Site to Site VPN between FortiGate and Check Point – malformed payload

Just thought I’d drop a post on a compatability issue which caused a lot of hassle for us. Problem: Problems establishing site to site VPN between FortiGate 1500D and Check Point 1430 appliance with Gaia embedded. Error: Main Mode Sent Notification to Peer: payload malformed – possibly a mismatch in pre-shared keys Background: We were […]

Microsoft CA commands and cheat sheet

This post does not go into depth of anything really, but serves more as a post to list useful commands/settings in a PKI setup. If you got anything to add, feel free to leave a comment and I’ll add it to the list as soon as I can. Client commands certutil -pulse – Triggers auto-enrollment […]

How to list users connected to SSLVPN / mobile access blade

Whilst trying to find out who is connected to the Check Point Gateway using mobile access/SSLVPN I found a few neat commands that comes in handy. First and foremost; who is connected to the gateway using SSLVPN: listusers And also to stop, start and restart the mobile access services cvpnstop cvpnstart cvpnrestart The commands are […]

Web server template with private key export

Per default, the web server template in Microsoft CA does not allow exportation of the private key once installed onto a system. To enable this option you need to create a new WebServer template which allows just that. As we can see from the default WebServer template, the export Private Key is unticked which is […]

Setting up OpenGear ACM5004 for remote access via mobile/Celluar networks

In this guide we will setup an OpenGear ACM5004 for remote mgmt and remote SSH capabilities (serial ports) over the mobile network, utilizing DynDNS to enable easy connection to the device. A fair warning first, I would not use the OpenGear over cellular networks as a permanent solution to access any equipment. The reason being […]

Unattended installation of Check Point appliance

Check Point features an unattended installation mode for fresh installation, which may come in handy if you need to upgrade/install an appliance remotely with an non-technical person onsite. A few limitations to be aware of – Fresh installs only. – Preconfiguration for basic networking can only be done on appliances when installing R77.20 or higher […]

Cisco AP not in bound state and will not join controller

At a customers a new SAP2702I would not join the controller and was stuck in a loop of translating cisco-capwap-controller and renew its IP address. Translating “CISCO-CAPWAP-CONTROLLER”…domain server (172.16.1.120) S Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Loading http://devicehelper.cisco.com/ca/trustpool ! Not in Bound state. *Mar 1 00:03:37.059: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address […]