Security Basics mailing list archives

RE: Checkpoint Firewall Configuration

From: "Hall, Spencer D" <shall () stvincentshealth com>
Date: Tue, 29 Jan 2008 14:38:22 -0500

If you have configured the firewall correctly you can report out of the Audit log which tracks administrative changes 
made to the configuration through the GUI.  It will not check for changes made using cpconfig.

Spencer D. Hall
Sr. Technology Engineer/ISO
Ascension Health - Southeast 
St. Vincent's - Jacksonville
Office:  904-308-7029
Fax:  904-384-2036
Cell:  904-477-4660

 Think before you print

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Andrea Gatta
Sent: Tuesday, January 29, 2008 11:40 AM
To: Hall, Spencer D; global.infosec () gmail com
Cc: security-basics () securityfocus com
Subject: Re: Checkpoint Firewall Configuration

Hi,
I guess that there are at least two ways to do that:

- use the database revision control from the GUI. Bear in mind that
this need to be maintained. Then you can simply work out main
difference between one revision
 and another

- use a script or anyway a batch procedure to check all the relevant
files under $FWDIR/conf just to start. Here are stored all the
critical files starting from global
 objects, users databases ad firewall policies. I'm quite sure there
are some tools out in the wild that can help you out on this.

Take into account that, depending on the way you deployed the firewall
architecture(stand alone or distributed), you might need to make same
checks on both management and firewall node side

Cheers,
Andrea


On 29 Jan 2008 06:04:25 -0000,  <global.infosec () gmail com> wrote:

We are in the process of auditing our Checkpoint confifuration. We need to capture the configuration details of the 
Firewall. The objective is to identify if any changes have occured to the configuration at any point of time.


How do we capture the firewall configuration for Audit purpose?


Thanks.


CONFIDENTIALITY NOTICE: This email message and any accompanying data or files is confidential and may contain 
privileged information intended only for the named recipient(s). If you are not the intended recipient(s), you are 
hereby notified that the dissemination, distribution, and or copying of this message is strictly prohibited. If you 
receive this message in error, or are not the named recipient(s), please notify the sender at the email address above, 
delete this email from your computer, and destroy any copies in any form immediately.  Receipt by anyone other than the 
named recipient(s) is not a waiver of any attorney-client, work product, or other applicable privilege.

Current thread:

Checkpoint Firewall Configuration global . infosec (Jan 29)
- Re: Checkpoint Firewall Configuration Andrea Gatta (Jan 29)
  - RE: Checkpoint Firewall Configuration Hall, Spencer D (Jan 29)
- Re: Checkpoint Firewall Configuration Jason Thompson (Jan 29)
  - Re: Checkpoint Firewall Configuration Louise Forrest (Jan 29)
- Re: Checkpoint Firewall Configuration Jurgen Vermeulen (Jan 30)
- RE: Checkpoint Firewall Configuration Dieter Sarrazyn (Jan 30)
  - Re: Checkpoint Firewall Configuration c0unter14 (Jan 31)
- <Possible follow-ups>
- Re: RE: Checkpoint Firewall Configuration bill (Jan 30)
- Checkpoint Firewall Configuration David Glosser (Jan 30)