Thursday, September 14, 2017

Command to Flush DNS Cache in MacOS

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
say cache flushed

Checkpoint Firewall Ports

Check Point General Common Ports

257tcpFireWall-1 log transfer
18208tcpCPRID (SmartUpdate)
18190tcpSmartDashboard to SCS
18191tcpSCS to FW-1 gateway for policy install
18192tcpSCS monitoring of firewalls (SmartView Status)

Check Point SIC Ports

18209tcpNGX Gateways <> ICAs (status, issue, or revoke).
18210tcpPulls Certificates from an ICA.
18211tcpUsed by the cpd daemon (on the gateway) to receive Certificates.


94TCPEncryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137BothNetbios-ns NETBIOS Name Service
138Bothnetbios-dgm NETBIOS Datagram
139Bothnetbios-ssn NETBIOS Session
256TCPFW1 (fwd) policy install port FWD_SVC_PORT
257TCPFW1_log FW1_log FWD_LOG_PORT
261TCPFW1_snauth Session Authentication Daemon
262TCPMDQ – mail dequer
264TCPFW1_topop Check Point SecureClient Topology Requests
265TCPFW1_key Check Point VPN-1 Public key transfer protocol

8116UDPCheck Point HA SyncMode= CPHAP (new sync mode)
8116UDPConnection table synchronization between firewalls
9000Command Line Port for Secure Client
10001TCPDefault CPRSM listener port for coms with RealSecure Console
18181TCPFW1_cvp Check Point OPSEC Content Vectoring Protocol
18182TCPFW1_ufp Check Point OPSEC URL Filtering Protocol
18183TCPFW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)
18184TCPFW1_lea Check Point OPSEC Log Export API
18185TCPFW1_omi Check Point OPSEC Objects Management Interface
18186TCPFW1_omi-sic Check Point OPSEC Objects management Interface with Secure Internal Communication
18187TCPFW1_ela Check Point OPSEC Event Loging API
18190TCPCPMI Check Point Management Interface
18191TCPCPD Check Point Daemon Proto NG
18192TCPCPD_amon Check Point Internal Application Monitoring NG
18193TCPFW1_amon Check Point OPSEC Appication Monitoring NG
18202TCPCP_rtm Check Point Real time Monitoring
18204TCPCE communication
18205TCPCP_reporting Check Point Reporting Client Protocol
18207TCPFW1_pslogon Check Point Policy Server logon Protocol
18208TCPFW1_CPRID (SmartUpdate) Check Point remote Installation Protocol
18209TCPFWM CA for establishing SIC communication
18210TCPFW1_ica_pull Check Point Internal CA Pull Certificate Service
18211TCPFW1_ica_pull Check Point Internal CA Push Certificate Service
18212UDPConnect Control – Load Agent port
18213TCPcpinp: inp (admin server)
18214TCPcpsmc: SMC
18214UDPcpsmc: SMC Connectionless
18221TCPCP_redundant Check Point Redundant Management Protocol NG
18231TCPFW1_pslogon_NG Check Point NG Policy Server Logon Protocol
18231TCPNG listens on this port by default dtps.exe
18232TCPFW1_sds_logon Check Point SecuRemote Distribution Server Protocol
18233UDPCheck Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive
18262TCPCP_Exnet_PK Check Point Public Key Resolution
18263TCPCP_Exnet_resolve Check Point Extranet remote objects resolution
18264TCPFW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
19190TCPFW1_netso Check Point OPSEC User Authority Simple Protocol
19191TCPFW1_uaa Check point OPSEC User Authority API
65524FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher)

Command to check on Checkpoint Bond Interface status

[Expert@fw01:0]# cphaprob -a if

Required interfaces: 3
Required secured interfaces: 1

Mgmt       Disconnected          non sync(non secured), multicast
bond0      UP                    non sync(non secured), broadcast, bond Load Sharing
bond1      UP                    non sync(non secured), broadcast, bond Load Sharing
bond2      UP                    sync(secured), multicast, bond Load Sharing

[Expert@fw01:0]# cphaconf show_bond -a

                                      |Slaves     |Slaves |Slaves
Bond name  |Mode               |State |configured |in use |required
bond0      | Load Sharing      | UP   | 2         | 2     | 1
bond1      | Load Sharing      | UP   | 2         | 2     | 1
bond2      | Load Sharing      | UP   | 1         | 1     | 0

UP!               - Bond interface state is UP, yet attention is required
Slaves configured - number of slave interfaces configured on the bond
Slaves in use     - number of operational slaves
Slaves required   - minimal number of operational slaves required for bond to be UP

[Expert@fw01:0]# cphaconf show_bond bond0

Bond name:      bond0
Bond mode:      Load Sharing
Bond status:    UP
Balancing mode: 802.3ad Layer3+4 Load Balancing
Configured slave interfaces: 2
In use slave interfaces:     2
Required slave interfaces:   1

Slave name      | Status          | Link
eth3-03         | Active          | Yes
eth3-01         | Active          | Yes

[Expert@fw01:0]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200

802.3ad info
LACP rate: slow
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 33
        Partner Key: 1
        Partner Mac Address: 00:35:1a:d9:33:00

Slave Interface: eth3-03
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:50
Aggregator ID: 1

Slave Interface: eth3-01
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:4e
Aggregator ID: 1

Sunday, September 25, 2016

Linux command to install software for various Distro

Ubuntu (*buntu, Mint linux)
Apt-get install
apt-get update
apt-get remove
apt-get dist-upgrade
apt-get purge

yum install
yum update
yum remove

yast2 --install
yast2 --remove



emerge package    # Install
emerge -C package # Remove a package
emerge -s keyword # Search for packages (package names only)
emerge -u package # update the package 

pacman -U package.pkg.tar.xz # Local package install
pacman -Syy                  # Refresh package databases
pacman -Syu                  # Update installed packages
pacman -S package            # Install package
pacman -R package            # Remove package

Checkpoint Rule Processing Order

Rule Processing Order

The rule base is processed in order. However, other things happen in the security policy besides checking your defined rules. This is the order of operations:
  1. Anti-spoofing checks
  2. Rule base
  3. Network Address Translation
When you take into account the FireWall-1 global properties, you end up with the following order:
  1. Anti-spoofing checks
  2. "First" Implicit Rules
  3. Explicit Rules (except for the final rule)
  4. "Before Last" Implicit Rules
  5. Last Explicit Rule (should be cleanup rule)
  6. "Last" Implicit Rules
  7. Network Address Translation

Wednesday, October 9, 2013

SSH slowness

For those experiencing SSH slowness, you might want to take note of the following:

 If you are getting sluggish response in getting the login prompt, it might be due to the fact the the SSH server is trying to perform a reverse lookout on host your are initiating traffic from. Check to confirm it any firewall rules that might be preventing the ssh host from doing a reverse lookup. That might save you sometime to perform a thorough troubleshooting :)

Alternatively, you can just go to edit the sshd config file as follow:

sudo  vi /etc/ssh/sshd_config

comment out UseDNS  as per follow:

#UseDNS yes

and restart the ssh daemon

sudo service sshd restart


sudo systemctl restart sshd.

Happy SSH :)

Tuesday, January 15, 2013

CCIE Routing and Switching Lab Exam Topics (Blueprint) v4.0

The following topics are general guidelines for the content likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Exam Sections and Sub-task Objectives
1.00 Implement Layer 2 Technologies √
1.10 Implement Spanning Tree Protocol (STP)
(a) 802.1d
(b) 802.1w
(c) 801.1s
(d) Loop guard
(e) Root guard
(f) Bridge protocol data unit (BPDU) guard
(g) Storm control
(h) Unicast flooding
(i) Port roles, failure propagation, and loop guard operation
1.20 Implement VLAN and VLAN Trunking Protocol (VTP)
1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance
1.40 Implement Ethernet technologies
(a) Speed and duplex
(b) Ethernet, Fast Ethernet, and Gigabit Ethernet
(c) PPP over Ethernet (PPPoE)
1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
1.60 Implement Frame Relay
(a) Local Management Interface (LMI)
(b) Traffic shaping
(c) Full mesh
(d) Hub and spoke
(e) Discard eligible (DE)
1.70 Implement High-Level Data Link Control (HDLC) and PPP
2.00 Implement IPv4
2.10 Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)
2.20 Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)
2.30 Implement IPv4 RIP version 2 (RIPv2)
2.40 Implement IPv4 Open Shortest Path First (OSPF)
(a) Standard OSPF areas
(b) Stub area
(c) Totally stubby area
(d) Not-so-stubby-area (NSSA)
(e) Totally NSSA
(f) Link-state advertisement (LSA) types
(g) Adjacency on a point-to-point and on a multi-access network
(h) OSPF graceful restart
2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)
(a) Best path
(b) Loop-free paths
(c) EIGRP operations when alternate loop-free paths are available, and when they are not available
(d) EIGRP queries
(e) Manual summarization and autosummarization
(f) EIGRP stubs
2.60 Implement IPv4 Border Gateway Protocol (BGP)

(a) Next hop
(b) Peering
(c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol (EBGP)
2.70 Implement policy routing
2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
2.90 Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features
3.00 Implement IPv6
3.10 Implement IP version 6 (IPv6) addressing and different addressing types
3.20 Implement IPv6 neighbor discovery
3.30 Implement basic IPv6 functionality protocols
3.40 Implement tunneling techniques
3.50 Implement OSPF version 3 (OSPFv3)
3.60 Implement EIGRP version 6 (EIGRPv6)
3.70 Implement filtering and route redistribution
4.00 Implement MPLS Layer 3 VPNs
4.10 Implement Multiprotocol Label Switching (MPLS)
4.20 Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers
4.30 Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)
5.00 Implement IP Multicast
5.10 Implement Protocol Independent Multicast (PIM) sparse mode
5.20 Implement Multicast Source Discovery Protocol (MSDP)
5.30 Implement interdomain multicast routing
5.40 Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)
5.50 Implement multicast tools, features, and source-specific multicast
5.60 Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD)
6.00 Implement Network Security
6.01 Implement access lists
6.02 Implement Zone Based Firewall
6.03 Implement Unicast Reverse Path Forwarding (uRPF)
6.04 Implement IP Source Guard
6.05 Implement authentication, authorization, and accounting (AAA) (configuring the AAA server is not required, only the client-side (IOS) is configured)
6.06 Implement Control Plane Policing (CoPP)
6.07 Implement Cisco IOS Firewall
6.08 Implement Cisco IOS Intrusion Prevention System (IPS)
6.09 Implement Secure Shell (SSH)
6.10 Implement 802.1x
6.11 Implement NAT
6.12 Implement routing protocol authentication
6.13 Implement device access control
6.14 Implement security features
7.00 Implement Network Services
7.10 Implement Hot Standby Router Protocol (HSRP)
7.20 Implement Gateway Load Balancing Protocol (GLBP)
7.30 Implement Virtual Router Redundancy Protocol (VRRP)
7.40 Implement Network Time Protocol (NTP)
7.50 Implement DHCP
7.60 Implement Web Cache Communication Protocol (WCCP)
8.00 Implement Quality of Service (QoS)

8.10 Implement Modular QoS CLI (MQC)
(a) Network-Based Application Recognition (NBAR)
(b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR), and low latency queuing (LLQ)
(c) Classification
(d) Policing
(e) Shaping
(f) Marking
(g) Weighted random early detection (WRED) and random early detection (RED)
(h) Compression
8.20 Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR), and policies
8.30 Implement link fragmentation and interleaving (LFI) for Frame Relay
8.40 Implement generic traffic shaping
8.50 Implement Resource Reservation Protocol (RSVP)
8.60 Implement Cisco AutoQoS
9.00 Troubleshoot a Network
9.10 Troubleshoot complex Layer 2 network issues
9.20 Troubleshoot complex Layer 3 network issues
9.30 Troubleshoot a network in response to application problems
9.40 Troubleshoot network services
9.50 Troubleshoot network security
10.00 Optimize the Network
10.01 Implement syslog and local logging
10.02 Implement IP Service Level Agreement SLA
10.03 Implement NetFlow
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
10.05 Implement Simple Network Management Protocol (SNMP)
10.06 Implement Cisco IOS Embedded Event Manager (EEM)
10.07 Implement Remote Monitoring (RMON)
10.08 Implement FTP
10.09 Implement TFTP
10.10 Implement TFTP server on router
10.11 Implement Secure Copy Protocol (SCP)
10.12 Implement HTTP and HTTPS
10.13 Implement Telnet