How to reset lost password at IBM ISS MX Firewalls

Use Putty, Hyper terminal wont work with this procedure.

* Open a console terminal session with the M/MX appliance.
* Reboot the appliance.
* Press [Delete] to enter setup.
* When the GRUB menu appears, press 'e'
* Select the kernel that you wish to boot and type 'e' for edit.
* Select the line that starts with 'kernel' and type 'e' to edit the line.
* Go to the end of the line and type 'single' as a separate word (press the [Spacebar] and then type single).
* Press [Enter] to exit edit mode.
* Back at the GRUB screen, type 'b' to boot into single user mode.
* You should get a fairly normal looking boot sequence except that it terminates a little early at a bash prompt.

NOTE: If you get a "Give root password for system maintenance" message, your system has been secured to require the root password for any level of access. In that case, this procedure isn't going to work and you would need to reimage the system to regain access.

Once you get to the command prompt, the / file system may not be mounted as writable. To ensure that it is writable, enter the following
command:
mount -o remount,rw /

* If all is successfull up to this point, you can type the following and change the root password to whatever you like:
passwd

* You can also change the command line admin password here using the following command:
passwd admin

* You can change the web interface admin password here using the following command:
htpasswd -m /var/www/auth/htpasswd admin

* Once the passwords have been changed, reboot the appliance with the
command:
shutdown -r now

* After the system has finished rebooting, you should be able to login with the newly changed password.

Checkpoint L2TP Android Configuration

 The only setup difference between Iphone and Android is the L2TP preshared key.This is empty at  Android side.

*Go to Settings -> Wireless & Networks -> VPN Settings

 -vpn name: “set a vpn name”

  -vpn server : “set firewall ip”

  -ipsec preshared key:” set l2tp key ”

  -l2tp preshared key : “disable”

You will be able to connect from Android.

New features in version 4

SmartSPLAT

 FREE SSH Software for Checkpoint Firewalls

http://www.smartsplat.com/

Iphone IPad support for Connectra

Connectra (All versions for now 23.05.2011) does not support Checkpoint Mobile Vpn Software , you cant use the Vpn client because certificate enrollment is not supported you will get an error "Certificate Enrollment Failed" You have to upgrade to Mobile Access Blade.

You only can use safari browser but if you are using ICS then again you wont be able to login to Portal.

Deployment shell internal error at Connectra

To successfully use Connectra Portal ICS (Scanning with compliance policy ) activeX and Java VM should be installed on the pc, If the two components are successfully installed another component deployment shell installation begins , if you have a problem with the two prequiste you cant install the deployment shell and you get the warning deployment shell internal error.
Solution: unregister the pc from windows domain (you wont deal with GPO,User Profiles,Security Templates , etc. ) unistall everything and do a fresh install.

Also, ICS components reside at /opt/CPcvpn-R66/htdocs/ICS/components for R66.1 server ,replace them by the new files from your test vm
and apply the command # cvpn_port_utility.csh.R66_01

Also checkout http://www.microsoft.com/technet/security/advisory/2562937.mspx

use "wusa /uninstall /kb:2562937"    command to uninstall the related update.

SmartSPLAT v4 is now Released

    I'm pleased to announce the release of SmartSPLAT v4

This version includes a number of new features,

New Floaty Terminals,
New Floaty HTML Notepad with browser support,
New Recording options, You can now record everything within Shells,
New SCP support you can upload and download files via browsing, (Integrated with Putty PSCP)
New Tufin Terminal Support
New Nokia Terminal Support
New HyperTerminal support for Win7
New External software support , you can now open debug outputs via WordPad or Wireshark,
New Confirmation dialogs and tooltips on commands
New Syslog Server supports Windows 7 and Server 2008

Basic way to test an IPS via Windows CLI

Telnet to a webserver behind the IPS and execute the command,

GET ../../etc/passwd HTTP/1.0      



Yo will see the HTTP_GET_Malformed signature triggered at SiteProtector

Also you can use this technique at pentests, it gives you to discover if there is an IPS or not.

Open a WireShark and examine the return packets, if you see RST packets or connection time-outs you can be sure that the IPS is active.

Steps are simple, Can be used for any IPS vendor.

Cagdas Ulucan



Checkpoint Reverse Proxy Configuration

Checkpoint Reverse Proxy listens requests from the Internet and forwars them to inside web servers, request connects to the proxy and may not be aware of the internal network.
This can be used for loadbalancing , publishing OCS and etc.

We need 2 rules for this,

Source: Any
Destination: http://www.test.com/
Service: HTTP -> test
Action: drop

Source: Any
Destination: internalipaddress

Service: HTTP
Action: Accept

URI Resource should be like this;

Difference between Install Policy and Install Database

In Some situations Ex: log server, Mail Alert settings and etc. related to SMC should be done with install database, Policy install doesnt include specific Install Database operations.

Always Keep in mind this not to waste your time.

magic number corrupted fwauth.NDB

Cant install policy to one of the cluster member,warning message : magic number corrupted

Copy the fwauth.NDB from  $FWDIR/conf/defaultDatabase  to $FWDIR/conf/database , reinstall policy.