Category: Linux

FireEye Dashboards Replicated In Splunk

After installing the FireEye app for Spunk and having some issues with it, the app was uninstalled, which left a gap that needed to be filled. So off I went into Splunk land to see if I could scrounge together some decent “dashboard” worthy search queries that could help display important information. Below are a…

Read More »

FireEye Role Based Access Control (RBAC)

Regarding Active Directory integration with FireEye back in FEOS versions 7.0.x (webmps), 6.3.2 (emailmps) and 6.4.1 (CMS), we only had the ability to map a dingle Active Directory group to a single FireEye “role”. And most enterprises would probably have mapped that single group to the Admin role. Well….. Fast >> Forward >> to FEOS…

Read More »

FireEye Integration With BlueCoat Proxy

This tutorial will assist you with integrating FireEye and BlueCoat a bit, by using a URL list populated by FireEye to use in the BlueCoat as another web filter. This filter can then be used in BlueCoat policy just like the BCWF, McAfee Smartfilter, etc…

Read More »

Blue Coat ProxySG – Issues Upgrading SGOS From 5.5.x.x to 6.2.x.x

Following an upgrade on an SG600-10, from 5.5.3.31 to 6.2.9.1, I encountered the errors below, and was unable to pass traffic thru the proxy using the BlueCoat WebFilter categories for “Allow”/”Deny”. As this specific ProxySG is a non-production device, there are very minimal users working with it, and the first I noticed of the issue,…

Read More »

Check Point Quick Reference – FW Monitor

Overview: FW Monitor is a built-in firewall tool which needs no separate install on the device you wish to capture packets and interrogate connections. It is a functionality provided with the installation of the FW-1 package and syntax is also identical across all FW-1 installations. FW Monitor allows for sampling the connection from 4 different…

Read More »

Firewall Commands For Identifying Specific Routes

The Question: Identify the route to specific destination/target without using the routing table (more specific) I was asked the question today, and blanked out… I have ran the Cisco and CheckPoint IPSO versions, but not Splat, but still couldnt pull it from memory. Once I looked it up, I felt silly, but know it will…

Read More »

Blue Coat – HowTo Set Up A Policy Trace To Debug Access Issues

Problem Description: Policy tracing is primarily used when debugging access to web sites. When something is allowed and it should be denied, or vice-versa, using the policy trace feature is the best way to diagnose the issue. Resolution: Enabling a policy trace Open the “Configuration” tab, expand “Policy” radio button Launch the visual policy manager…

Read More »

Useful Stuff

This post is a quasi-holding place for uncategorized things at the moment, with no rhyme or reason as to why its here or somewhere else: SCP files from a linux box or firewall to another linux box: SYNTAX = scp /path/to/local/file user@remote_host:/path/to/file/on/remote/host EXAMPLE = scp /var/tmp/todays-date-kernel-debug.tgz user@firewall-hostname:/var/tmp/todays-date-kernel-debug.tgz

Read More »

Check Point Firewall – Nokia IPSO CST Hanging or Taking Forever?

Is your Nokia IPSO CST Not finishing? Trying to run a CST on your Nokia, but seems to be taking forever? I have had the same issue on various Nokia security appliances running on IPSO 4.2 and older. The problem ended up being hung process that was spawned by the CST program. It seems that…

Read More »

Check Point Firewall – Interfaces Reordered Upon Upgrade

A few days ago, one of our Check Point IAS M6 Firefly equiped, R70.20 Splat clusters, had a member fail due to “PLANAR VOLTAGE FAILURE”, so says the IBM iLO event log. Since this is not solved by a simple power supply replacement, so an RMA replacement unit from Check Point was obtained. The new…

Read More »