CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of Check Point.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 5 of 5

Thread: CCSM - Topic 1 - Troubleshooting security problems

  1. #1
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default CCSM - Topic 1 - Troubleshooting security problems

    This article, is the first out of 13 articles that i'm writing to achieve the CCSM(Check Point Certified Security Master) certification!
    Letsgo!!!
    CCSM Certification - Topic 1 - Troubleshooting security problems.

    https://sqlinjection.com.br/check-po...ty-problems-2/

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    844
    Rep Power
    12

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    Quote Originally Posted by varera View Post
    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.
    Hey varera, thank you so much for replying and correcting those problematic statements. I'll update the post as soon as possible! :)
    Ill update and send those updates here!

    Again, thank you so much! :)

  4. #4
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    Quote Originally Posted by varera View Post
    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.

    Hey Valeri, just updated the post! Gave you the credits! :)

    Thank you so much! :)

  5. #5
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    844
    Rep Power
    12

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    happy to help
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

Similar Threads

  1. CCSM R77
    By nirsh in forum CCSM (Check Point Certified Security Master)
    Replies: 24
    Last Post: 2016-02-29, 22:19
  2. Problems using SecureClient/Endpoint Security when CPT gateway is behind NAT device
    By oliver99 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2015-04-24, 12:27
  3. Replies: 3
    Last Post: 2013-07-01, 10:41
  4. Replies: 12
    Last Post: 2009-09-24, 14:52
  5. This New Off-Topic Forum
    By Barry J. Stiefel in forum Off-Topic
    Replies: 0
    Last Post: 2006-10-10, 19:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •