Pull interface changes done on gateway to manager GAIA

If you change IP address on interface or if you add new sub interface you need to pull  the changes on GAIA manager. To do that you can do following:

Go to manager and edit the gateway. Double click on the gateway following will get open. Click on Get and select either interfaces, Interfaces with topology as per requirement.

pull-interfaces-1

If you select interface with topology following warning will occur.

pull-interfaces-2

If you select interface you will not get any warning and you will get following window click on accept. In case of interface with topology you will get following option after clicking ok on warning message:

pull-interfaces-3

 

Advertisements
Posted in Check Point | Leave a comment

Routing and NAT in Ubuntu

Check if routing between interface is enabled or not with following command:

sysctl net.ipv4.ip_forward

Output should be as:

net.ipv4.ip_forward = 1

If output is not like this then use following command:

sysctl net.ipv4.ip_forward=1

Save changes:

sysctl -p /etc/sysctl.conf

Do the NAT as follows:

sudo iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE
sudo iptables -A FORWARD -i ens33 -o ens38 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i ens38 -o ens33 -j ACCEPT

ens33 is internet facing interface
ens38 is LAN facing interface

Posted in Linux | Tagged , | Leave a comment

Initialized/Reset SIC in checkpoint GAIA

Gateway talks to manager on TCP 18191 (security policy) TCP 18192 (application monitoring).

Gateway sends logs to manager on TCP 257. Smartdash board uses TCP 18190 to communicate to manager.

How to initialize SIC?

To initialized SIC you need to run cpconfig command on Gateway and on manager you need to add the gateway:

gateway-1> cpconfig
This program will let you re-configure 
your Check Point products configuration.

Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable cluster membership for this gateway
(7) Disable Check Point SecureXL
(8) Automatic start of Check Point Products
(9) Exit

Enter your choice (1-9) :5

Configuring Secure Internal Communication...
============================================
The Secure Internal Communication is used for authentication between
Check Point components
Trust State: Initialized but Trust was not established

Would you like to change the Activation Key? (y/n) [n] ? y
Note: This operation will stop all Check Point Services (cpstop).
Are you sure you want to continue? (y/n) [n] ? y
Enter Activation Key:
Retype Activation Key:
initial_module:
Compiled OK.
initial_module:
Compiled OK.

Hardening OS Security: Initial policy will be applied
until the first policy is installed
The Secure Internal Communication was successfully initialized

Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Enable cluster membership for this gateway
(7) Disable Check Point SecureXL
(8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :9

Thank You...
Mobile Access: Stopping MoveFileDemuxer service (if needed)
Mobile Access: MoveFileDemuxer is not running
Portal stopped
cMobile Access: Successfully stopped Mobile Access services
Stopping SmartView Monitor daemon ...
SmartView Monitor daemon is not running
Stopping SmartView Monitor kernel ...
Driver 0 is already down
SmartView Monitor kernel stopped
rtmstop: SmartView Monitor kernel is not loaded
FloodGate-1 is already stopped.
VPN-1/FW-1 stopped
Multi portal stopped
SVN Foundation: cpd stopped
SVN Foundation: multiportal daemon stopped
SVN Foundation: cpWatchDog stopped
SVN Foundation stopped
cpstart: Power-Up self tests passed successfully

cpstart: Starting product - SVN Foundation

SVN Foundation: Starting cpWatchDog
SVN Foundation: Starting cpd
Multiportal daemon: starting mpdaemon
SVN Foundation started

cpstart: Starting product - VPN-1

FireWall-1: starting external VPN module -- OK
FireWall-1: Starting fwd

SecureXL will be started after a policy is loaded.
FireWall-1: Fetching policy

Installing Security Policy InitialPolicy on all.all@gateway-1
Fetching Security Policy from localhost succeeded
Failed to read database.
Probably module was never installed
Failed to fetch policy from masters in masters file
Installing Threat Prevention policy from -n
Failed to read database.
Probably module was never installed
Fetching Threat Prevention policy failed
AntiMalware was not started
FireWall-1: enabling bridge forwarding
FireWall-1 started
cpstart: Starting product - FloodGate-1
FloodGate-1 is disabled. If you wish to start the service, please run 'etmstart enable'.

cpstart: Starting product - SmartView Monitor
SmartView Monitor: Not active
cpstart: Starting product - Mobile Access

Mobile Access service is disabled.
If you wish to start Mobile Access, please enable the Mobile Access blade in the SmartDashboard and configure the Mobile Access policy.
cpridstop: cprid watchdog stopped
cpridstop: cprid stopped
cpridstart: Starting cprid
[1] 8208
gateway-1>

On checkpoint manager you need to do following:

Step 1> Go to network objects and right click on Checkpoint folder and select Security Gateway/Managementcp-manager-sic-1

Step 2> Give name of gateway and IP address of gateway. Click on Communication.cp-manager-sic-2

Step 3> Give the activation key which you gave on CLI and click initialze.

cp-manager-sic-3

Note certificate state is showing as Trust establish.

cp-manager-sic-4cp-manager-sic-5

To check the SIC status run cp_conf sic state command:

gateway-1> cp_conf sic state
Trust State: Trust established
gateway-1>

 

================================================================================

How to reset SIC?

To reset SIC run cpconfig command follow following steps.

gateway-1> cpconfig
 This program will let you re-configure
 your Check Point products configuration.

Configuration Options:
 ----------------------
 (1) Licenses and contracts
 (2) SNMP Extension
 (3) PKCS#11 Token
 (4) Random Pool
 (5) Secure Internal Communication
 (6) Enable cluster membership for this gateway
 (7) Disable Check Point SecureXL
 (8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :5

Configuring Secure Internal Communication...
 ============================================
 The Secure Internal Communication is used for authentication between
 Check Point components

Trust State: Trust established

Would you like re-initialize communication? (y/n) [n] ? y

Note: The Secure Internal Communication will be reset now,
 and all Check Point Services will be stopped (cpstop).
 No communication will be possible until you reset and
 re-initialize the communication properly!
 Are you sure? (y/n) [n] ? y
 Enter Activation Key:
 Retype Activation Key:
 initial_module:
 Compiled OK.
 initial_module:
 Compiled OK.

Hardening OS Security: Initial policy will be applied
 until the first policy is installed

The Secure Internal Communication was successfully initialized

Configuration Options:
 ----------------------
 (1) Licenses and contracts
 (2) SNMP Extension
 (3) PKCS#11 Token
 (4) Random Pool
 (5) Secure Internal Communication
 (6) Enable cluster membership for this gateway
 (7) Disable Check Point SecureXL
 (8) Automatic start of Check Point Products

(9) Exit

Enter your choice (1-9) :9

Thank You...
 Mobile Access: Stopping MoveFileDemuxer service (if needed)
 Mobile Access: MoveFileDemuxer is not running
 Portal stopped
 Mobile Access: Successfully stopped Mobile Access services
 Stopping SmartView Monitor daemon ...
 SmartView Monitor daemon is not running
 Stopping SmartView Monitor kernel ...
 Driver 0 is already down
 SmartView Monitor kernel stopped
 rtmstop: SmartView Monitor kernel is not loaded
 FloodGate-1 is already stopped.
 VPN-1/FW-1 stopped
 Multi portal stopped
 SVN Foundation: cpd stopped
 SVN Foundation: multiportal daemon stopped
 SVN Foundation: cpWatchDog stopped
 SVN Foundation stopped
 cpstart: Power-Up self tests passed successfully
cpstart: Starting product - SVN Foundation
SVN Foundation: Starting cpWatchDog
 SVN Foundation: Starting cpd
 Multiportal daemon: starting mpdaemon
 SVN Foundation started
cpstart: Starting product - VPN-1
FireWall-1: starting external VPN module -- OK
 FireWall-1: Starting fwd
SecureXL will be started after a policy is loaded.
 FireWall-1: Fetching policy

Installing Security Policy InitialPolicy on all.all@gateway-1
 Fetching Security Policy from localhost succeeded
 Failed to read database.
 Probably module was never installed
 Failed to fetch policy from masters in masters file
 Installing Threat Prevention policy from -n
 Failed to read database.
 Probably module was never installed
 Fetching Threat Prevention policy failed
 AntiMalware was not started
 FireWall-1: enabling bridge forwarding
 FireWall-1 started

cpstart: Starting product - FloodGate-1
FloodGate-1 is disabled. If you wish to start the service, please run 'etmstart enable'.
cpstart: Starting product - SmartView Monitor
SmartView Monitor: Not active
cpstart: Starting product - Mobile Access

Mobile Access service is disabled.
 If you wish to start Mobile Access, please enable the Mobile Access blade in the SmartDashboard and configure the Mobile Access policy.
 cpridstop: cprid watchdog stopped
 cpridstop: cprid stopped
 cpridstart: Starting cprid
 [1] 9354
 gateway-1>

On manager edit the gateway and click on Communication and then click on rest:

cp-manager-sic-reset-1

Give the activation key and click on initialize.

cp-manager-sic-3

cp-manager-sic-4

Posted in Check Point | Tagged , | Leave a comment

C Basic

Pre processor directive: Following line can be used to call pre processor directive in a program.

#include <>

Data type in c:

Data Type                 Memory in bytes     Format specifier 
short int                      2                     %hd
unsigned short int             2                     %hu         
unsigned int                   4                     %u          
int                            4                     %d          
long int                       4                     %ld         
unsigned long int              4                     %lu         
long long int                  8                     %lld        
unsigned long long int         8                     %%lld       
signed char                    1                     %c          
unsigned char                  1                     %c          
float                          4                     %f
double                         8                     %lf
long double                    12                    %Lf

Declaring and initializing variable:

int i=10;
float f;
f=1.1

Get input from user:

int i;
scanf("%d",&i);

& is called address of operator.

ASCII value of characters: You can print ASCII value characters as follows

char c='p';
int z;
//If you assign char c to z the it will assign ASCII value of char to z.
printf("\n ASCII value of above char is %d",z=c);

ASCII value of capital letters start from 65 to 90 (A is 65 and Z is 090)
ASCII value of small letters start from 97 to 122 (a is 97 and z is 122)

If statement:

A non zero value is considered as true in C.

if (x>=5 && x<=10)
// this statement says that if x is greater then 5 and x is less then 10 then execute the following statement.
{
Do something
}

NOT operator in if condition:

int z=0;
if (!z)
//This statement says that if opposite of z is true then execute print statement.
// opposite of 0 is 1 so print statement will be executed.
printf("value is true if is executed");

Conditional operator:

Syntax is expression 1 ? expression 2 : expression 3

 int z=0;
 int x;
x=(z>0?2:5);
//this example says if z is greater then 2 then assign 2 to x otherwise assign 5 to x.

Post increment operator:

i++<10 // this line compare i first and then increment the value of i

Pre increment operator:

++i<10 // this line increment the value of i and then compare it.

Break and Continue:

break statement in a loop exit the loop completely while continue statement move to next iteration.

Switch case:

Switch case execute all statement after the first match. You can use break in case statement if you want to execute only one case statement.

int i = 2 ;
switch ( i )
{
case 1 :
printf ( "I am in case 1 \n" ) ;
case 2 :
printf ( "I am in case 2 \n" ) ;
case 3 :
printf ( "I am in case 3 \n" ) ;
default :
printf ( "I am in default \n" ) ;
}
}
The output of this program would be:
I am in case 2
I am in case 3
I am in default

 

Posted in C | Leave a comment

SSL/TLS

To test about website certificate, cipher suites, TLS version we can use website: https://www.ssllabs.com

Posted in SSL/TLS | Leave a comment

HTTP 1.1 (Hypertext Transfer Protocol)

HTTP is a stateless protocol.

HTTP request have following components:

1>Method
2>Path
3>Version: Version format is major.minor
4> Headers

Example: Following screenshot have method as get, path as “http://www.purple.com&#8221; version as HTTP/1.1

Request line

HTTP response have following component:

1>Version
2> Status code
3> Status messages
4> Headers

Response line

=========================================================================

HTTP get Method: HTTP get request can be used for task which can be repeated with any issue.

If you are transferring money from bank account you don’t want to repeat that task again without you permission so get request will not be useful here.

Get request can only send data as a query string or as cookie.

2017-10-10_22h32_21

Request line:

Request line

Response line:

Response line

=========================================================================

User agent header:

Syntax of the user agent header is as follows:

User-Agent:  /

Mozilla firefox user-agent header string:

User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0\r\n

IE user-agent header string:

Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; MASPJS)

Chrome user-agent header string:

Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

Example:

User-Agent header

In comment section the third value is platform token. Platform token identifies the operating system used to make request.

+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 6.3     | Windows 8.1                                                |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 6.2     | Windows 8                                                  |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 6.1     | Windows 7                                                  |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 6.0     | Windows Vista                                              |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 5.2     | Windows Server 2003; Windows XP x64 Edition                |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 5.1     | Windows XP                                                 |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 5.01    | Windows 2000, Service Pack 1 (SP1)                         |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 5.0     | Windows 2000                                               |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows NT 4.0     | Microsoft Windows NT 4.0                                   |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows 98;        | Win 9x 4.90 Windows Millennium Edition (Windows Me)        |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows 98         | Windows 98                                                 |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows 95         | Windows 95                                                 |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
| Windows CE         | Windows CE                                                 |
+-+-+-+-+-+-+-+-+-+-+|+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

=========================================================================

HTTP status codes:

1XX informational

2XX Successful

3XX Redirectional

4XX Client error

5XX Server Error

=========================================================================

Cookie:

A server can send a cookie on receiving a HTTP request from client. Cookie are sent with the help of set-cookie header response.

Set-Cookie: PHPSESSID=o1la7goghoi4r5jqj7lceft4q2; expires=Thu, 21-Oct-2027 07:09:03 GMT; Max-Age=316360000; path=/; domain=.gaana.com

Domain attribute: Domain attribute specifies to which domain the cookie will be sent

Path attribute:  Cookie will be sent to only specific paths.

=========================================================================

Caching:

Content received from server can be stored locally so that upon next request of that content the data is retrieved from cache.

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Expires header:

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Last modified header:

Last-Modified: Wed, 11 Oct 2017 17:34:12 GMT\r\n

Accept encoding header:

With the help of this header client tells to server that it can understand these encoding

Accept-Encoding: gzip, deflate\r\n

Content-encoding header: With the help of this header server tells to client which compression algo it used to compress the content.

Content-Encoding: gzip
Posted in http | Leave a comment

Export configuration from firewall in maintenance mode palo alto networks

If you don’t know the password or if there is some issue with the firewall you can try to export the configuration of the firewall from firewall in maintenance mode.

To enter into main mode there are two way:

a> Run following command “debug system maintenance-mode”

go-to-maint-mode1

b> reboot the firewall and when following prompt is shown then type “maint”

go-to-maint-mode2

Once you are in maintenance mode then you can select the option of exporting the logs along with logs firewall config will be exported.

 

Posted in paloalto networks | Leave a comment