Press "Enter" to skip to content

Checkpoint SPLAT Manual Proxy ARP Configuration Example

0

Checkpoint manual NAT configuration is a quite useful method to remedy the weakness of auto nat . For me, I always mix them according to different scenarios although there are quite discussion which is better in a dispute  CPUG post. Use auto nat as possible as I can when starting projects or network, then slowly to roll out manually NAT when complexity components…

Checkpoint SPLAT Timezone Configuration Difference on WebUI and CMD

2

When setting up Checkpoint Smart-1 / SPLAT / UTM gateway, there is one thing always confusing admin – how to set up correct timezone with daylight saving. Usually WebUI is the first interface to start setting up checkpoint gateway. Unfortunately, the NTP configuration is not that straightforward. As the screenshot shows, it only allows admin to set time zone to…

Checkpoint Management Center Snapshot, Backup and Log file location

0

Our management server Smart-1 is running at standalone mode, not have another HA standby for redundancy. If not having a decent backup for disaster recovery, our situation will be dangerous. Usually I do upgrade_export  from command line and backup checkpoint from WebUI, then ftp both files out in a safe place. Image file at Smart-1 seems not exportable from appliance.…

Enable Checkpoint SmartWorkflow on Management Server

0

Just enabled SmartWorkflow and have some steps recorded here to share Enable SmartWorkflow steps: 1. Create two Permission Profiles for normal administrators and managers. Only difference is Manager profile has manage administrators permission. 2. Create two users , Admin1 and manager. Admin1 is used to perform daily routing work and it is associated with permission profile Admin. manager is in Manager group…

Cisco IOU IPsec Site to Site VPN with External Third Party CA (XCA) – Part 3

1

This is lab part 3 to verify three different  ipsec vpn authentication methods: Pre-share key, RSA key and CA. First two parts has been listed in previous posts. Here is last part – external CA. Cisco IOU IPsec Site to Site VPN with Pre-shared key, RSA Key, or CA Part 1 Cisco IOU IPsec Site to Site VPN with Pre-shared…

Increase IOU NVRAM Size

0

Bu default IOU image NVRAM size is small not enough for complicated topology. Router#dir nvram:Directory of nvram:/     6  -rw-        1636                    <no date>  startup-config    7  —-           5                    <no date>  private-config    1…

Juniper SRX 240H Bootable USB Backup

0

Juniper 10800 KB has good explanation regarding how to format and mount a USB flash drive on a J-series router, but not too much info for DRP process such as using snapshot stored on USB flash drive. Spent some time trying to make a bootable USB flash drive and here are some my own experience sharing. Note: I am using…

Cisco IOU IPsec Site to Site VPN with Pre-shared key, RSA Key, or CA Part 2

0

Cisco IOU IPsec Site to Site VPN with RSA key Physical Diagram is still same as before. Since pre-shared key ipsec is already configured and working properly. The only thing needs to do is to change authentication method and import peer’s public key. Of course have to generate your own private key and public first. Also, time on both devices…

Cisco IOU IPsec Site to Site VPN with Pre-shared key, RSA Key, or CA Part 1

0

Cisco IOU IPsec Site to Site VPN  R1#sh verCisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Experimental Version 12.4(20090407:185408) [yuiu-redbuild-V124_24_5_6_PIC1 177]Copyright (c) 1986-2009 by Cisco Systems, Inc.Compiled Wed 08-Apr-09 02:09 by yuiuROM: Bootstrap program is LinuxR1 uptime is 45 minutesSystem returned to ROM by reload at 0System image file is “unix:../i86bi_linux-adventerprisek9-ms“This product contains cryptographic features and is subject to UnitedStates and local…