These are the main things to check against ddos related attacks on checkpoint,
but of course not enough for sophisticated layer 7 attack techniques, checkout new radware based checkpoint ddos appliance; ddos protector.
Aggressive aging: protection against connection-consuming attacks
Lower Stateful Inspection timers: defense against slow attack
Geo protection: Rules to block by country and direction of traffic
Network quota: limit number of connections by source IP
Worm catcher signature: block known worms (HTTP and CIFS)
TCP window size enforcement: small TCP window and flood
SYN flood protection: cookie-based validation
HTTP flooding / UDP Flooding: rate-based blocking
non-TCP Flooding: restrict non-TCP traffic from occupying more than a given percentage of an enforcement point State table
Thursday, July 26, 2012
Wednesday, July 18, 2012
Checkpoint Port Based Routing in ISP Redundancy
Its possible that certain outgoing connections be routed specifically through the first ISP link at ISP Redundancy Load Sharing Mode
edit the $FWDIR/lib/table.def as follows
By changing it to: no_misp_services_ports = { <500, 17>, <259, 17>, <80,6>};, (where <25,6> stands for SMTP (port 25), TCP (IP protocol 6)), all outgoing SMTP traffic would go through the first ISP link.
Also some tips
Show the currently defined ISP links
#cpstat fw
Test ISP Redundancy by administratively bringing down/up thelink
# fw isp_link ISP-1 down
# fw isp_link ISP-1 up
more advanced commands will be on next release of SmartSPLAT
edit the $FWDIR/lib/table.def as follows
By changing it to: no_misp_services_ports = { <500, 17>, <259, 17>, <80,6>};, (where <25,6> stands for SMTP (port 25), TCP (IP protocol 6)), all outgoing SMTP traffic would go through the first ISP link.
Also some tips
Show the currently defined ISP links
#cpstat fw
Test ISP Redundancy by administratively bringing down/up thelink
# fw isp_link ISP-1 down
# fw isp_link ISP-1 up
more advanced commands will be on next release of SmartSPLAT
Wednesday, July 4, 2012
Cant access to Mobile Access Portal, Browser keeps loading without giving an error
Look under /opt/CPcvpn-R75.20/log/cvpnd.elg for the problem reason,
In my case it was showing
Exception: open("/opt/CPcvpn-R75.20/conf/includes/CustomRulesAfter.conf") failed - No such file or directory - CVPND aborting
manually create the file or files,
touch /opt/CPcvpn-R75.20/conf/includes/CustomRulesAfter.conf
touch /opt/CPcvpn-R75.20/conf/includes/CustomRulesBefore.conf
and do a cvpnrestart
Also check licenses on both cluster members...
In my case it was showing
Exception: open("/opt/CPcvpn-R75.20/conf/includes/CustomRulesAfter.conf") failed - No such file or directory - CVPND aborting
manually create the file or files,
touch /opt/CPcvpn-R75.20/conf/includes/CustomRulesAfter.conf
touch /opt/CPcvpn-R75.20/conf/includes/CustomRulesBefore.conf
and do a cvpnrestart
Also check licenses on both cluster members...
Subscribe to:
Posts (Atom)