Feb 282017
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I am continuing and extending the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU and Memory for 1450 & 1470 (Thanks to Florian Hildinger)

Continue reading »

Feb 212017
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I am continuing and extending the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU and Memory for 1430 (Thanks to Florian Hildinger)

Continue reading »

Feb 102017
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I am continuing and extending the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • New appliance 3100
  • New appliance 5100
  • New appliance 5900
  • Maxmimum memory for 5400
  • Maxmimum memory for 5600
  • Maxmimum memory for 5800
  • Maxmimum memory for 15400
  • Maxmimum memory for 15600
  • Maxmimum memory for 23500
  • Maxmimum memory for 23800

Continue reading »

Feb 092017
 

I am on my journey back from the Barcelona Sales Kick-Off of Check Point. We were presented the new appliances and while sitting at the airport I realize that they are already on the website. These are the new appliances: 3100, 5100 and 5900. The 5900 is really exciting with up to 32 GB RAM and dual hot-swap HDD or SSD. This system seem to fit perfectly between 5800 and 15400.

VSX R77.30 is quite a good implementation with some annoying flaws – but really worth using it. The now announced features for VSX in R80.10 and beyond will make it even a by far more mature OS. I am really looking forward to the first implementations. Stay tuned.

Jan 232017
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I am continuing and extending the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU & Memory 1490 (Thanks to Christoph Murth)

Continue reading »

Jan 212017
 

Have you ever been frustrated that simple scripting is a problem when doing things on your Check Point firewall? There is a reason why compilers and scripting tools are very limited on such devices. The less options a potential attacker finds to do harm with the better.

As far as I remember from different trainings Check Point uses a GCC compiler to build the policies. But this compiler is said to be stripped down to a large extent.

And there exists Python within GAiA. I would not suggest to use this Python on a gateway, but on a management server it could be very useful.

This is how you start python:

[Expert@cp2205:0]# $FWDIR/Python/bin/python
Python 2.7.3 (default, Jun 27 2012, 14:41:05)
[GCC 3.2.3 20030502 (Red Hat Linux 3.2.3-20)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
Python usage is limited in Check Point security gateway

The last line is true. We will see it in a few moments. Let’s try with a simple script: Continue reading »

Dec 082016
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I will try to continue and extend the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU 5400 (Thanks to Anonymous)
  • 16 GB memory option for 5200 (Thanks to Florian Hiildinger)

Continue reading »

Nov 182016
 

SandBlast is wonderful

In my humble opinion, SandBlast Threat Emulation is one of the most effective software blades Check Point has ever built. I saw it rescuing some customers asses in the zenith of Locky & Co.

It is very smart with SMTP and filters out malicious mails in a wonderful way. Nearly one year ago one of our customers was heavy under attack with malicious PDFs coming in to about 1,500 different end users within 10 minutes. The file hash was changing nearly every fifth file. I could easily spot this from SmartLog.

Nothing bad happened to the customer besides some time of mail congestion, but every little piece of malware was sorted out by Check Point SandBlast Threat Emulation. Wonderful, really wonderful. Continue reading »

Nov 172016
 

For years Tobias Lachmann posted a list of Check Point hardware, for the last time on July 30th 2015. I will try to continue and extend the list for the new appliances. Therefore I need your contribution. If you have an appliance at your fingers please be so kind to issue these commands
cat /proc/cpuinfo > lachmann.txt
cat /proc/meminfo >> lachmann.txt

and sent the file lachmann.txt with the appliance type as subject to lachmannlist@fink.sh. I will try to update the list by time.

Updates:

  • CPU 5200 (Thanks to Magnus Holmberg)
  • CPU 3200 (Thanks to Thomas R.)
  • CPU/Mem TE2000X HPP (Christoph Murth)

Continue reading »

Nov 012016
 

Today I learned something astonishing about cache implementation.

What I thought before: When I have a cache with 20,000 entries and it fills up, I would define two marks. Let’s call them “high watermark” and “low watermark”. When the number of entries reaches the high watermark I will start to delete the most unused entries until we reach the low watermark. Let’s call this process “garbage collection”, furthermore.  Continue reading »