This is a great way to provide trending statistics and troubleshoot bandwidth and throughput issues:
View the Smartview Monitor status
rtm drv stat
If Smartview Monitor is not running this command turns it on:
rtm drv on
rtmstart
rtm monitor [options]-g[entity-1…entity-n]
rtm monitor localhost -filter "[and[[interface 0 [[eth0in]]][svc 1 [telnet http]]]" -y C -g topsrc
Displays conncurrent connections for the top 50 sources pass on eth0 inbound that is not telnet or http.
rtm monitor localhost -filter -g topsvc
Displays the top 50 services passed on any interface in both directions
rtm monitor localhost hme1 -g topsvc -y b
Displays bytes per sec for top 50 services on interface hme1
Other switches:
-i number of seconds
Interface-name specif a specific interface
-y measurement units (bytes,packets, line)
C average concurrent connections
-g grouping optons (svc, src,dst,ip,fgrule,topsvc,topsrc,topdst,topfgrule)
svc monitor according to service
src according to a network object's source
dst
ip monitor src and dst
fgrule QOS rule
topsvc top 50 sources
topdst
topfwm top 50 firewall rules
Wednesday, March 10, 2010
How to globally change the expiration date of all users on Checkpoint
Steps 1-3 are only required in a Provider environment.
1. SSH into the MLM for the customer and set your environment to the MLM IP
mdsenv
2. Next "cd $FWDIR" and type "pwd"
3. Confirm that you are placed into the MLM directory for the customer.
4. next run the following command:
fwm expdate--
example: fwm expdate 02-12-2010
1. SSH into the MLM for the customer and set your environment to the MLM IP
mdsenv
2. Next "cd $FWDIR" and type "pwd"
3. Confirm that you are placed into the MLM directory for the customer.
4. next run the following command:
fwm expdate
example: fwm expdate 02-12-2010
Resolving local logging issues on Checkpoint
If logs are not appearing in Smartview Tracker, they are probably logging locally.
To determine if logs are being stored locally on the gateway, go to $FWDIR/log.
Locate the fw.log file and see if it's size is incrementing. There may also be additional fw*.log files that have rolled over.
To resolve the issue, first try restarting the MLM (in a Provider environment or the Log Services in a Smartcenter Server environment).
Next, restart the firewall services on the gateway (fw kill fwd followed by fwd).
If that does not work, try restarting the firewall.
Once resolved, you can pull the stored logs from the gateway by running "fw fetchlog" from the log server. In R70, there is also an option to fetch logs in Smartview Tracker (Tools>Remote Files Mgmt)
To determine if logs are being stored locally on the gateway, go to $FWDIR/log.
Locate the fw.log file and see if it's size is incrementing. There may also be additional fw*.log files that have rolled over.
To resolve the issue, first try restarting the MLM (in a Provider environment or the Log Services in a Smartcenter Server environment).
Next, restart the firewall services on the gateway (fw kill fwd followed by fwd).
If that does not work, try restarting the firewall.
Once resolved, you can pull the stored logs from the gateway by running "fw fetchlog
Tuesday, March 9, 2010
Allowing scp to SPLAT boxes
cat /etc/scpusers look for the user name that will be sued to scp.
If the user does not exist: echo >> /etc/scpusers
In order to use WinSCP,
you must also issue the following to change admin's shell to bash:
chsh -s /bin/bash admin
Note: This is a security risk as this bypasses cpshell for this user. Use with
caution.
If the user does not exist: echo
In order to use WinSCP,
you must also issue the following to change admin's shell to bash:
chsh -s /bin/bash admin
Note: This is a security risk as this bypasses cpshell for this user. Use with
caution.
Configuring SNMP on SPLAT
step 1: service snmpd restart
step 2: edit /etc/snmp/snmpd.users.conf and replace public with your actual
snmp community string
step 3: service snmpd restart
step 4: netstat -an | grep 161
for checkpoint snmpd port 260:
step 1: modify the $FWDIR/conf/snmp.C file and place the actual snmp
community inside the read and write (). If you leave the write empty,
it will use "private" as the community string. This is a security risk.
step 2: run sysconfig and start the checkpoint snmpd extension
step 3: perform cpstop;cpstart
step 4: netstat -an | grep 260
step 2: edit /etc/snmp/snmpd.users.conf and replace public with your actual
snmp community string
step 3: service snmpd restart
step 4: netstat -an | grep 161
for checkpoint snmpd port 260:
step 1: modify the $FWDIR/conf/snmp.C file and place the actual snmp
community inside the read and write (). If you leave the write empty,
it will use "private" as the community string. This is a security risk.
step 2: run sysconfig and start the checkpoint snmpd extension
step 3: perform cpstop;cpstart
step 4: netstat -an | grep 260
Examining a Screen OS debug packet
ethernet0/1:10.1.1.1/17152->192.168.1.1/256,1(8/0)
Protocol is 1 (ICMP).
Type 8: Echo
Code 0: No Code
Result:10.1.1.1 is sending an ping to 192.168.1.1
Here is an example of how understanding the type codes could help in troubleshooting a problem.
ethernet0.1:4:10.1.1.1/514->10.17.3.3/1051,1(3/3)
Type 3: Destination Unreachable
Code 3: Port Unreachable
Protocol is 1 (ICMP).
Type 8: Echo
Code 0: No Code
Result:10.1.1.1 is sending an ping to 192.168.1.1
Here is an example of how understanding the type codes could help in troubleshooting a problem.
ethernet0.1:4:10.1.1.1/514->10.17.3.3/1051,1(3/3)
Type 3: Destination Unreachable
Code 3: Port Unreachable
Subscribe to:
Posts (Atom)
Posts
