MAC address of the destination , then it sends out an ARP broadcast, even then it is not found

àNow the ARP and IP protocols conclude that the destination is in a different system and start off with the next phase of work.

 àIn Windows machine, the registry is consulted and the default gateway IP address is found.

àNow  a request is sent out with the default gateway IP in the destination field querying for its MAC address. If there is no response then an ARP broadcast is sent. After which the default gateway’s MAC address is learnt.

à The router’s interface which would be the default gateway for the system also stores the MAC address of the source A in its cache. Now the router is aware of the system A’s MAC address and the system A is aware of the Router’s interface (default gateway) MAC address.

 àNow the system A knows where to send the packet next and sends the information to the data link layer and the frame is in the following format.

Destination MAC(default gateway MAC)
Source MAC(system A's MAC address)
FCS(Frame check sequence)-to make sure that the integrity of the packet is not lost
Ether type field(used to find which protocol is encapsulated in the frame, here it is IP)

 

àNow the system passes down to the physical layer and gains entry into the router. This is placed on the wire bit by bit.

àNow the packet gains entry into the router via the default gateway.

àAgain the Data link layer is checked and torn open to take out the IP protocol details.

àThe destination IP would be the system B’s IP and.

àSince the packet has gained entry into the router, the router will have the information of all the hosts in the subnet it lies.

 àNow the ARP cache of the router is checked if the MAC address of the destination IP is available. It would be found or an ARP broadcast is sent and it reaches all the hosts in the subnet.

àThe MAC address that belongs to the IP responds and thus the connectivity from system A to system B is established.
 
àBut this is not the end , the same process is repeated for the return packet as well.

àI think you should now recollect the three types of responses you receive when you ping a machine.  If the connectivity from system A to system B is alone established, think what would be the message you receive,

“Request timed out” is the right answer as you think.
1 comment:
Labels:

What happens while pinging destination on the same subnet


Hello Everyone,

Once I have tried to find this information online before where I couldn’t find what I exactly wanted.

So I have decided to give this information to you in very simple terms with more technical information.

When you type ping  <ip address>,  the IP protocol creates a packet like below

Destination IP
Source IP
Data
Protocol field

 
You must be wondering why is this protocol field here, that’s not a bad question to ask.

The protocol field has the protocol which should be used by the destination to process the packet according to the request. In this case it is ICMP. Ping works on ICMP.

Also the value of the protocol field would be set to 0x followed by a hexadecimal number and this indicates that it is ICMP.

Now the ARP (Address resolution Protocol) starts its job. There will be an ARP table maintained in every system. ARP is nothing but a protocol which helps to look up the MAC address of a given IP.

 
Since both the source and destination are in the same subnet i.e. there is no layer 3 device that comes in between to do the routing, the ARP checks its cache to lookup the MAC address of the IP mentioned in the destination field. If it is not in the cache, then an ARP broadcast is sent out (ff:ff:ff:ff:ff:ff)

 
It would be either found in the ARP table or by the broadcast, the recipient replies the MAC address and the ARP table gets populated and the packet gets delivered to the destination.

A basic question here, how does the system differentiate if the destination lies in the same subnet or a different one.

If subnet mask is your answer, then you are absolutely right.
No comments:
Labels:

Basic analysis and troubleshooting internet with PING operation



Nowadays we can’t imagine the impact when your Internet browser says “Internet Explorer cannot display the webpage”

So it is always good to know the basic troubleshooting to identify the problem and resolve it.

When you are ready for troubleshooting then you should know the command “PING”

What is Ping ?

Ping has become very usual and there cannot be many people who do not know the meaning of this wonder word.

PING- stands for Packet Internet Gopher

You want to check if there is connectivity to some destination. Ping makes your job very simple.

All you have to do is

Open up command prompt in case of windows or the “terminal” incase of Mac and type

Ping  89.69.69.6( the IP you want to )

Tada..you get three types of responses

1.       Reply from 89.69.69.6 (Meaning there is reach ability from your machine to the destination)

2.       Destination host unreachable (There are no routes configured for the destination and there is absolutely no connectivity).

3.       Request timed out ( Meaning you are able to reach the destination, but there is an issue with the reverse path i.e. from the destination to your machine and hence the connectivity is not completely established)

So finally when you get a reply we can conclude that it is not a network issue.

Problem could be with your browser, antivirus, virus infection.

Solution could be the below:

1.       Reset your browser

2.       Run scan with your antivirus.

3.       My personal experience is download Malwarebytes and run it.(if it Is affected with  virus)

Now we understood the importance of ping operation.

To make it more interesting and useful for lovers of technology I will explain about ping from same subnet and different in my next blog.

To read more on ping you can refer to Wiki
No comments:
Labels:

Checkpoint mobile for Android configuration in mobile access blade


Mobile access blade is a wonderful feature from checkpoint which can be used for SSL VPN and handheld devices like androids/iPhones.

As we know mobile access blade SSL VPN has a wide variety of features along with security like compliance control etc.

Handheld device support is “bring your office at one touch”

When you use the checkpoint mobile app then initially it requires a site name which could be your VPN terminated IP address.

Then you need to provide a activation key which needs to be provided by the gateway administrator.

How to generate activation key for Androids?

ü  Go to users in smart dashboard.

ü  Right click the user<username> and choose edit

ü  Go to certificates and choose new

ü  Now choose certificates then select registration key.

This registration key will be your activation key for checkpoint mobile

But make sure you enroll it with 14 days or it will expire.

To read more on checkpoint products refer to Checkpoint website
 
No comments:
Subscribe to: Posts (Atom)