Wednesday, November 21, 2018

Checkpoint smartcenter - manage size of $FWDIR/log/postgres.elg

In the last few months I have started migrating to R80.10 software and I found an interesting issue with the postgres sql database on smartcenter
No rotation of log file has been added to /etc/cpshell/log_rotation.conf so file , over time, can grow to any size until it fills up all disk space

Simple work around until Checkpoint fixes it


  • edit /etc/cpshell/log_rotation.conf file adding this line 
  • log_start list to verify that your change is visible 
  • cpstop && cpstart on management 
If $FWDIR/log/postgres.elg file is way too BIG I did this fix:

after cpstop you issue cat /dev/null > $FWDIR/log/postgres.elg and file is zeroed



Posted by at No comments:

Friday, September 28, 2018

Checkpoint how to clear all tables of IA

The following command  clears all pdp and pep tables on security gateway:

fw tab -t pdp_sessions -t pdp_super_sessions -t pdp_super_sessions -t pdp_encryption_keys -t pdp_whitelist -t pdp_timers -t
pdp_expired_timers -t pdp_ip -t pdp_net_reg -t pdp_net_db -t pdp_cluster_stat -t pep_pdp_db -t pep_networks_to_pdp_db -t
pep_net_reg -t pep_reported_network_masks_db -t pep_port_range_db -t pep_async_id_calls -t pep_client_db -t
pep_identity_index -t pep_revoked_key_clients -t pep_src_mapping_db -t pep_log_completion -x -y

 This commands causes temporary disconnection for all traffic passing the firewall, so use it with caution
Posted by at No comments:

Wednesday, April 18, 2018

Checkpoint firewall reimaging via USB disk --- ISOMORPHIC

Just as a reminder of the options when the serial cable connection messes up the screen




R80.40 Menu

Available options:
------------------
1 - Boot from local disk
2 - 2000, 4000, 12000, 13000, 21000 series
3 - 3000, 5000, 6000, 15000, 16000, 23000, 26000 series
4 - Smart-1 5/25/50/200/400/525/625/3000/5050/5150
5 - Smart-1 150
6 - TE 250/TE1000/100X/250X/1000X/2000X
7 - 41000, 44000, 61000, 64000
8 - UTM-1, Power-1, DLP-1, VSX-1, IPS-1, Connectra, IP series
9 - Open Server with ACPI support
10 - Open Server without ACPI support
11 - Open Server with ACPI support (VGA)
12 - Open Server without ACPI support (VGA)
Default is 1, press <tab> for a list of options.

R81 & R81.10 Menu

Available options:
------------------
1 - Boot from local disk
2 - 2000, 4000, 12000, 13000, 21000 series
3 - 3000, 5000, 6000, 7000, 15000, 16000, 23000, 26000, 28000 series
4 - Smart-1 5/25/50/200/400/525/625/3000/5050/5150
5 - Smart-1 150
6 - TE 250/TE1000/100X/250X/1000X/2000X
7 - 41000, 44000, 61000, 64000
8 - UTM-1, Power-1, DLP-1, VSX-1, IPS-1, Connectra, IP series
9 - Open Server with ACPI support
10 - Open Server without ACPI support
11 - Open Server with ACPI support (VGA)
12 - Open Server without ACPI support (VGA)
Default is 1, press <tab> for a list of options.

R81.20 menu

Available options:
------------------
1 - Boot from local disk
2 - 2000, 4000, 12000, 13000, 21000 series
3 - 3000, 5000, 6000, 7000, 15000, 16000, 23000, 26000, 28000 series
4 - Smart-1 5/25/50/200/400/525/600/625/3000/5000/6000
5 - Smart-1 150
6 - TE 100X/250X/250XN/1000X/2000X/2000XN
7 - 41000, 44000, 61000, 64000
8 - UTM-1, Power-1, DLP-1, VSX-1, IPS-1, Connectra, IP series
9 - Open Server with ACPI support
10 - Open Server without ACPI support
11 - Open Server with ACPI support (VGA)
12 - Open Server without ACPI support (VGA)
Default is 1, press <tab> for a list of options.







Posted by at No comments:
Subscribe to: Posts (Atom)