Top Configuration Issues To Look Out For In Check Point Firewalls
We have been running a webinar for a while now that discusses the top configuration-related mistakes we see people making with Check Point firewalls. Some of the sessions I ran myself!
Since many attendees asked for a document detailing the tips, we thought we’d make it available here.
Top checks to run regularly on your firewalls (once a month or so):
- Make sure NTP is not just configured but actually works. For example, in Gaia, you should go into clish, run “show ntp servers” and then go into expert mode. Once there, run “ntpdate -u <ntp_server_ip>” for each NTP server configured. Look for errors like “no server suitable for synchronization found”.
- Compare static routing tables between members of a cluster. We suggest running “netstat -rn | wc -l” as a first step to see if the number of routes is the same.
- Compare the CoreXL configuration across cluster members using “fw ctl multik stat”. Note that if your ClusterXL is in Ready state (shown in the output of “cphaprob stat”) it may be because the CoreXL configuration is different between the members of the cluster.
- Compare the SecureXL configuration across cluster members using “fwaccel stat”. Note that the only other way for you to know there is a configuration difference is to see a massive spike in CPU usage on the secondary cluster member when it becomes active.
- Make sure that no one has left debug on as it can really hog the CPU. To disable debug at the kernel level, run “fw ctl debug 0”. At the user level you need to use the “fw debug” command as described by Kellman Meghu.
In the webinar we go through a few more checks we recommend doing regularly. Come join us, it’s free!
Related content
Article Webinar: Check Point Network Security – A Customer Perspective
I had the pleasure to speak with Peter Lyndley, Senior Security Engineer at Softcat, in a recent webinar. Softcat has been an Indeni customer for many…
Article Indeni 8.1 Analytics Dashboard & Network Security Automation
New Platform Capabilities 1 – Analytics Dashboard We’ve been performing return on investment analysis using data from alert exports for business…
Article Highlights from CPX 360 2023
It was great to experience an in-person event again! Last week, I had an excellent week with the #CheckPoint community at CPX New York. It was filled with…
Article New Check Point Firewall Features, Highlights For 2023
After two years of shelter in place throughout much of 2020 and 2021 we welcomed back the in-person events in 2022, albeit, with some new safety measures.…