Blog Archives

Checkpoint command line

IPSO commands

newimage Installs IPSO OS from the local machine
newpkg -m localhost Check Point package Install
ipsctl -a displays all of the IPSO Settings and Values
ipsctl -a ifphys:eth-s5p1:errors|more display errors on eth-s5p1
ipsctl -w net:ip:tcp:default_mss 1460 Change MSS to 1460
netstat 1 shows network stats every second
ipsofwd list displays ipso properties (flowpath, etc)
ipsofwd slowpath turns off flows (flowpath turns back on)
fsck -fyb 32 check the file system on a flash based nokia (KB 1355433)


printenv print environment variables
install install an image across the network
boot boot  an image

clish commands

show useful-stats Shows Disk, VRRP, RAM summary
show package all List all packages
show package active List active packages
show package inactive List inactive packages
show images Show installed images
show image current Show current image
delete image [name] Delete image
set hostname testbox Set Hostname
set date timezone-city “Greenwich (GMT)” Set Timezone
set static-route default nexthop gateway address priority 1 on Set default gateway
set static-route nexthop gateway address on Add static routes
hostname testbox Set hostname
set package name name [on | off] Set package name
add arpproxy address macaddress 0:a0:1b:3e:33:f1 Add Proxy arp
add ntp server version 3 prefer yes Add an NTP server
add package media local name [opt/packages/IPSO-3.9.tgz] Add package
add host name testbox ipv4 Set hostname assignment

Discovering any more???

After the Friday’s meeting I think that I should keep studing any more about Juniper too. It is not only Checkpoint. The thing is, should I get enough experience to start or just be familiar, play a bit and then, it is just time. I mean, once you have studied a bit and then, if you see every day those new technologies, I think that in a couple of months I could play with it. Of course, I need a good start. Good teacher and good material. Just read about it, it is not enough. What’s the best? A good course or a good teacher? A good course with a good teacher. 🙂
I hope in this coming weeks I will start with “something”. Whatever!

Discovering Checkpoint

I’ve started in my new role few days ago and I am excited with this job. That’s the job that I was looking for and finally I got it! 🙂 At the moment I am rewieving some documentation about Checkpoint firewalls. I’ve registered in the checkpoint website to download a checkpoint iso and play arround. I guess that my new challenge is get the CCSA(Checkpoint Certified Security Administrator). At the moment, I only been watching some videos and playing with the VM(Virtual Machine).
The lab is as follow:
1 Check_Point_VPN-1_R65_VE Virtual Machine with 4 virtual adapters
2 Windows 2008 server with Smartcenter, SmartView Monitor and SmartView Tracker installed on it. It is a bit limitated because is a trial but it is ok to know how to create rules, policiesa and so on.
3 Solaris VM

That’s all. I didn’t touch so much the Solaris machine but I think that there is enought time during this coming year.
Just tell you that Checkpoint are the most important firewalls currently in the security environment.

As I told before, I am happy with my new job.