Thursday, September 14, 2017

Command to Flush DNS Cache in MacOS

sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder
say cache flushed

Checkpoint Firewall Ports

Check Point General Common Ports

257tcpFireWall-1 log transfer
18208tcpCPRID (SmartUpdate)
18190tcpSmartDashboard to SCS
18191tcpSCS to FW-1 gateway for policy install
18192tcpSCS monitoring of firewalls (SmartView Status)

Check Point SIC Ports

18209tcpNGX Gateways <> ICAs (status, issue, or revoke).
18210tcpPulls Certificates from an ICA.
18211tcpUsed by the cpd daemon (on the gateway) to receive Certificates.


94TCPEncryption IP protocols fwz_encapsulation (FW1_Eencapsulation)
137BothNetbios-ns NETBIOS Name Service
138Bothnetbios-dgm NETBIOS Datagram
139Bothnetbios-ssn NETBIOS Session
256TCPFW1 (fwd) policy install port FWD_SVC_PORT
257TCPFW1_log FW1_log FWD_LOG_PORT
261TCPFW1_snauth Session Authentication Daemon
262TCPMDQ – mail dequer
264TCPFW1_topop Check Point SecureClient Topology Requests
265TCPFW1_key Check Point VPN-1 Public key transfer protocol

8116UDPCheck Point HA SyncMode= CPHAP (new sync mode)
8116UDPConnection table synchronization between firewalls
9000Command Line Port for Secure Client
10001TCPDefault CPRSM listener port for coms with RealSecure Console
18181TCPFW1_cvp Check Point OPSEC Content Vectoring Protocol
18182TCPFW1_ufp Check Point OPSEC URL Filtering Protocol
18183TCPFW1_sam Check Point OPSEC Suspicious Activity monitoring Proto (SAM API)
18184TCPFW1_lea Check Point OPSEC Log Export API
18185TCPFW1_omi Check Point OPSEC Objects Management Interface
18186TCPFW1_omi-sic Check Point OPSEC Objects management Interface with Secure Internal Communication
18187TCPFW1_ela Check Point OPSEC Event Loging API
18190TCPCPMI Check Point Management Interface
18191TCPCPD Check Point Daemon Proto NG
18192TCPCPD_amon Check Point Internal Application Monitoring NG
18193TCPFW1_amon Check Point OPSEC Appication Monitoring NG
18202TCPCP_rtm Check Point Real time Monitoring
18204TCPCE communication
18205TCPCP_reporting Check Point Reporting Client Protocol
18207TCPFW1_pslogon Check Point Policy Server logon Protocol
18208TCPFW1_CPRID (SmartUpdate) Check Point remote Installation Protocol
18209TCPFWM CA for establishing SIC communication
18210TCPFW1_ica_pull Check Point Internal CA Pull Certificate Service
18211TCPFW1_ica_pull Check Point Internal CA Push Certificate Service
18212UDPConnect Control – Load Agent port
18213TCPcpinp: inp (admin server)
18214TCPcpsmc: SMC
18214UDPcpsmc: SMC Connectionless
18221TCPCP_redundant Check Point Redundant Management Protocol NG
18231TCPFW1_pslogon_NG Check Point NG Policy Server Logon Protocol
18231TCPNG listens on this port by default dtps.exe
18232TCPFW1_sds_logon Check Point SecuRemote Distribution Server Protocol
18233UDPCheck Point SecureClient Verification Keepalive Protocol FW1_scv_keep_alive
18262TCPCP_Exnet_PK Check Point Public Key Resolution
18263TCPCP_Exnet_resolve Check Point Extranet remote objects resolution
18264TCPFW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
19190TCPFW1_netso Check Point OPSEC User Authority Simple Protocol
19191TCPFW1_uaa Check point OPSEC User Authority API
65524FW1_sds_logon_NG Secure Client Distribution Server Protocol (VC and Higher)

Command to check on Checkpoint Bond Interface status

[Expert@fw01:0]# cphaprob -a if

Required interfaces: 3
Required secured interfaces: 1

Mgmt       Disconnected          non sync(non secured), multicast
bond0      UP                    non sync(non secured), broadcast, bond Load Sharing
bond1      UP                    non sync(non secured), broadcast, bond Load Sharing
bond2      UP                    sync(secured), multicast, bond Load Sharing

[Expert@fw01:0]# cphaconf show_bond -a

                                      |Slaves     |Slaves |Slaves
Bond name  |Mode               |State |configured |in use |required
bond0      | Load Sharing      | UP   | 2         | 2     | 1
bond1      | Load Sharing      | UP   | 2         | 2     | 1
bond2      | Load Sharing      | UP   | 1         | 1     | 0

UP!               - Bond interface state is UP, yet attention is required
Slaves configured - number of slave interfaces configured on the bond
Slaves in use     - number of operational slaves
Slaves required   - minimal number of operational slaves required for bond to be UP

[Expert@fw01:0]# cphaconf show_bond bond0

Bond name:      bond0
Bond mode:      Load Sharing
Bond status:    UP
Balancing mode: 802.3ad Layer3+4 Load Balancing
Configured slave interfaces: 2
In use slave interfaces:     2
Required slave interfaces:   1

Slave name      | Status          | Link
eth3-03         | Active          | Yes
eth3-01         | Active          | Yes

[Expert@fw01:0]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.2.4 (January 28, 2008)

Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 200
Down Delay (ms): 200

802.3ad info
LACP rate: slow
Active Aggregator Info:
        Aggregator ID: 1
        Number of ports: 2
        Actor Key: 33
        Partner Key: 1
        Partner Mac Address: 00:35:1a:d9:33:00

Slave Interface: eth3-03
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:50
Aggregator ID: 1

Slave Interface: eth3-01
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:1c:7f:61:90:4e
Aggregator ID: 1