Month: May 2012

Check Point Quick Reference – Tcpdump

NOTE: fw monitor operates above layer 2 and does not include mac address information – cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host 11.11.11.11 and host 22.22.22.22…

Read More »

Check Point Quick Reference – FW Monitor

Overview: FW Monitor is a built-in firewall tool which needs no separate install on the device you wish to capture packets and interrogate connections. It is a functionality provided with the installation of the FW-1 package and syntax is also identical across all FW-1 installations. FW Monitor allows for sampling the connection from 4 different…

Read More »

Firewall Commands For Identifying Specific Routes

The Question: Identify the route to specific destination/target without using the routing table (more specific) I was asked the question today, and blanked out… I have ran the Cisco and CheckPoint IPSO versions, but not Splat, but still couldnt pull it from memory. Once I looked it up, I felt silly, but know it will…

Read More »

CheckPoint SmartDashboard – Missing Menu

Was just bouncing around updating rules in some firewalls, and noticed that the menu bar at the top of the window was missing… After some searching, I found that a registry setting needed to be modified, to restore the menu bar. Here is the registry path: HKEY_CURRENT_USER\Software\CheckPoint\Management Clients\6.2.01\R75.10\Check Point SmartDashboard\Check Point SmartDashboard\Toolbar States\ToolBar-Bar0 You will…

Read More »