CheckPoint SPLAT schedule backup
For backup scheduling and transfert the backup through scp, we can use the following commandbackup --sched on 12:00 -w 1 --scp backup_servr_ip_or_name username userpassword -path destination_pathEx : backup --sched on 12:00 -w 1 --scp backupserver.totot.com titi tata -path /backup/firewall `/bin/data +%Y_%m_%d`For a daily scheduling we need to change the crontab file with the crontab -e command :mm yy * * * backup_sched schedDetail of the command helpbackup [-h] [-d] [[--tftp ] [--scp ] [--file ]]
where: -d Show debug messages -h, --help Show this help information -t, --tftp Transfer backup package from TFTP server -s, --scp Transfer backup package from SCP server -f, --file Specify local backup package filename
CheckPoint SPLAT with ntp time sync
NTP config are not available on sysconfig tool.To configure ntp, through expert command line use :ntp -n xx ntp_server_ip_addressxx => interval in minute
Configuring FireWall-1 NG to work in clear authentication with OPSEC applications
To work with Clear authentication for the LEA, ELA, SAM and UAA APIs the $FWDIR\conf\fwopsec.conf file should be edited. This example demonstrates how to do it for LEA and, with the exception of the port number, it is the same for all others.1. Stop the FireWall (cpstop)2. Edit $FWDIR\conf\fwopsec.conf file3. Add the following lines in the bottom (the order is important): lea_server auth_port 0 lea_server port 18184 4. Save the file5. Start the Firewall (cpstart)6. Install policy
Which Nokia Appliances are capable of running as a Management Module (SmartCenter) ?
All of the Disk base Nokia appliances are capable of running as a management station. Local management is not an option on diskless or Hybrid systems.
Nokia diskless appliances can be managed via Check Point SmartCenter or Provider-1, but the management server must be run on another platform.See Q&A 1410359 on Nokia Support
F5 LinkControler restore default config
Before you perform a network boot from a CD, you must designate and configure a remote host to be a Pre-boot Execution Environment (PXE) server. This remote host must meet all the following criteria:
Contain a CD-ROM drive.
Support a CD-ROM boot.
Reside on the same network as the BIG-IP client. Note: You must connect the installation server to the MGMT port on the BIG-IP unit.
Note: If you are upgrading a BIG-IP 1500 (C36), BIG-IP 3400 (C62), or BIG-IP 6400 (D63) platform, you must use an Ethernet cross-over cable to connect to the management interface. If you are upgrading a BIG-IP 1000 (D39), BIG-IP 2400 (D44), BIG-IP 5100 or 5110 (D51), you can use a standard Ethernet cable to connect to the management interface.Once you have designated a host, complete the following steps:- Insert the CD into the drive on the installation server and reboot the host system from the CD-ROM drive.- Select option 2 ServerAfter you select the interface you want to use as the installation server interface, the following prompt displays: Use existing DHCP server on subnet [no]?
Indicate your DHCP choice:
If you want to set up this server as the DHCP server, type no. The following series of prompts displays:IP network [10.1.10]?
IP address of server 10.1.10[n] [199]?
Lower range for clients 10.1.10.[n] [199]?
Upper range for clients 10.1.10.[n] [200]? If the settings displayed are correct, type yes. If they are not, type no and you are prompted to re-enter the addresses.
Once you accept the settings, the server configuration is complete.Booting the target hardware from the remote installation server
After you designate and configure a remote host to be a installation server, you are ready to perform the network boot from the console of the platform on which you wish to install the software.
Note: You must connect the installation server to the MGMT port on the BIG-IP unit.
First, select the method you want to use to net boot the unit:
If the machine is powered down, power it up, and within the first ten seconds use a paperclip to push the NETboot button on the front panel of the IP Application Switch.
Once the devidce is booted, he take a DHCP request and then start to install the default Big Ip software.
Once the software installated, reboot the device.
F5 Save config
For backup and restore an F5 LinkControl device use the following command :Backup - b config save /folder_name/file_nameRestore - b config install /folder_name/file_name.ucs
F5 Static routing
On F5 LinkControler (Release 4.5) you can define static routes in the /config/static-routes files. Rights 755 needed on the file.Before adding static routes you need to validate the update_cached_route variable, with the following command :bigpipe global update_cached_route enableTo add a route in the file, you need to add a line per route in the following format :10.0.0.0/16 192.168.1.1Ex : echo '10.0.0.0/16 192.168.1.1' > /config/static-routes After a change in the static-routes file a reload of the file are needed wth the bigstart reinit static-routes command.
CheckPoint VPN-1 / SmartDefense Logs and Rule number
See on the following Internet link, the Rule numbers initiated by SmartDefense in Smart View Tracker.http://www.fw-1.de/aerasec/ng/smartdefense-02.html
