Check Point Hardware Diagnostic Tool for Hardware and OS

Check Point Firewalls Diagnostic Tool

Below are samples of hidden issues that maybe lurking in your network environment.

Keep the clocks in sync

You’ve gone through the trouble of configuring the use of NTP on all of your firewalls. It worked at the time you’ve configured it. Then, months later, while troubleshooting an issue you realize the clock is no longer set correctly.

indeni constantly tests the current NTP configurations on a gateway. If NTP fails consistently for 24 hours we alert. The reason for the 24 hour threshold is to avoid alerting for any maintenance being done to your NTP server.

Commands used: ntpdate, ntpdq, etc. (depending on OS).

Monitor interfaces for drops, errors, collisions, etc.

Drops usually occur when the traffic load is more than the interface can handle, or the CPU can take off the interface (RX buffers).

Errors usually occur when the duplex settings are wrong.

Collisions usually occur when you have a setup from hell or simply outdated.

Whatever it is, you need someone to keep an eye and tell you when there are more drops, errors and collisions than there should be. It would be great if that someone would also tell you what interface it’s on, the speed+duplex settings for that interface, the IP addresses, MAC address, etc.

Commands used: ifconfig -a, ethtool.

Identify cluster misconfiguration

When configuring a Check Point cluster you need to make sure you get a lot of things right. Then, as time goes by, changes are made to the active member and sometimes they are not made to the standby member.

Or, as we’ve had seen more than once or twice, a device gets RMAed and the configurations on the new device aren’t exactly the same as the old device.

Whatever it is, you need to make sure the configurations match. indeni does that for you.

Commands used: netstat -rn (comparing routes), fw ctl multik stat, fwaccel stat, fw ctl get int <all_kparams>, cpstat fw, etc.  Files reviewed: all .conf and .def files.

Track processes, know when there are issues

pdpd, routed, gated, cpd, fwd, … all these daemons need watching. You need to know when they crash, recycle, core dump, memory leak or simply behave funny.

indeni is well aware of these processes and the need to track them. The moment a process misbehaves, you will be notified.

Commands used: ps (various flags). Data sources: various directories containing core dump files.

Ensure you’re covered – with licenses and contracts

Do you have the right licenses? Are you exceeding capacity? Are your contracts being renewed on time? Will you continue to get your IPS signature updates?

Sometimes it can be difficult to stay on top of everything. In case you’ve missed something, indeni is there to point it out to you. Not saying you will, but just in case.

Data sources: licenses and contracts stored in the management database. Commands used: cplic print.

Discover Management HA sync issues before your next DR exercise

You’ve set up two management servers in HA. It all worked flawlessly and you’re ready for when your primary data center disappears. Or at least, the next DR exercise.

Then, when you actually want to switch to the standby server you discover you’re in a bit of a situation. It didn’t sync for months and nobody noticed. Do not worry, indeni notices.

Commands used: our little secret :)

Certificate expiration tracking

Certificates are commonly used in secure communications. In the case of Check Point Firewalls, they are used in SIC (Secure Internal Communication), VPNs (some) and OPSEC connections.

Keeping track of which certificate is being used and when it’s about to expire can be tricky. indeni does that for you. You’ll get an alert before a certificate expires, so you have enough time to renew it.

Data sources: the certificates stored in the internal CA.

Ready to learn more? Download the Check Point solution brief here.

Related content

Micetro 11.1 boosts DHCP management for Cisco Meraki SD-WAN

Learn how BlueCat Micetro 11.1 can help you overcome the limitations of Cisco Meraki SD-WAN devices to manage your distributed DHCP architecture.

Read more
Banner announcing BlueCat's acquisition of LiveAction, displaying both logos and the phrase "We're about to get bigger."

BlueCat acquires LiveAction to drive network modernization and optimization

BlueCat’s acquisition of LiveAction will allow customers to expand their view beyond DNS and dive deeper into the health of their network.

Read more

Simplify NIS2 compliance with DNS management

Learn whether the EU’s NIS2 requirements apply to your organization and about how DNS management and BlueCat can boost your path to compliance.

Read more

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Unlock the secrets to modernizing your IT network! Join our webinar on January 23 to learn how self-service DNS and DHCP can help you solve the cloud puzzle.