Showing posts with label Checkpoint. Show all posts
Showing posts with label Checkpoint. Show all posts

var/log space is full even after clearing the firewall logs in management server (Checkpoint)


If you are a firewall administrator you might have faced this issue in various occasions.

When Smartview monitor shows as var/log full then login to CLI and check with the command df  –k to ensure the space availability.

Usually when the Var/log is full then the few recommended steps are,

  • ü  Remove unwanted backups in the CPbackup
  • ü  Clear the unwanted files for database revision control
  • ü  Remove any hotfix or tgz file uploaded for installation
  • ü  Remove any cpinfo or zdebug logs in the server.


This will be the maximum troubleshooting you could do as per technical documentations available.
But sometimes you will not see any difference in disk space even after clearing them. So what could be the solution here!!

Yes to solve this, first question I would ask you is,

Have you upgraded your firewall recently?

Most of them will reply to “Yes”

If yes then your job is easy. So to the location var/log/opt/cpsuite<olderversion number before upgrade>/fw1

When you check here we will have ton of logs. So clear those and we are good to go.

Now check with smartview monitor and you will have sufficient amount of space available in your checkpoint management server.






1 comment:
Labels:

Checkpoint ebook for beginners - CCSE R75 Session-01


As a beginner I would like you to be clear on few concepts explained below,

I have seen people who have device experience are not good at these concepts. So read carefully.

SVN – Secure virtual Network Architecture:

SVN allows us to configure and manage various components from a common point.  Consider you create a new policy where this SVN helps us to apply it throughout the organization and help to maintain the uniformity.
SVN helps us to maintain the security of four components in your organization like networks, host, users and applications.


Three tier Architecture:

Checkpoint works with three tier architecture and comprises of the below components

Smart Client – With which you create policies
Smart Server – Where the policies are stored
Enforcement Modules – Where the security rules are applied.

With this three tier architecture we keep the administration, management and enforcement as separate entities.

Once we are clear with these we can move on to the session where we you can learn the exact functionalities of the above components.




1 comment:
Labels:

Checkpoint - Introuduction to checkpoint CCSE R75 certification

Checkpoint is the word which can make you feel secured from all kinds of network threats.

Yes, I would proudly say I am a very big fan of checkpoint, who holds its certification and happy to work with that technology.

When you are a network or a windows guy who is more interested in security, then I would strongly recommend checkpoint because they are the leader in security market.

Now every company owns their checkpoint device with latest version of OS running on them.
So I am sure you will get the job easily in security industry if you learn checkpoint. (Because that’s the way I got my job J )

So its good to get your latest checkpoint certification CCSE R75.

When I think about the title of my blog (Make it simple) first thing that strikes my mind is Checkpoint.

Checkpoint brought a revolution in this firewall product like,
ü  Provides a best GUI (anyone can create a firewall rules)
ü  Provides various products like smart monitor, tracker, update etc which could make you complete your task in few minutes.
What is interesting?

Lots of stuff are interesting about checkpoint. But i would like to give you a most exceptional one which is not available with any other products.

Every service provider who manages the infra of any company will have a tool where you create a CR and assign for approval. Firewall rules or any change will be implemented once the CR is approved.

You might be aware of this task if you are into this infra industry. OMG!! It’s really hectic.
Even this was made easy by checkpoint with smart workflow where you create a session and implement once it is approved.
In this post I have just mentioned few points which I like the most with checkpoint but there is lot more.

This post is a kind of introduction to my checkpoint tutorial and advanced troubleshooting which will be presented soon in my upcoming posts.

Guys! Let us start our journey towards CCSE R75.




2 comments:
Labels:

Smart View monitor - Gateway(firewall) object shows as problem

Hello Everyone,

As a checkpoint administrator most of you have seen the problem where the checkpoint Connectra or gateway shows as problem in smart view monitor.

But while we search for solution we will really have hard time.

So why this needs to be resolved at the earliest?

When i faced this problem one my manager used a phrase to define the situation.

“Sleeping with Snake"

 That’s true! Anything may happen any time.

What if the active one goes down?

Will the failover happen properly?

Now I know you understood the seriousness of this issue. Good! So what’s the solution for this?

Troubleshoot - Smartview monitor shows gateway or Connectra problem

As a first step check the physical connectivity and ensure all the cables are connected properly. ( It’s always good to start with basics J)

Then try pushing the policy. (It might get resolved here)

Now get into device command line.

1. Login to the expert mode

2. Type the command cphaprob stat.  You will see output similar to below,

Number     Unique Address            Assigned Load   State

1               <IPaddress of active>         100%            Active
2 (local)   <IPaddress of standby>        0%              Standby

Ok, this is to ensure which Gateway is active now.

 3. Run the command “cphaprob list “

Output should show the built in devices, registered devices and its status.
Device Name: Interface Active Check
Current state: OK
 Usually this might be a problem so we can conclude this is related to the interfaces.

4. Finally run “cphaprob –a if”

We should notice that the two cluster members differed on the number of required interfaces and any of the interface may show “disconnected”


Resolution - Smartview monitor shows gateway or Connectra problem

Ok finally we found the problem it is the interface which shows as disconnected.
1.       Ensure if some cable already connected and which might be missing.
2.      If not then look for a file $FWDIR/conf/discntd.if or create on both the gateways.
3.      Now type the interface name which is not used (interface which is in disconnected state).
4.      Then reboot the cluster members one by one.

Open your smartview monitor now,
Both the cluster members should be in the state “OK”
Verify the ClusterXL state which should be perfectly fine.
Run “cphaprob stat” again. Now you can tell the happy news to your Boss J
No comments:
Labels:
Subscribe to: Posts (Atom)