checkpoint fw-1 usable scripts available !

checkpoint fw-1 usable scripts available !

Post by hans maye » Wed, 19 Nov 1997 04:00:00



hi all firewall admin !

there are 2 scripts, which i find very useful, look at:

ftp://ftp.bfl.at/pub/firewall

this scripts are only useful for admins, who
work with checkpoints firewall-1 version 2 or 3

fwrules.pl converts the rule-base-file ( *.W )
into human easy readable form.
( each rule per line )

fwobjects makes the objects.C readable.

both require perl version 5


======================================================================
usage: fwobjects { --all | --network-objects [--tn=type-list] |
                  --properties | --service-objects [--ts=type-list] }
                 [ --diff ] object_description_file

       fwobjects --help

       All options may be appreviated. Example: The command
          'fwobjects -n -tn=host objects.C'
       prints all network objects of type host.

       --all: List all objects (network objects, service objects and properties)
       --diff: Create report usable by the diff command

       type-list: comma-separated list of network object types or
                  service object types

       Network Object Types: domain, gateway, group, host, logical,
                             network, router, switch

       Service Object Types: group, icmp, other, rpc, tcp, udp

 
 
 

1. VPN connection to a CheckPoint Firewall / FW-1

I need to connect to a VPN from Fedora Core 1. The only way at the moment is to use CheckPoint SecureRemote,
because the VPN server is using CheckPoint Firewall / FW-1 ( dont know the version ).
It's a colocation site / data centre.

The alternatives that I have found are:

1) Use CheckPoint's SecureRemote on linux:

http://www.checkpoint.com/techsupport/downloads_sr.html

Unfortunately, it will only work with RedHat 7.2/7.3 kernels, specifically ( from their documentation ):

        RedHat Linux version 7.2 & 7.3, kernel versions 2.4.9-7, 2.4.9-33, 2.4.18-5 and 2.4.18-10

        http://www.checkpoint.com/techsupport/downloads/html/securemote/sr-5-...

2) Use FreeSWAN. However, FreeSWAN development has stopped.

CheckPoint has a document on how to connect from FreeSWAN:

        http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-lin...

Unfortunately, it is quite old ( was still referring to RH 6.2 ) and it looks like that you need a fixed IP on the client side.

3) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using user-mode-linux with Fedora as the host OS.

Unfortunately, binary only modules will not work with user-mode-linux kernels.

4) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using plex86 with Fedora as the host OS.

However, there has been no activitity on plex86

5) Use CheckPoint's SecureRemote on winnt4/win2k guest OS using bochs with Fedora as the host OS.

However, was told that this will be too slow for everyday use.

6) Use CheckPoint's SecureRemote on linux on a RH 7.x guest OS using bochs with Fedora as the host OS.

Have not tried yet

7) Use VMWare to run RH 7.2 guest OS on a Fedora host OS.

However, although it may work, it is an unsupported configuration since they will not support Fedora as the host OS.

        http://www.microway.com.au/catalog/vmware/vm_workstation_specs.stm

2. RPC error neighbour table overflow

3. FW-1 vs Checkpoint opinions wanted

4. KExpress

5. Checkpoint FW-1, Solaris Routing, and Two ISPs

6. ping src without su rights

7. Linux and Checkpoint FW-1

8. Job control question (Bash)

9. connecting to a VPN behiind CheckPoint FW-1

10. commercial firewall advice (checkpoint FW-1 under Linux?)

11. CHeckpoint FW-1 Trial version

12. telnetd on FW-1 checkpoint

13. cp fw-1 useful scripts new version