Thursday, February 23, 2012

Checkpoint - Smart View Monitor - Cashed Info

Sometimes SmartView Monitor gets confused and it displaying wrong (cached) information.

To clear this up you do the following:

- issue cpstop on the Security Management server
- delete $FWDIR/conf/applications.C,
$FWDIR/conf/applications.C.backup,
$FWDIR/conf/CPMILinksMgr.db
and $FWDIR/conf/CPMILinksMgr.db.private
- issue cpstart
- install policy again
- open SmartView Monitor again
Posted by at No comments:
Labels:

Checkpoint : Mount USB Memory Stick / Pen Drive to Splat

Ever wanted to use an USB stick on OpenServer using SPLAT or an appliance?

Just connect the device to an USB port of your choice.

1. Load the appropriate kernel module for handling the USB device
modprobe usb-storage

2. Check which new device was bound, for example /dev/sda1
fdisk -l

3. Create a mount point
mkdir /mnt/usbdisk

4. Mount USB device
mount /dev/sdb1 /mnt/usbdisk

5. Use the device to transfer data as you like

6. Unmount USB device
umount /mnt/usbdisk
Posted by at No comments:
Labels:

Friday, February 10, 2012

How to exclude or include files in the SecurePlatform Backup utility



You can see all the backup schemes in the /var/CPbackup/schemes directory on the SecurePlatform machine.

The following schemes are listed:

Scheme Name Description

cvpn.cpbak

Connectra module

dtps.cpbak

Desktop Policy server (SecureClient)

fg1.cpbak

Floodgate

fw1.cpbak

Firewall

fw1logs.cpbak

Firewall logs

gated.cpbak

gated

ppak.cpbak

Performance Pack

rt.cpbak

Eventia Reporter

rtm.cpbak

SmartView Monitor

snapshot.cpbak

Snapshot utility

svn.cpbak

CPDIR

system_configuration.cpbak

System configuration

uag.cpbak

User authentication



To include files in the SecurePlatform Backup utility:

  1. Access one of the desired schemes (e.g. fw1.cpbak) via a text editor.
  2. Search for the line .
  3. Add the desired files. Please note that the path must be specified between the tags and .


To exclude files in the SecurePlatform Backup utility:

  1. Access one of the desired schemes (e.g. fw1.cpbak) via a text editor.
  2. Search for the line .
  3. Specify the files that you do not want to backup. Please note that the path must be specified between the tags and .


Note: You can use "*" to include all files in a specific directory, for example, /var/opt/CPsuite-R65/fw1/conf/*.

Posted by at No comments:
Labels:

Wednesday, February 8, 2012

Checkpoint - SNMP Monitoring - OID

When you have configured SNMP and Check Point SNMP Extensions on your systems, you can start with system monitoring.

For Nagios we have some plugins available and other vendors also have pre-installed checks for Check Point equipment build into their products.

If you don’t want to use extra plugins you may use the check_snmp plugin command that is delivered with Nagios.

SVN Status
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1" -o 1.3.6.1.4.1.2620.1.6.102.0 -s "\"OK\"" -l "SVN Status"

Security Gateway Policy Status
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.1.1.0 -s "\"Installed\"" -l "Security Gateway Policy Status"

Security Gateway High Availability Status
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.5.102.0 -s "\"OK\"" -l "Security Gateway High Availability Status"

Security Gateway High Availability Modus
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.5.6.0 -s "\"active\"" -l "Security Gateway High Availability Modus"

Security Gateway High Availability Modus
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.5.6.0 -s "\"passive\"" -l "Security Gateway High Availability Modus"

Security Management Status
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.7.102.0 -s "\"OK\"" -l "Security Management Status"

Security Management Modus
/usr/lib/nagios/plugins/check_snmp -H $HOSTADDRESS$ -C $ARG1$ -o 1.3.6.1.4.1.2620.1.7.5.0 -s "\"active\"" -l "Security Management Modus"

If your monitoring system is using just simple SNMP queries, here are some OIDs to check for.

SVN Status – to be checked on every system

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.6.102.0
SNMPv2-SMI::enterprises.2620.1.6.102.0 = STRING: "OK"
SNMPv2-SMI::enterprises.2620.1.6.102.0 = STRING: "Problem"

Security Gateway Policy Status

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.1.1.0
SNMPv2-SMI::enterprises.2620.1.1.1.0 = STRING: "Installed"

Security Gateway HA Status

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.5.102.0
SNMPv2-SMI::enterprises.2620.1.5.102.0 = STRING: "OK"

Security Gateway High Availability Mode

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.5.6.0
SNMPv2-SMI::enterprises.2620.1.5.6.0 = STRING: "active"
SNMPv2-SMI::enterprises.2620.1.5.6.0 = STRING: "standby"

Security Management Status

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.7.102.0
SNMPv2-SMI::enterprises.2620.1.7.102.0 = STRING: "OK"
SNMPv2-SMI::enterprises.2620.1.7.102.0 = STRING: "Problem"

Security Management Mode

snmpget.exe -v 2c -c public 10.10.10.10 1.3.6.1.4.1.2620.1.7.5.0
SNMPv2-SMI::enterprises.2620.1.7.5.0 = STRING: "active"

Tobias Lachmann
Posted by at No comments:
Labels: