https://www.linickx.com/Tue, 11 Dec 2012 09:35:00 +0000https://www.linickx.com/checkpoint-gaia-tacacs-two-lines-of-config<p>If you have a checkpoint firewall, you probably know about <a href="http://www.checkpoint.com/gaia/">Gaia</a>... and if you have more than one firewall admin, you probably want to individually authenticate them to the operating system (<em>as apposed to a encrypted file of usernames &amp; passwords which get's passed around the office</em>)</p> <pre><code> add rba role TACP-0 domain-type System all-features set aaa tacacs-servers authentication server 10.10.10.10 key mysecretkey </code></pre> <p>What you need to know about the above...</p> <ul> <li>If a user can successfully authenticate by TACACS they become a super user, if you need different roles read up on "role based administration", <code>TACP-15</code> and the <code>enable_tacacs</code> command.</li> <li>The config has been tested on Cisco ACS 5.4, the default TACACS "<code>default device administration</code>" profile works with no changes.</li> <li>This is tacacs authentication only, authorization is handled by the local RBA.</li> </ul>nickTue, 11 Dec 2012 09:35:00 +0000tag:www.linickx.com,2012-12-11:checkpoint-gaia-tacacs-two-lines-of-configacscheckpointCiscogaiatacacshttps://www.linickx.com/checkpoint-encryption-failure-according-to-the-policy-the-packet-should-not-have-been-decrypted<p>The <a href="https://supportcenter.checkpoint.com/supportcenter/LoginRedirect.jsp?toURL=eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk21571%20">checkpoint sk article</a> isn't that helpful... what it should say is... If you have your encryption domain set as "<em>defined by topology</em>", then check your topology!</p>nickMon, 19 Nov 2012 15:59:00 +0000tag:www.linickx.com,2012-11-19:checkpoint-encryption-failure-according-to-the-policy-the-packet-should-not-have-been-decryptedcheckpointfirewallSecurityvpnhttps://www.linickx.com/check-point-ccse-r70<p><a href="/files/2011/03/CheckPoint_CCSE-R70.png"><img alt="CCSE R70" src="/files/2011/03/CheckPoint_CCSE-R70-300.png" title="Check Point CCSE R70" /></a></p>Nick BettisonWed, 09 Mar 2011 01:01:00 +0000tag:www.linickx.com,2011-03-09:check-point-ccse-r70certificatescheckpointCCSER70https://www.linickx.com/checkpoint-nokia-how-to-enable-ssh-thru-the-default-filter<p>I had lost this bookmark, saved here so I don't loose it again :)</p> <blockquote> <ul> <li>Solution Title: How do I control / change access using defaultfilter and initialpolicy?</li> <li>Solution ID: <a href="https://supportcenter.checkpoint.com/supportcente/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk41117">sk41117</a></li> </ul> </blockquote> <p>There are various options given in the article, this...</p> <pre><code>ipso[nick]# cp -p $FWDIR/conf/initial_module.pf $FWDIR/conf/initial_module.pf.OLD ipso[nick]# cp $FWDIR/lib/defaultfilter.ipso $FWDIR/conf/initial_module.pf ipso[nick]# comp_init_policy -g initial_module: Compiled OK. ipso[nick]# </code></pre> <p>... will do in most cases!</p>nickFri, 04 Sep 2009 09:56:00 +0100tag:www.linickx.com,2009-09-04:checkpoint-nokia-how-to-enable-ssh-thru-the-default-filterBlogcheckpointfirewallipsoNokiaSecurityhttps://www.linickx.com/check-point-ccse<p><a href="/files/2002/07/CheckPoint_CCSE.png"><img alt="Check Point CCSE" src="/files/2002/07/CheckPoint_CCSE-300.png" title="Check Point CCSE" /></a></p>Nick BettisonTue, 02 Jul 2002 03:03:00 +0100tag:www.linickx.com,2002-07-02:check-point-ccsecertificatescheckpointCCSEhttps://www.linickx.com/check-point-ccsa<p><a href="/files/2002/07/CheckPoint_CCSA.png"><img alt="Check Point CCSA" src="/files/2002/07/CheckPoint_CCSA-300.png" title="Check Point CCSA" /></a></p>Nick BettisonTue, 02 Jul 2002 02:03:00 +0100tag:www.linickx.com,2002-07-02:check-point-ccsacertificatescheckpointCCSAhttps://www.linickx.com/check-point-ccsa-2000<p><a href="/files/2001/07/CheckPoint_CCSA-2000.png"><img alt="CCSA 2000" src="/files/2001/07/CheckPoint_CCSA-2000-300.png" title="Check Point CCSA 2000" /></a></p>Nick BettisonMon, 09 Jul 2001 01:01:00 +0100tag:www.linickx.com,2001-07-09:check-point-ccsa-2000certificatescheckpointCCSAhttps://www.linickx.com/check-point-ccse-2000<p><a href="/files/2001/07/CheckPoint_CCSE-2000.png"><img alt="CCSE 2000" src="/files/2001/07/CheckPoint_CCSE-2000-300.png" title="Check Point CCSE 2000" /></a></p>Nick BettisonMon, 09 Jul 2001 01:01:00 +0100tag:www.linickx.com,2001-07-09:check-point-ccse-2000certificatescheckpointCCSA