CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 6 of 6

Thread: CCSM - Topic 1 - Troubleshooting security problems

  1. #1
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default CCSM - Topic 1 - Troubleshooting security problems

    This article, is the first out of 13 articles that i'm writing to achieve the CCSM(Check Point Certified Security Master) certification!
    Letsgo!!!
    CCSM Certification - Topic 1 - Troubleshooting security problems.

    https://sqlinjection.com.br/check-po...ty-problems-2/

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    955
    Rep Power
    12

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    Quote Originally Posted by varera View Post
    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.
    Hey varera, thank you so much for replying and correcting those problematic statements. I'll update the post as soon as possible! :)
    Ill update and send those updates here!

    Again, thank you so much! :)

  4. #4
    Join Date
    2017-03-07
    Location
    Brazil
    Posts
    6
    Rep Power
    0

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    Quote Originally Posted by varera View Post
    here are some notes, problematic statements are highlighted:

    1.
    Q: What type of information the command fw monitor -p all displays?
    A: fw monitor -p all is used to capture everything in all Check Point kernel chains

    Comment: "capture everything" is a very ambiguous term. The command printouts network packet in all positions of fw kernel chains.

    2.
    Q: What command lists the firewall kernel modules on a Security Gateway?
    A: The command fw ctl debug -m will show a large output with all modules available in the installed version.

    Comment: should be "kernel debug modules". Also the command prints out not only modules but , most importantly, all debugging options available per module. To see all currently enabled options per module use "fw ctl debug" command. To see all enabled options for a particular module only, use "fw ctl -m <<module dame>> command.

    3.
    Statement: So, the basic command is: fw ctl debug -m <<module>> all
    Comment: this command will raise all debugging options for the module in question. This is hardly basic at all.

    4.
    Q: The fastest way to troubleshoot silent drops, i.e. donít see any drops in the logs?
    A: As seen in sk100808, you can use the fw ctl zdebug + <flags> and the most common flag is drop.
    Comment: Yes, you can, but the issue here is a small buffer. In a production situation you could miss what you are looking for. Just saying.

    Hey Valeri, just updated the post! Gave you the credits! :)

    Thank you so much! :)

  5. #5
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    955
    Rep Power
    12

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    happy to help
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  6. #6
    Join Date
    2017-05-19
    Location
    NZ
    Posts
    1
    Rep Power
    0

    Default Re: CCSM - Topic 1 - Troubleshooting security problems

    Quote Originally Posted by alberthfmn View Post
    This article, is the first out of 13 articles that i'm writing to achieve the CCSM(Check Point Certified Security Master) certification!
    Letsgo!!!
    CCSM Certification - Topic 1 - Troubleshooting security problems.

    https://sqlinjection.com.br/check-po...ty-problems-2/


    Hey Mate Link is broken but was very good explanations with SK's Thanks to you and Val for clarifying

Similar Threads

  1. CCSM R77
    By nirsh in forum CCSM (Check Point Certified Security Master)
    Replies: 24
    Last Post: 2016-02-29, 22:19
  2. Problems using SecureClient/Endpoint Security when CPT gateway is behind NAT device
    By oliver99 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 1
    Last Post: 2015-04-24, 12:27
  3. Replies: 3
    Last Post: 2013-07-01, 10:41
  4. Replies: 12
    Last Post: 2009-09-24, 14:52
  5. This New Off-Topic Forum
    By Barry J. Stiefel in forum Off-Topic
    Replies: 0
    Last Post: 2006-10-10, 19:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •