Tag Archives: Vpn

Comandos Checkpoint

Os comandos na CheckPoint geralmente começam com cp (general), fw (firewall), e fwm (management).

CP, FW & FWM

cphaprob stat List cluster status
cphaprob -a if List status of interfaces
cphaprob syncstat <span “>shows the sync status
cphaprob list Shows a status in list form
cphastart/stop Stops clustering on the specfic node
cp_conf sic SIC stuff
cpconfig config util
cplic print prints the license
cprestart Restarts all Check Point Services
cpstart Starts all Check Point Services
cpstop Stops all Check Point Services
cpstop -fwflag -proc Stops all checkpoint Services but keeps policy active in kernel
cpwd_admin list List checkpoint processes
cplic print Print all the licensing information.
cpstat -f all polsrv Show VPN Policy Server Stats
cpstat Shows the status of the firewall
fw tab -t sam_blocked_ips Block IPS via SmartTracker
fw tab -t connections -s Show connection stats
fw tab -t connections -f Show connections with IP instead of HEX
fw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s Shows VPN stats
fw tab -t userc_users -s Shows VPN stats
fw checklic Check license details
fw ctl get int [global kernel parameter] Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter] [value] Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
fw ctl arp Shows arp table
fw ctl install Install hosts internal interfaces
fw ctl ip_forwarding Control IP forwarding
fw ctl pstat System Resource stats
fw ctl uninstall Uninstall hosts internal interfaces
fw exportlog .o Export current log file to ascii file
fw fetch Fetch security policy and install
fw fetch localhost Installs (on gateway) the last installed policy.
fw hastat Shows Cluster statistics
fw lichosts Display protected hosts
fw log -f Tail the current log file
fw log -s -e Retrieve logs between times
fw logswitch Rotate current log file
fw lslogs Display remote machine log-file list
fw monitor Packet sniffer
fw printlic -p Print current Firewall modules
fw printlic Print current license details
fw putkey Install authenication key onto host
fw stat -l Long stat list, shows which policies are installed
fw stat -s Short stat list, shows which policies are installed
fw unloadlocal Unload policy
fw ver -k Returns version, patch info and Kernal info
fwstart Starts the firewall
fwstop Stop the firewall
fwm lock_admin -v View locked admin accounts
fwm dbexport -f user.txt used to export users , can also use dbimport
fwm_start starts the management processes
fwm -p Print a list of Admin users
fwm -a Adds an Admin
fwm -r Delete an administrator

Provider 1

mdsenv [cma name] Sets the mds environment
mcd Changes your directory to that of the environment.
mds_setup To setup MDS Servers
mdsconfig Alternative to cpconfig for MDS servers
mdsstat To see the processes status
mdsstart_customer [cma name] To start cma
mdsstop_customer [cma name] To stop cma
cma_migrate To migrate an Smart center server to CMA
cmamigrate_assist If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server

VPN

vpn tu VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏ Verifies the ipassignment.conf file
dtps lic show desktop policy license status
cpstat -f all polsrv show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip] delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip] delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA
vpn shell show interface detailed [VTI name] show VTI detail

Debugging

fw ctl zdebug drop shows dropped packets in realtime / gives reason for drop

SPLAT Only

router Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backup Allows you to preform a system operating system backup
restore Allows you to restore your backup
snapshot Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.

VSX

vsx get [vsys name/id] get the current context
vsx set [vsys name/id] set your context
fw -vs [vsys id] getifs show the interfaces for a virtual device
fw vsx stat -l shows a list of the virtual devices and installed policies
fw vsx stat -v shows a list of the virtual devices and installed policies (verbose)
reset_gw resets the gateway, clearing all previous virtual devices and settings.

Training Configuring ASA and PIX Security Appliances

Formação sobre Como Configurar as Appliances Cisco ASA/PIX

Migrating from PIX Security Appliance

Migrating from PIX 500 to ASA 5500  Launch module

Firewall Services

Utilizing the Packet Tracer Feature on the Cisco ASA  Launch module

Simplifying Access Control Policies on PIX 500 and ASA 5500 Launch module

IPS Services

Intrusion Prevention Services in ASA 5500  Launch module

VPN Services

Configuring The Easy VPN Hardware Client feature on the Cisco ASA 5505 Launch module

Configuring the L2TP/IPSEC feature on the Cisco ASA Launch module

Using Cisco ASA 5500 Series SSL VPN for Clientless Access (WebVPN) Launch module

Using Cisco Secure Desktop to Provide Endpoint Security for SSL VPN Launch module

SSL VPN Client Access on ASA 5500 Launch module

Using Citrix™ with SSL VPN Clientless Access on ASA 5500 Launch module

VPN Clustering for ASA 5500 Launch module

Anti-X Services

Cisco ASA 5500 Series Content Security and Control SSM (CSC-SSM): Installation, Setup and Activation Launch module

Configuring the ASA 5500 Series with the CSC-SSM Launch module

Monitoring the ASA 5500 Series CSC-SSM Launch module

Configuring the Base License Features of the CSC-SSM in the ASA 5500 Series Launch module

Configuring the Plus License Features of the CSC-SSM in the ASA 5500 Series  Launch module

Policies

Modular Policy Framework on PIX 500 and ASA 5500 Launch module

High Availability

Active/Active Failover for ASA 5500 Launch module

Active/Standby Failover for ASA 5500 Launch module

Voice Services

Securing VoIP applications using the enhanced features of the Cisco ASA Launch module

Basic Features Services

Configuring Basic Features on the Cisco ASA 5505 Launch module

Cisco VPN Client Anyconnect Windows Linux Mac 32_64bits

Por vezes torna-se difícil obter as versões do VPN Client da Cisco, deixo-vos o link onde são disponibilizadas as seguintes versões:

VPN client 5.0.06.0160 Windows 2000/XP/Vista
vpnclient-win-msi-5.0.06.0160-k9.exe
VPN client 4.8 for Windows 98/Me
vpnclient-win-is-4.8.00.0440-k9.exe
VPN client 4.9 Mac (Mac OS 10.4.* and 10.5)
vpnclient-darwin-4.9.01.0080-universal-k9-5-10.dmg
VPN client 4.8.00.0490 for Mac (< mac 10.4 )
vpnclient-darwin-4.8.00.0490-GUI-k9-5-10.dmg
VPN client 4.8.00.0490 for Linux
vpnclient-linux-x86_64-4.8.00.0490-k9.tar.gz
AnyConnect (32 bit) client 2.5 Linux
anyconnect-linux-2.5.0217-k9.tar.gz
AnyConnect (64 bit) client 2.5 Linux
anyconnect-Linux_64-2.5.0217-k9.tar.gz

http://www.4shared.com/folder/RSMWutlZ/Cisco.html

TFTP Backup ASA sobre Túnel VPN

Tudo o que envolve VPN´s LAN-2-LAN tem sempre água no bico. Neste caso a tarefa é efectuar backup da configuração de um Cisco ASA por dentro do túnel em que este é um dos extremos.

Neste exemplo a interface de Origem terá que ser a de LAN inside.

CiscoASA#conf t
CiscoASA(config)#tftp-server inside [ip-servidor-destino] /[nome-ficheiro]
CiscoASA#write tftp