posted 9 Oct 2016, 10:49 by Donald Ross   [ updated 9 Oct 2016, 11:24 ]

Enter the SecurePlatform expert mode.
Type pro enable at the prompt and press Enter.
Type router at the prompt and press Enter. 

conf t
router ospf 1
network area
network area
write memory
add firewall rule from neighbor to any service OSPF

Short explanation of the routing table flags:
 – U=Up: is to use when destination is directly connected or can be connected over a gateway 
 – G=Gateway: it's a destination that can be connected over a gateway (Router)
 – H=Host: the destination is a single host
 – D=Dynamic: the entry is made automatically (e.g. by RIP "Routing Information Protocol“)
 – M=Modified: the entry was modified automatically

Checkpoint commands cheat sheet

posted 17 Mar 2016, 12:20 by DR Labs   [ updated 10 Apr 2016, 00:00 ]

Checkpoint VSX

Find using dashboard which physical D8 the virtual is sitting on.
Here is some basic syntax to run a tcpdump on a  D8 VSX  firewall.
ssh to the  active VSX Gateway .
Make sure you are in expert mode
Type expert to be gain that mode.
Run this command
vsx stat  -v
vsx stat  -l
identify your virtual firewall number  (e.g. Client 2) then type this
vsx set  x ##Where x is your Virtual firewall number listed in the left column

run this command
identify the ingress and egress interfaces   by looking at the routing table.
Then run two tcpdumps
Ingress interface

tcdpump  -I  <interface_name>  host <IP_address_of_the_Machine_your_are_interested_in> -nn and host <IP_address_of_the_Machine_your_are_interested_in>
egress interface
tcdpump  -I  <interface_name>  host <IP_address_of_the_Machine_your_are_interested_in>

1-2 of 2