Capture and Monitor traffic Checkpoint

# fw accel off (Turn Off secureXL)

# tcpdump -nei eth1-08 port 22 or 23 -w /var/log/FTP_tcpd_ethx.pcap
# tcpdump -nei Mgmt port 22 or 23 -w /var/log/FTP_tcpd_ethy.pcap

# fw monitor -p all -e ‘accept host(10.50.x.);’

# fw monitor -e “accept src=10.200.7.30 and dst=172.24.32.101;”
# fw monitor -e “accept dst=10.200.7.30 and src=172.24.32.101;”

# fw monitor -p all -e ‘accept host(10.50.x.);’ -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -e “accept port(22) or port(23);” -o /var/log/FTP_fwmon_.pcap
# fw ctl zdebug drop > /var/log/FTP_fwdrop.dbg

# fw monitor -p all -e ‘accept host(193.112.66.10);’ -o /var/log/Mon_internal1.pcap
# fw ctl zdebug drop | grep 193.112.66.10 > /var/log/Mon_fwdrop1.dbg

# fw monitor -p all -e ‘accept net(172.18.92.0,24);’ -o /var/log/Mon_internal1.pcap

# fw monitor -p all -e ‘accept host(52.3.211.188);’ -o /var/log/Mon_external.pcap
# fw ctl zdebug drop | grep 52.3.211.188 > /var/log/Mon_fwdrop2.dbg

# fw accel on

Debug ip scp

debug ip scp

To troubleshoot secure copy (SCP) authentication problems, use the debug ip scp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ip scp

no debug ip scp

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release Modification
12.2(2)T This command was introduced.
12.0(21)S This command was integrated into Cisco IOS Release 12.0(21)S.
12.2(22)S This command was integrated into Cisco IOS Release 12.2(22)S.
12.2(25)S This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(18)SXD This command was integrated into Cisco IOS Release 12.2(18)SXD.

Examples

The following example is output from the debug ip scp command. In this example, a copy of the file scptest.cfg from a UNIX host running configuration of the router was successful.

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv C0644 20 scptest.cfg
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv 20 bytes
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <OK>
4d06h:SCP:[22 -> 10.11.29.252:1018] send <OK>
4d06h:SCP:[22 <- 10.11.29.252:1018] recv <EOF>

The following example is also output from the debug ip scp command, but in this example, the user has privilege 0 and is therefore denied:

Router# debug ip scp
4d06h:SCP:[22 -> 10.11.29.252:1018] send Privilege denied.

Related Commands

Command Description
ip scp server enable Enables SCP server-side functionality.

Script to create objects from a text file and add it to an object-group

New mgmt_cli method:
#mgmt_cli add network –batch IPs-ListFile.csv -r true

Excel sheet file format with column headings:
name,subnet,subnet-mask

Old DBEdit Method:
foreach($ip in Get-Content ip1.txt){
Write-Host “create host_plain BlkIP_$ip”
Write-Host “modify network_objects BlkIP_$ip ipaddr $ip”
Write-Host “addelement network_objects Blocked_IP1 ” network_objects:BlkIP_$ip”
Write-Host “update network_objects Blocked_IP1”
}

Checkpoint Log Collection (LogRhythm) (OPSEC LEA (Log Export API))

Configuration Summary:
1. Add a Host Node for the System Monitor.
2. Add an OPSEC Application in SmartDashboard R8.
3. Record Check Point Log Server Entity SIC Name.
4. Add a Firewall Rule for Management Station (Optional).
5. Pull OPSEC Application SIC Certificate (LR end).
6. Add a Firewall Rule for the Log Server (Optional).
7. Install Updated Policy (Optional).
8. Create the System Monitor Configuration File (LR end).
9. Add a Check Point Log Source (LR end).
10. Troubleshoot (LR end).

Detailed Steps:

https://onlinehelp72.logrhythm.com/#5DeviceGuides/CheckPointLogData.htm?Highlight=checkpoint%20opsec

CCNA/CCNP/CCIE RnS

CCNA/CCNP RnS Study Notes (Private)
CCIE Study Notes (Private)
1.0 Easy transfer of files to/from Cisco Router (SCP file transfer to and from)
1.1 Cisco SCP getting privileged denied
1.2 Debug SCP
2.0 Using the CLI to install an IOS in .tar format.
3.0 Automated and Secure Configuration Backups of Cisco Routers and Switches with Auto Archive
4.0 How to use the Cisco IOS Policy-Based Routing Features(PBR)(Route Maps)
4.1 Policy Based Routing (PBR)(Route Maps)(Youtube)
4.2 PBR: Route a packet based on source IP address
5.0 CONFIGURING STATIC ROUTE TRACKING USING IP SLA (BASIC)
5.1 CONFIGURING POLICY-BASED ROUTING (PBR) WITH IP SLA TRACKING – AUTO REDIRECTING TRAFFIC
6.0 802.1x
6.1 A simple wired 802.1X lab
7.0 SNMP configuration examples
8.0 Storm Control on Switch Ports
9.0 NAT Traversal tutorial – IPSec over NAT
10.0 See CPU utilization