Checkpoint Firewall Configuration
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Checkpoint Firewall Configuration

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    9

    Cool Checkpoint Firewall Configuration

    Hi Folks,

    anybody know how to obtain checkpoint firewall configuration from the shell command.
    what file should I copy to see the configuration.

    TIA,
    --good_guy_id--

  2. #2
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Hi good_guy_id,

    I can tell you how to do this and dont mind doing so...But if you dont mind could you first explain why you need to do it this way? Surely having admin rights you should be able to see the policies through the Management station?

    Cheers
    V$D$
    I remember when Nihil was ickle. Does that mean I'm old?

  3. #3
    Junior Member
    Join Date
    Jan 2002
    Posts
    9

    Smile

    Hi VicE$DoS$,

    I need to audit the firewall rules.
    I only have an access to the checkpoint box through telnet with unprivilidge user.

    The checkpoint guys., do not allow me to access the box through the Management station

    if you don't mind , how is it? to obtain the config files.

    Thanks in Advance.
    good_guy_id

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    The reason you can't do this as an unpriveleged user is because YOU ARE NOT SUPPOSED TO. Don't you think it would defeat the purpose of a security device, if the configs were not secured?

    If you need to get the config files, the first thing you need to do is get proper access to the machine. After that is done, there are various methods you can use to get the config files. The best way is probably via the objects_5_0.C, but it is not gonna do you much good unless you can write yourself a PERL utility to format the data into something a little more readable.

    If you need to audit the firewall, ask your admin to get you a copy of the config...........

  5. #5
    Junior Member
    Join Date
    Jan 2002
    Posts
    9

    Cool

    Hi iNViCTuS,

    The reason i have to do this , is because i am at the auditor side, and the guys who administer the checkpoint as the auditee. He do not want me to look inside the F/W configuration. He ask me to do Pen-Test to the Box.

    Now , I have got the root access. How is it to obtain the config files? What files should I copy?

    Thanks. Rgrds.
    --Good_guy_id--

  6. #6
    Junior Member
    Join Date
    Oct 2003
    Posts
    2
    Interesting....

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    A few things....

    Firstly, why do you need a copy of the rulesets if you are doing a penetration test? (A typical hacker (who you are minicking during your "penetration test": does not have this luxury.)

    Secondly, you already have root access (or commonly refered to during a penetration test as being compromised).... surely your penetration test would now be finished, and the hosts security failed dismally??

    Thirdly, if someone came and audited my Firewalls, I wouldnt be too confident if they turned around and asked me where the ruleset configs are stored???
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Well...I think the previous post just about saysit all, but lets assume for a minute that you really do have root access and really do want the firewalls configs for auditing. Like I said before, I sure hope you are good at PERL in order to make sense of the config files, but anyway checkpoint stores its configs under $FWDIR/conf. Almost all the files here make up the entire config, but there are probably two sets of files that are most important. One of which I mentioned previously:

    objects_5_0.C - This is the firewall objects database. It will give you all the information about every object contained within the firewall. If you don't know what I mean when I say objects, you don't belong auditing a Checkpoint FW. BTW...this file will be called objects.C for Checkpoint prior to version NG.

    <rulebasename>.W - These files are the scripts use to generate the firewall policy before it is installed to the firewall enforcement point. They are compiled to .pf files and then sent to the firewall. Under $FWDIR/conf, you can look for *.W and *.pf to get the actual rulebase configuration, but without the objects_5_0.C, it will do you no good.

    I hope this helps, and to everyone else...this post was not necessarily intended as a solution to this specific thread, but is more of an informational post for any "legitimate" Checkpoint admins who may have wondered this.

  9. #9
    Senior Member VicE$DoS$'s Avatar
    Join Date
    Nov 2002
    Posts
    209
    Good_guy_id

    Depending on the system there are various management routes, but on most systems you can only get at the good stuff via the management Gui, which is either Smart Centre, or in some cases (Checkpoint Small Office for instance) a web Gui.

    From the command line you can configure remote machines to be allowed to connect using Smart Centre, so if you've lost your original management, you can set a new one up, and from the command line on the firewall permit this machine to manage the firewall. You should then be able to get into the rulebase.

    Erm I'm not sure what the **** you are actually trying to do,
    Personally I believe you are someone with very very special needs (prison)

    But if you really are doing a pentest for these guys then this information would be available to you even from a basic google search.

    Cheers
    V$D$
    I remember when Nihil was ickle. Does that mean I'm old?

  10. #10
    Junior Member
    Join Date
    Jan 2002
    Posts
    9

    Talking

    Thanks, guys,

    I learn a lot from all of U. I have got the config now.

    TIA,
    --good_guy_id--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •