Software

ISP Redundancy Link Interface Cannot Be Created

While setting up ISP Redundancy on a Check Point cluster I ran into an issue preventing me from proceeding with my configuration.  I was eventually able to resolve this and felt that I would share with you and my future self the steps taken.

 

What is ISP Redundancy

ISP Redundancy enables reliable Internet connectivity by allowing a single or clustered Check Point Security Gateway to connect to the Internet via redundant Internet service provider (ISP) connections. If both links are active, connections pass through one link, or both links, depending on the operating mode. If one of the link fails, new connections are handled by the second link.

 

Configuration Steps

  1. Open the network object properties of the Security Gateway or cluster.
  2. Click Other > ISP Redundancy.
  3. Select Support ISP Redundancy.
  4. Select Load Sharing or Primary/Backup.
  5. Configure Links – Primary and Backup Connections
  6. Set tacking mode for Link failure and recovery
  7. Click OK — This is when I encounter my error

 

Error: Check Point SmartDashboard

At least one of your ISP Links lack a next hop IP Address configuration.
Note: next hop IP Address is also used to automatically monitor the ISP Link^s availability.

Error: Check Point SmartDashboard

ISP Redundancy configuration on clusters requires that the interfaces which lead to your ISPs, have the same names as the corresponding physical interfaces on the cluster^s members.

 

Resolution Steps Taken:

Discovered that the the interfaces in the topology tab did not have the same name on the vip (Virtual IP), so I changed to name so that all interfaces were matching.

After introducing the changes to the interface name of the vip, I retried the setup for ISP Redundancy and the issue resolved.

 

Check Point: SmartDashboard crashes when editing Management server object

I recently had an annoying issue with my Check Point Smart Dashboard.

Each time I connected to the Management with SmartConsole and editing the Security Management server object it causes an application crash. The crash would start with a UAC popup from the Windows registry:

Followed by the Check Point SmartSashboard application crash itself with the following message:

—————————
Check Point SmartDashboard
—————————
Check Point SmartDashboard has experienced a serious problem and must close immediately. Technical information will be saved in ‘C:\Program Files (x86)\CheckPoint\SmartConsole\R77.30\PROGRAM\data\crash_report\FwPolicy.exe_990180413_1516652973.zip’.
If problem persists contact technical support or consult sk97988 to check whether solution exists.

 

To correct this problem I attempted the following solutions
Please note:  The solution which worked is at the bottom of this blog post (skip away, if you wish).

From sk100507:

I attempted to resolve the problem,  by cleaning the SmartConsole cache on the Security Management server.

To do so, I had deleted the C:\Program Files (x86)\CheckPoint\SmartConsole\R7x.xx\PROGRAM\data\CPMICache\ <machine name>

This did not work.

 

From sk100507:

I followed the procedure for deleting the GUI cache from the management server itself via the following steps:

Connect to the command line on Security Management server (over SSH, or console).

  1. Log in to the Expert mode.
  2. Stop Check Point services:
    [Expert@HostName]# cpstop
  3. Backup and remove the current cache files:
    [Expert@HostName]# mkdir -v /var/log/GUI_cache_bkp
    [Expert@HostName]# mv $FWDIR/conf/applications.C* /var/log/GUI_cache_bkp/
    [Expert@HostName]# mv $FWDIR/conf/CPMILinksMgr.db* /var/log/GUI_cache_bkp/
  4. Start Check Point services:
    [Expert@HostName]# cpstart
  5. Wait for 5-10 minutes for the cache to rebuild.
  6. Connect with SmartDashboard to Security Management Server.

This did not work.

 

And.. Finally a solution that did resolve this issue
From sk110712 – SmartConsole / SmartDashboard crashes when editing Management server object

Symptoms:

Connecting to Management R77.30 or R77.30.X with SmartConsole R77.30 and editing the Security Management server object causes an application crash.

Resolution:  By Using the GuiDBEdit Tool

 

  1. Close all SmartConsole windows.
  2. Connect to Security Management Server with GuiDBedit Tool.
  3. Navigate to Network Objects -> network_objects -> <Security Management object> -> portals
  4. Right-click and reset the portals.
  5. Save the changes: go to ‘File’ menu – click on ‘Save All’.
  6. Close the GuiDBedit Tool.
  7. Connect to Security Management Server / Domain Management Server with SmartDashboard.

 

This worked and problem now resolved

Hyper-V Virtualization: Turning Hyper-V On and Off

I recently started using Hyper-V on my Windows 10 workstation to task advantage of using technologies such as Docker that leverages Hyper-V to run its container images.  I also run VMware Player for running virtual machines.

The following commands make it a simpler task to toggle Hyper-V on and off again.

To Turn Hyper-V off, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype off

To turn Hyper-V back on, run the following command then restart your computer:

bcdedit /set hypervisorlaunchtype on (or auto start)

 

Note:  Quick method to check the status of Hyper-V – Get-WindowsOptionalFeature -Online -FeatureName *hyper*

Microsoft: Meltdown and Spectre Check via PowerShell

Like many folks around the world, I was wondering if this Meltdown and Spectre flaw would impact my computers and virtual machines.  Microsoft has started to release emergency fixes for Windows 10 and its been said that Windows 8 and legacy 7 will also receive patches.

Microsoft has released a PowerShell script that lets users check whether they have protection in place.

Steps to take:

  1. Open PowerShell (I like to use PowerShell ISE)
  2. Run PowerShell as as Administrator.
  3. Type Install-Module SpeculationControl and press Enter.
  4. When the installation completes, type Import-Module SpeculationControl and press Enter.
  5. Type Get-SpeculationControlSettings and press Enter.

In the list of results that’s displayed, you’re looking to see that a series of protections are enabled — this will be listed as True.  Ref: https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

Should reassemble 

Speculation control settings for CVE-2017-5715 [branch target injection]

  • Hardware support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is present: True
  • Windows OS support for branch target injection mitigation is enabled: True

Speculation control settings for CVE-2017-5754 [rogue data cache load]

  • Hardware requires kernel VA shadowing: True
  • Windows OS support for kernel VA shadow is present: True
  • Windows OS support for kernel VA shadow is enabled: True
  • Windows OS support for PCID optimization is enabled: True

 

 

 

Network Wide Ad & Malicious Website Blocking | Pi-Hole

For a few months now I have used the software package named Pi-Hole as an internal network DNS server to prevent ad sites in addition to malicious websites from being accessible form compute resources on my home network.

Pi-Hole is a small install that can be installed on any Linux system and it works like a charm.

Install is simple, just run the following command:

curl -sSL https://install.pi-hole.net | bash

Answer a few questions about how you would like the software configured and your up and running.

This is a very useful software this gives you many options to report on the activity of the systems on your network and what connections were requested and those blocked.

For more information and details please visit: https://pi-hole.net/

The following video also shows the installation process via a Putty SSH session.

 

Malicious Listsused to block phishing, and malware sites

 

https://v.firebog.net/hosts/Airelle-hrsk.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
https://mirror1.malwaredomains.com/files/justdomains
https://hosts-file.net/exp.txt
https://hosts-file.net/emd.txt
https://hosts-file.net/psh.txt
https://mirror.cedia.org.ec/malwaredomains/immortal_domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
https://v.firebog.net/hosts/Prigent-Malware.txt
https://v.firebog.net/hosts/Prigent-Phishing.txt
https://raw.githubusercontent.com/quidsup/notrack/master/malicious-sites.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
https://v.firebog.net/hosts/Shalla-mal.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/data/add.Risk/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

 

*Update*

Almost 50% of my home network traffic is junk, and so is yours. Do something about it, because your privacy is being taken from you and sold.

https://lnkd.in/eASeWW5