Following an upgrade on a Blue Coat ProxySG 600-10, from 5.5.3.31 to 6.2.9.1, I encountered the errors below, and was unable to pass traffic thru the proxy using the BlueCoat WebFilter categories for "Allow"/"Deny". As this specific ProxySG is a non-production device, there are very minimal users working with it, and the first I noticed of the issue, was an email from the ProxySG itself. From: ProxySG@Company-X.com [mailto: ProxySG@Company-X.com] Sent: Thursday, June 14, 2012 1:51 … [Read more...]
Checkpoint VSX Commands
This is a short list of Checkpoint VSX Commands that I am compiling as I continue to work with CheckPoint VSX systems. The list is not comprehensive and may not work for everyone, so if you see errors, please contact me so I may correct them. Thanks! /ryan Check Point CLI "CP" Commands CLI Command Command Description vsx get View current shell context. vsx set Set context to VS with the ID . [Expert@FW-VSX-Gateway:0]# vsx set 3 Context is set to Virtual Device … [Read more...]
Check Point Quick Reference – Tcpdump
NOTE: fw monitor operates above layer 2 and does not include mac address information - cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host 11.11.11.11 and host 22.22.22.22 08:02:15.043273 11.11.11.11.62044 > 22.22.22.22.https: S 1943270491:1943270491(0) win 65535 tcpdump -nni eth0 tcpdump -nni eth0 host 111.111.111.111 tcpdump -nni eth0 … [Read more...]
Check Point Quick Reference – FW Monitor
Overview: FW Monitor is a built-in firewall tool which needs no separate install on the device you wish to capture packets and interrogate connections. It is a functionality provided with the installation of the FW-1 package and syntax is also identical across all FW-1 installations. FW Monitor allows for sampling the connection from 4 different points in the firewall, can show NAT assignments or see if routing is working right. FW Monitor happens at the kernel level, but is not a packet … [Read more...]
Firewall Commands For Identifying Specific Routes
The Question: Using firewall commands, identify the route to specific destination/target without using the routing table (more specific) I was asked the question today, and blanked out... I have ran the Cisco and CheckPoint IPSO versions, but not Splat and still couldn't pull it from memory. Once I looked it up I felt silly, but knew it will be a good addition to my little knowledge repository. CheckPoint - IPSO: show route destination xx.xx.xx.xx Checkpoint - Splat: ip route get … [Read more...]
CheckPoint SmartDashboard – Missing Menu
Hello All. I was bouncing around in the Checkpoint SmartDashboard, updating rules in some firewalls and noticed that the menu bar at the top of the window was missing... After some searching, I found that a registry setting needed to be modified to restore the SmartDashboard menu bar. Here is the registry path that needed to be modified: HKEY_CURRENT_USER\Software\CheckPoint\Management Clients\6.2.01\R75.10\Check Point SmartDashboard\Check Point SmartDashboard\Toolbar … [Read more...]
FTP Client Authentication Syntax For BlueCoat ProxySG
In this example the syntax used is the "Checkpoint" method. FileZilla Open FileZilla Edit-->Settings...-->FTP-->FTP Proxy-->Click Custom-->Enter the syntax below: USER %u@%s@%h PASS %p@%w Fill in the following: Proxy Host - 123.123.123.123 Proxy User - NTID Proxy Pass - NTPass Click OK to get to the main screen again. Fill in the following: Host: - ftp.server-u-need-2-get-2.com Username - username on ftp server Password - password on ftp server Port - … [Read more...]
Blue Coat – HowTo Set Up A Policy Trace To Debug Access Issues
Problem Description: Policy tracing is primarily used when debugging access to web sites. When something is allowed and it should be denied, or vice-versa, using the policy trace feature is the best way to diagnose the issue. Resolution: Enabling a policy trace Open the “Configuration” tab, expand “Policy” radio button Launch the visual policy manager (VPM) Click the “Web access layer (trace)” tab on the VPM Right-Click the source of an existing rule and click on … [Read more...]
Check Point Firewall – Nokia IPSO CST Hanging or Taking Forever?
Is your Nokia IPSO CST Not finishing? Trying to run a CST on your Nokia, but seems to be taking forever? I have had the same issue on various Nokia security appliances running on IPSO 4.2 and older. The problem ended up being hung process that was spawned by the CST program. It seems that CST calls "fw tab -u -t", and sometimes it just gets hung up, but will look to the user like the whole CST process is just hung. Here is a sample so you can get a visual: FIREWALL123[admin]# cst IPSO … [Read more...]
Check Point Firewall – Detect SSH over Non Standard Ports
Many enterprises deploy proxies these days, but many are not aware that if they are not configured correctly they may be allowing SSH over Non Standard Ports, giving a tech savvy employee the keys to exploit this fault. Most times this is SSH over HTTP/HTTPS, but can also be over other ports, which is less common. Blue Coat proxies detect and drop this type of activity by default, but like I said, all it takes is a few small lines of CPL to override this default blocking (CPL is left out … [Read more...]