Starting CCSE Training on Monday. TOPICS Management Upgrade and Migration Management High Availability Security Gateway Upgrades Advanced Check Point Maintenance Security Gateway Operations Policy Installation Gaia and Management APIs Acceleration Site-to-Site VPN Remote Access VPN Mobile Access VPN Clustering Advanced Logs and Monitoring Links https://www.checkpoint.com/downloads/training/CCSE_Overview_Flyer.pdf
BGP – Asymmetric Routing Fortigate or when it is the policy
Change the Setup to have two dedicated links from the fortigate to the Edgerouter. Internal6 and 7 on the Fortigate and eth4 on the edgerouters. Note to myself Policy blocked the traffic. Needed to change the source interfaces to include i6 and i7. config firewall policy edit 1 set srcintf internal1.997 next end Links https://community.fortinet.com/t5/FortiGate/Technical-Note-Reverse-Path-Forwarding-RPF-implementation-and/ta-p/194382
BGP – Do not advertise a network
Remove routes from Advertisement on a Forigate firewall Not to myself: 10.255.32.0/20 was wired on C1, local pref was missing. so it might make sens to add this to all incoming routes 'set local-preference 100', incoming there is no issue. show router route-map show router route-map config router route-map edit "EBGP-OUT-R2" config rule edit 1 …
BGP – Prevent becoming a Transit-AS
AS-Path FilteringNo-export CommunityPrefix-list FilteringDistribute List Filtering AS-Path Filtering ip as-path access-list 1 permit ^$ neighbor x.x.x.x filter-list 1 out No-export Community ip bgp-community new-format route-map NO-EXPORT ​set community no-export neighbor x.x.x.x route-map NO-EXPORT in neighbor x.x.x.x send-community Prefix-list Filtering ip prefix-list NO-TRANSIT permit x.x.x.x/x neighbor x.x.x.x prefix-list NO-TRANSIT out Distribute List Filtering access-list x deny x.x.x.x y.y.y.y …
BGP – MultiHoming
Cisco cisco01config show ip bgp summaryshow ip routeshow ip bgpcisco02config show ip bgp summaryshow ip routeEdgeRouter-Xedge01configshow ip routeedge02configshow ip routeFortiGateconfigget router info routing-table detailsTestsChanging the AS Numbersshow ip routeshow ip bgpOptimizing route mapscisco1show ip bgp neighbors 10.255.80.29 received-routesshow ip bgpshow ip routecisco2show ip bgp neighbors 10.255.80.28 received-routesshow ip routeBGP Prevent becoming an Transit ASNo-Export CommunityLinks …
Check Point – CCSA
So this one is done. https://www.credly.com/badges/5f6ac312-1694-404e-a46d-841b8191fe20/public_url
Fortinet – Named Static Routes
Fortinet Firewalls support the use of address objects in static routes. This includes individual address objects, address groups and FQDN address objects. This feature is particularly useful if you have numerous VPN connections or if you reach the maximum number of configurable static routes on the gateway. For example, lower-end models like the 60E support …
Kimai2 – SQL
Sample QueryCreate Stored ProcedureCall the procedure Do we have stored procedures? Sample Query SELECT u.username as Username, c.name as Customer, DATE_FORMAT(t.start_time,'%Y-%m') as Date, FORMAT(SUM(t.duration) / 3600, 0) as Duration FROM kimai2_timesheet t LEFT JOIN kimai2_projects p ON t.project_id = p.id LEFT JOIN kimai2_customers c ON p.customer_id = c.id LEFT JOIN kimai2_users u ON t.user = …
Check Point – VSX Upgrade
Note to my self. Since i am not dealing with VSX Systems that often, please be reminded. When dealing with VSX Gateways/Clusters to finalize the upgrade the SMS needs to Upgrade the VSX Objects in the SMS Database. [Expert@CheckPointSMS:0]# vsx_util upgrade ****************************************************************************************** * Note: the operation you are about to perform changes the information in …
Check Point – Security Gateway internal statistics
fw ctl pstat Links fw ctl pstat (checkpoint.com)
Patrick Marc's Networks 