Thursday, January 6, 2011

How to install CPinfo on Splat O/S

· Run the following commands from the directory where you put the downloaded file :

  1. Put the downloaded package to the same directory (e.g., root - /cpinfo_X.tgz)

  1. Uninstall the current package:
    rpm -e CPinfo-10-00

  1. Uncompress the downloaded cpinfo package:
    gunzip cpinfo_X.tgz

  1. Untar the cpinfo tar-ball
    tar -xvf cpinfo_X.tar

  1. Install the cpinfo utility package:
    rpm -ivh CPinfo-10-00.i386.rpm
    Also you can use the     rpm -Uvh --force CPinfo-10-00.i386.rpm command.

  1. Verify that the cpinfo utility was installed by running the rpm -qa | grep CP command.
    Look for the     CPinfo-10-00 package.

  1. Check the build number of CPinfo utility:
    cpvinfo /opt/CPinfo-10/bin/cpinfo

    Look for the Build Number, it is supposed to be     9110000xx

    Note:
    If for some reason the     CPinfo-10-00 package does not appear in the output of the rpm -qa | grep CP command, try
    1. to rebuild the rpm database by running rpm -v --rebuilddb
    2. logout from the shell and log in.
    3. reboot the machine.

· Create the cpinfo output file with the command:
cpinfo -n -z -o /var/log/hostname.cpinfo

Posted by at
Labels:

Online partition resizing on UTM-1 appliances

Under SPLAT with 2.4 linux kernel (NGX R65) you had to follow a slightly complicated procedure to resize the partitions and the filesystems on an UTM-1 appliance.

Now the R7x releases bring us the 2.6 kernel with lots of improvements. A very nice one it the ability to resize (meaning increase!) the partitions and filesystems online, without the need of unmounting them.

[Expert@test]# lvresize -L +12GB vg_splat/lv_current
Extending logical volume lv_current to 12.00 GB
Logical volume lv_current successfully resized

[Expert@test]# resize2fs /dev/mapper/vg_splat-lv_current
resize2fs 1.39 (29-May-2006)
Filesystem at /dev/mapper/vg_splat-lv_current is mounted on /; on-line resizing required
Performing an on-line resize of /dev/mapper/vg_splat-lv_current to 3145728 (4k) blocks.
The filesystem on /dev/mapper/vg_splat-lv_current is now 3145728 blocks long.

Please note: this can only be done while increasing the filesystems. Reducing the filesystems requires them to be unmounted!

Posted by at
Labels:

Wednesday, January 5, 2011

VPN between Check Point Security Gateway and Cisco Pix fails: "No valid SA"

To resolve this issue proceed as follows:

  1. At the Cisco end, check the Crypto Map settings. Find out from the ACLs if there is a host based VPN setup or a network based VPN setup.

  2. On SmartDashboard, edit the Cisco Interoperable Device object defined on SmartDashboard. Select 'Network Objects > Others > Interoperable Device > VPN > Advanced'. Uncheck 'Support key exchange for subnets'.

    Note: For NGX, select 'Network Objects > Interoperable Device > VPN > Advanced'. Under VPN Tunnel Sharing, select Custom Settings and specify "One VPN tunnel per each pair of hosts".


  3. After completing this procedure, initiate traffic from the source PC. You should be able to see an encrypt in SmartView Tracker.
Posted by at
Labels:

The steps to read the old logs which are taken as a backup

1) Copy the old .log file & associated .ptr files to a safe location from the backup server & notedown the path of the .log file.
2) Open the fw.log file from the %FWDIR%/log file to know the current location of the logs & Save the file in a safe location.
4) Open the old .log file path into the fw.log under %FWDIR%/log & save the changes.
5) Now open the SmartViewTracker & we can observe the old logs are logged.
6) Open the File menu from the SmartViewTracker & export the logs to the safe location & save it.

Now you can see the .log in to the readable format.
After exporting all the logs,revert the current log location into the fw.log file & save it.

1)Please follow these steps,before deleting the Firewall Logs from the Management Server.

a) Take the backup of the $FWDIR/log file and delete old logs and associated .prt files.

b) These files also can be deleted from the logs.
1) cpinfo files
2) backup files
3) .logaccount_ptr
4) .loginitial_ptr
5) .logptr
6) .log

Posted by at
Labels:

How to read a Check Point log file in its native format.

Occasionally, a Check Point VPN-1 log file will be transferred from one system to another, usually for the purposes of troubleshooting. These native log files cannot be open using NotePad or Wordpad. Here is how to extract the file into readable format:



First, you will need to transfer this file to the $FWDIR/log directory.


This will create the associated pointer files:

.log

.logLuuidDB

.logaccount_ptr

.loginitial_ptr

.logptr

Then you can either read the log natively:

fw log

Posted by at
Labels:
Subscribe to: Posts (Atom)