Archive for the ‘CheckPoint’ Category

Canot SCP to Checkpoint firewall

Posted: February 20, 2014 in CheckPoint
0

When you SCP to Checkpoint SPLAT firewall and get the error “lost connection”, this is what you may see

To resolve this do the following

1. make sure the admin shell has been changed from /bin/cpshell to /bin/bash

chsh admin
Changing shell for admin.
New shell [/bin/cpshell]: /bin/bash
Shell changed.

2. create a new file “touch /etc/scpusers”

3. edit the file and add the users you want to allow for scp

example:
more /etc/scpusers
admin

4. restart the ssh service ( I did not have to restart and it just worked)

service sshd restart

How to find an IP Appliance’s serial number (Previous Nokia device)?

Posted: May 10, 2011 in CheckPoint
0

Symptoms
  • Need to confirm an IP Appliance’s serial number (Previous Nokia device)?
Solution
If you are physically next to the device, look for a label on the physical box.

    1. If you are remotely accessing the firewall, log into Voyager, then look for “Unit SN” under the “Basic IPSO Information” section of the homepage.
    2. Run the following IPSO command:

      ipso[admin]# ipsctl hw:eeprom:serial_number
      hw:eeprom:serial_number = 9xxxxxxxx4

      or you can run: ipsctl -a | grep serial, which will give you all serial numbers related to different parts.

      ipso[admin]# ipsctl -a | grep "serial"
      hw:eeprom:motherboard:serial_number = 94072202114
      hw:eeprom:cpci_1:serial_number = 94072301073
      hw:eeprom:cpci_2:serial_number = 94072301093
      hw:eeprom:power_a:serial_number = SH52618
      hw:eeprom:power_b:serial_number = SH52471
      hw:eeprom:wx_3:serial_number = 94072202755
      hw:eeprom:viper_4:serial_number = 94072300835
      hw:eeprom:wx_1_1:serial_number = 94073601141
      hw:eeprom:serial_number = 9xxxxxxxx4
      hw:motherboard:serialnumber = 0
      hw:chassis:serialnumber = 9xxxxxxxx4

    3. In CLISH, you can run command: “show asset hardware”, which will also give you much information about major parts.

      ipso[admin]# clish
      NokiaIP1260:102> show asset hardware
      Chassis Serial Number: 9xxxxxxxx4
      CPU Model: Pentium 4/XEON
      CPU MFR: GenuineIntel
      CPU Frequency: 2794587100
      Memory: 1073741824
      Disk 0 Model: STI Flash 8.0.0
      Disk 0 Capacity: 128MB
      Disk 1 Model: FUJITSU MHV2040AS
      Disk 1 Capacity: 40007MB
      Platform: IP1260
      Bios Vendor: Hilo BIOS
      Bios Version: 5.0-1.5
      Bios Date: 10-19-2004
      Motherboard Serial Number: 0
      Motherboard Revision: B01
      Motherboard Model: HILO-RCC1

    4. For Nokia IP VPN devices:

      hostname> show fru
      MAIN (MOTHERBOARD) EEPROM FRU INFO:
      -----------------------------------
      Product Name: 10i
      EEPROM info format rev num: 6
      Number of slots: 0
      MAC address count: 3
      Base MAC address: 00:A0:8E:XX:XX:XX
      System serial number: 7HXXXXXXXXX
      System Agile part number: N806189001
      System Agile H/W rev: C
      Onboard MAC count: 3
      System PCA Agile P/N base: 6187
      System PCA Agile P/N suffix: 1

    5. For former Nokia IPS platforms, please run the following command:

      ip390ips ~ # cat /proc/nokia/nvram/serial_num

  1. For UTM-1 EDGE devices, you can also use run the command:

    EDGE:XX> show asset hardware

CheckPoint – ABRA Admin Guide

Posted: May 10, 2010 in CheckPoint
0

Please checkout the Link below for CheckPoint ABRA Administration Guid.

http://dl3.checkpoint.com/paid/18/CP_Abra_R70_AdminGuide.pdf?HashKey=1273464990_3335faabb078861f6de08b25b4f94eb8&xtn=.pdf