Press "Enter" to skip to content

SecureXL Process Details

0

SecureXL is a patented technology consisting of a software package with an API for the acceleration for multiple, intensive security operations. In addition to the IPS, SecureXL also accelerates operations carried out by a Stateful Inspection firewall from Check Point. Through the SecureXL API, this firewall can offload the handling of those operations to a special module, the “SecureXL device,”…

WebUI port change doesn’t survive a firewall policy push or reboot

2

Change WebUI port to 4434 from Command line: webui disable webui enable 4434 Unfortunately after a cpstop/cpstart or reboot, the 4434 port will not survive. It rolled back to 443 again.  Solution: Firewall ->Properties -> SecurePlatform -> change main url to :http://x.x.x.x:4434 goto command line do webui changes push policy. 

Route-based VPN between Juniper and Cisco

1

Another useful post for route-based vpn from http://x443.wordpress.com/page/5/  Cisco router configuration: crypto isakmp policy 1 encr aes 256 authentication pre-share group 5crypto isakmp invalid-spi-recoverycrypto isakmp keepalive 10crypto isakmp key 0 keyforlab123 address 2.2.2.2crypto ipsec transform-set ESP_AES_256 esp-aes 256 esp-sha-hmaccrypto ipsec profile CIPHER-AES-256 set transform-set ESP_AES_256 Tunnel interface configuration: interface Tunnel18 description tunnel_to_srx ip address 192.168.100.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel…

Policy NAT-ing with overlap message – Order is important

0

Existing rule : static (dmz,outside) 200.147.90.89 172.17.1.3 netmask 255.255.255.255 There is a special situation come up today. When 172.17.1.3 access to another site 200.200.200.200 , it has to be nat-ed to different ip address 200.147.90.83 So what I did : 1. Add a new access-list PNAT-T: access-list PNAT-T extended permit ip host 172.17.1.3 host 200.200.200.200  2. Add a new access-list FW1/act/pri(config)#…

Checkpoint Domain Object

14

Was thinking to use Domain Object as a source in our firewall rule. After consulted with checkpoint support, it seems impossible if your domain object represented multiple ip addresses. SK42128 Symptoms     Rules containing a Domain object will only resolve to one of the associated IP addresses, causing request for a site not to return a web page.  Cause…

Add static route in Smoothwall

2

Add static route in Smoothwall Firstly, edit the file /etc/rc.d/rc.netaddress.up Above the 'echo "setting up firewall ……."', add: /sbin route add -net destination netmask subnetmask gw gateway devdeviceinterface ————————————– Edit /etc/rc.d/rc.firewall.up After the section on "# Allow packets that we know about through …" Add: # Allow packets from green to green /sbin/iptables -A FORWARD -i $GREEN_DEV -o $GREEN_DEV -j ACCEPT

no response when ping MS Cluster’s ip address – Solution

0

There is a Citrix cluster deployed in our environment. But cluster ip not working from an outside network, although working fine in same network. Checked MS doc – http://technet.microsoft.com/en-us/library/cc732592(WS.10).aspx troubleshooting NLB, foud following cause: There is no response when you use ping to access the cluster's IP address from an outside network. Verify that you can use ping to access the dedicated IP addresses…

SecureXL Vs CoreXL Vs ClusterXL (Some Checkpoint Terms)

0

From Checkpoint Sites: “SecureXL: Security acceleration Patented SecureXL is a technology interface that accelerates multiple, intensive security operations, including operations that are carried out by Check Point’s Stateful Inspection firewall. Using SecureXL, the firewall offloads operations to a performance-optimized software or hardware device, dramatically increasing throughput. More details from this post. CoreXL: Multicore accelerationAs the first security technology to fully…

Steps to Set up Juniper Secure Access (SA) / SSL Virtual Appliance

0

This products looks similar as UAC products. http://www.juniper.net/support/products/sa/ 1. Download file SPE Virtual Appliance                                                                                Service Provider Edition (SPE) Demonstration & Training Edition…