On The Line

Posted on Jan 10, 2021.

NZISM & AUISM Reporting with Checkpoint Compliance Blade

The Checkpoint Compliance blade provides a lot of useful information for real time monitoring of various compliance standards like PCI, ISO and NIST. However for those of us in Australasia we also have local standards that require review.

Attached are some xlm files for importing that provide views on NZSIM and AUISM. Please note these are a work in progress but also a very good start. The AUISM overview document provides detail about what both xml files monitor when deployed.

NZISM

https://www.nzism.gcsb.govt.nz/ism-document/#1668

NZISM XML Definition

click here to download the New Zealand...

Posted on Jan 03, 2021.

Monitor Checkpoint VPN Use

As we move to a work from home environment it is important that we are able to monitor how a VPN is being used and who is using it. Here is a useful view for Checkpoint Smartevent to show who is using any Checkpoint VPN product and to consolidate the use for reporting purposes.

Feel free to download and experiment.

Instructions:

Also attached is a view you can run in Smartlog, how to use the view:

  1. Download & Virus Scan the file - trust no one
  2. Extract the file .cpr file to your desktop
  3. Import the view to SmartView application (SmartConsole or Web) - see image below
  4. Go to the view TAB

  5. Double ...

Posted on Dec 25, 2020.

Solarwinds Sunburst Detection using Checkpoint

Stop the Press...

Here is some useful syntax to detect Solarwinds Orion exploits CVE-2020-14005 & CVE-2020-13169 (Sunburst) when using Checkpoint Smartevent.

Paste this into your smartlog viewer to verify if you have been effected, run it from the beginning of December 2020 initially then all of time to be sure.

"solartrackingsystem.net" OR "virtualdataserver.com" OR "avsvmcloud.com" OR "freescanonline.com" OR "databasegalore.com" OR "digitalcollege.org" OR "incomeupdate.com" OR "deftsecurity.com" OR "highdatabase.com" OR "websitetheme.com" OR "thedoccloud.com" OR "panhardware.com" OR "avsvmcl...

Posted on Dec 22, 2020.

Fun with Fortitokens

Background

We have had a few issues with ftm-push in recent times so I thought I would document how we resolved the problems and how they manifested. Firstly, we upgraded a Fortigate to version 6.2.3 a while back and on doing this found that ftm-push no longer worked. Talking to other clients about this issue I determined that most don't use ftm-push becuase it didn't just work out of the box.

Now this issue may well be resolved in more current releases however it turns out that the following was required to resolve it for the curious.

The Issue

What we could see was on clicking ftm-push th...

Posted on Nov 30, 2020.

How to Secure Your Data in the Cloud

An excerpt about privacy from our webinar held in November 2020:

Posted on Nov 09, 2020.

Checkpoint Song

They say you can learn from history, well I certainly hope so in this case. So I was digging through some old CD's this week - yes CD's (harder than you think as finding a CD player is not easy).

Posted on Nov 06, 2018.

Managing Digital Certs and CSR in RSA AM

You have created one or more CSR (certificate signing requests), not all can be fulfilled for numerous reasons and you want to clean them up...

Posted on Aug 09, 2018.

Checkpoint and PPPOE

Well this was a fun task.  Rolling a Checkpoint F/W R77.30 out connected to a PPPOE circuit.

Posted on Mar 16, 2018.

Clone of an RSA Appliance

So the marketing says that you can run an RSA 8.x Appliance on VMWare and that the various facilities providing are supported. This is indeed true however there are a few things to watch for specifically when creating a clone of an appliance.