1. Generate the CSR
-------------------------------
run "csr_gen <filename>" and follow the instructions.
!NOTE! If the files <filename>.csr and .key still exists, the files are overwritten without warning!
Output:
-> <filename>.key (keyfile)
This is the private key. You are requested if you want to protect this file with a passphrase - please do so. Protect this file and keep it secure.
You need this file and the passphrase later to install the certificate.
-> <filename>.csr
This is the certificate signing request that you have to send to your CA.
you will receive the signed certificate from your CA (certfile)
2. Convert certfile to PEM-Format
-----------------------------------------------------------
If the file you receive is from your CA is in p12 or pfx format convert the file into PEM format (sk30997):
$CVPNDIR/bin/p12ToPem <input-filename(.p12 /
e.g. $CVPNDIR/bin/p12ToPem cert.pfx
If the file you receive is from your CA is in p7b, spc or PKCS#7 format convert the file into PEM format:
$CVPNDIR/bin/p7bToPem <filename (.p7b, .spc, ...)> <output filename (.crt)>
e.g. $CVPNDIR/bin/p7bToPem cert.p7b cert.crt
Output:
->certfile in PEM-format <filename>.crt
3. Install the generated certificate:
--------------------------------------------------
Use this command to install the previous generated certificate:
$CVPNDIR/bin/InstallCert <certfile> <keyfile> '<passphrase>'
4. Restart Daemon
----------------------------
Run "cvpnrestart" on the Gateway
Repeat step 3. and 4. on each member
Finally reinstall the policy to the cluster.
The Simplest and Best Way to Manage Checkpoint Secure Platform http://www.smartsplat.com
Thursday, June 14, 2012
Sunday, June 10, 2012
Policy Install Load on Module Failed
Last week I was dealing with a policy installation problem,
fwm.elg was pointing to duplicate fw object name and some certificate related problems..
After placing the upgrade_export to a VM test machine, I saw that I can install the policy on it, so I have decided to reset SIC on both members one by one and this resolved our problem.
SmartSPLAT may help you to examine this type of problems..
Load Policy to Firewall
# fwm load $FWDIR/conf/Standard.W FirewallName > /var/tmp/policy_install.ctl 2>&1
Also try
Fetching the Policy from SMC
# fw fetch SMCName
and fetching locally
# fw -d fetchlocal -d $FWDIR/state/__tmp/FW1/
fwm.elg was pointing to duplicate fw object name and some certificate related problems..
After placing the upgrade_export to a VM test machine, I saw that I can install the policy on it, so I have decided to reset SIC on both members one by one and this resolved our problem.
SmartSPLAT may help you to examine this type of problems..
Load Policy to Firewall
# fwm load $FWDIR/conf/Standard.W FirewallName > /var/tmp/policy_install.ctl 2>&1
Also try
Fetching the Policy from SMC
# fw fetch SMCName
and fetching locally
# fw -d fetchlocal -d $FWDIR/state/__tmp/FW1/
FWM crashes due to corrupted license file
last week I had an interesting license problem
Got the error similar to below;
/bin/cplic_start: line 6: 4777 Segmentation fault $CPDIR/bin/cplic "$@"
fwm is crashing on the SmartCenter server..
perform the following on SMC
# cpstop
# cd $CPDIR/conf
# rm cp.contract
# rm cp.license (If removing just the cp.contract doesnt resolve the issue try removing this file, you need to reinstall the licenses)
# cd $FWDIR/conf
# rm CPMIL*
# rm applications.C*
# cpstart
also note to check disk size with # df -h at SMC related problems.. /opt may be full
Got the error similar to below;
/bin/cplic_start: line 6: 4777 Segmentation fault $CPDIR/bin/cplic "$@"
fwm is crashing on the SmartCenter server..
perform the following on SMC
# cpstop
# cd $CPDIR/conf
# rm cp.contract
# rm cp.license (If removing just the cp.contract doesnt resolve the issue try removing this file, you need to reinstall the licenses)
# cd $FWDIR/conf
# rm CPMIL*
# rm applications.C*
# cpstart
also note to check disk size with # df -h at SMC related problems.. /opt may be full
Monday, May 28, 2012
Site to Site VPN between Checkpoint and pfSense
I would like to share my experience on making Site to Site VPN between Checkpoint and pfSense
This is a working procedure..
Good Luck :)
note: If the pfsense part has more than one subnet defined, then you have to play with user.def file at checkpoint side,otherwise tunnel will just be up on one subnet.
This is a working procedure..
Good Luck :)
note: If the pfsense part has more than one subnet defined, then you have to play with user.def file at checkpoint side,otherwise tunnel will just be up on one subnet.
3DES MD5
Phase 1
Saturday, May 19, 2012
AntiBot crashes and SmartDashboard stops responding..
There is a dll fix for new Anti-Bot blade, Request it from Support.
Thursday, May 10, 2012
IPS Update: ips scheduled update ended with errors
Manually update the IPS database,
Close all GUI applications,
Open a GUIDBEdit to the SMC
Application name:GuiDBedit.exe
Search (Search->Find) for:
autoupdate_and_install_status_obj
Once found you will see a field named status under that object.
Change the value of status 0
Save changes,close GUIDBEDIT
Open Dashboard and verify if the issue resolved.
Updated Note : There is a fix for this issue, Request it from Support.
Sunday, May 6, 2012
How to use SCP upload-download option at New OS Gaia
To use SCP with GAIA, You have to change the users shell to bash
# chsh -s /bin/bash admin
To go back to cli.sh
Use # chsh -s /etc/cli.sh admin
Or you may do these actions via Web UI as below
Thursday, May 3, 2012
R75 UFP causes high CPU usage
Be Careful when upgrading R65 to R75
There is a hotfix for UFP Opsec Connection, request it from support before going in to Production..
Symptomps are,
CPU Peak %100 , ping latency , drop packets..
How to replicate,
Try high size downloads..
There is a hotfix for UFP Opsec Connection, request it from support before going in to Production..
Symptomps are,
CPU Peak %100 , ping latency , drop packets..
How to replicate,
Try high size downloads..
Sunday, April 15, 2012
SmartSPLAT v5 Redesigned from your feedbacks..
New Telnet Option,
New Right Click Menu,
New SSH Port definition,
New Duplicate SSH Option,
New Health Check Option,
New Cluster Terminal,
and more...
http://www.smartsplat.com/
Friday, February 17, 2012
How to reset SmartEvent database, Cause:Error at Reports
1. Run evstop to stop the reporter module.
2. Delete all files in the \var\$RTDIR\Database\log directory.
3. Delete all files in the \var\$RTDIR\Database\data directory
4. Extract the contents of $RTDIR\conf\db_files.tgz to \var\$RTDIR\Database\data directory.
5. Run evstart to start the reporter module.
This process will completely overwrite the existing database files with clean new ones.
2. Delete all files in the \var\$RTDIR\Database\log directory.
3. Delete all files in the \var\$RTDIR\Database\data directory
4. Extract the contents of $RTDIR\conf\db_files.tgz to \var\$RTDIR\Database\data directory.
5. Run evstart to start the reporter module.
This process will completely overwrite the existing database files with clean new ones.
Subscribe to:
Posts (Atom)