Category: Network Security

Blue Coat ProxySG – Issues Upgrading SGOS From 5.5.x.x to 6.2.x.x

Following an upgrade on an SG600-10, from 5.5.3.31 to 6.2.9.1, I encountered the errors below, and was unable to pass traffic thru the proxy using the BlueCoat WebFilter categories for “Allow”/”Deny”. As this specific ProxySG is a non-production device, there are very minimal users working with it, and the first I noticed of the issue,…

Read More »

Check Point Quick Reference – Tcpdump

NOTE: fw monitor operates above layer 2 and does not include mac address information – cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host 11.11.11.11 and host 22.22.22.22…

Read More »

Check Point Quick Reference – FW Monitor

Overview: FW Monitor is a built-in firewall tool which needs no separate install on the device you wish to capture packets and interrogate connections. It is a functionality provided with the installation of the FW-1 package and syntax is also identical across all FW-1 installations. FW Monitor allows for sampling the connection from 4 different…

Read More »

Firewall Commands For Identifying Specific Routes

The Question: Identify the route to specific destination/target without using the routing table (more specific) I was asked the question today, and blanked out… I have ran the Cisco and CheckPoint IPSO versions, but not Splat, but still couldnt pull it from memory. Once I looked it up, I felt silly, but know it will…

Read More »

CheckPoint SmartDashboard – Missing Menu

Was just bouncing around updating rules in some firewalls, and noticed that the menu bar at the top of the window was missing… After some searching, I found that a registry setting needed to be modified, to restore the menu bar. Here is the registry path: HKEY_CURRENT_USER\Software\CheckPoint\Management Clients\6.2.01\R75.10\Check Point SmartDashboard\Check Point SmartDashboard\Toolbar States\ToolBar-Bar0 You will…

Read More »

FTP Client Authentication Syntax For BlueCoat ProxySG

In this example the syntax used is the “Checkpoint” method. FileZilla Open FileZilla Edit–>Settings…–>FTP–>FTP Proxy–>Click Custom–>Enter the syntax below: USER %u@%s@%h PASS %p@%w Fill in the following: Proxy Host – 123.123.123.123 Proxy User – NTID Proxy Pass – NTPass Click OK to get to the main screen again. Fill in the following: Host: – ftp.server-u-need-2-get-2.com…

Read More »

Blue Coat – HowTo Set Up A Policy Trace To Debug Access Issues

Problem Description: Policy tracing is primarily used when debugging access to web sites. When something is allowed and it should be denied, or vice-versa, using the policy trace feature is the best way to diagnose the issue. Resolution: Enabling a policy trace Open the “Configuration” tab, expand “Policy” radio button Launch the visual policy manager…

Read More »

Check Point Firewall – Nokia IPSO CST Hanging or Taking Forever?

Is your Nokia IPSO CST Not finishing? Trying to run a CST on your Nokia, but seems to be taking forever? I have had the same issue on various Nokia security appliances running on IPSO 4.2 and older. The problem ended up being hung process that was spawned by the CST program. It seems that…

Read More »

Check Point Firewall – Detect SSH over Non Standard Ports

Many enterprises deploy proxies these days, but many are not aware that if they are not configured correctly, they may be allowing tunneling through certain protocols, and in essence, giving a tech savvy employee the keys to exploit this fault. Most times this is SSH over HTTP/HTTPS, but can also be over other ports, which…

Read More »