Category Archives: Security

Site to Site VPN between FortiGate and Check Point – malformed payload

Just thought I’d drop a post on a compatability issue which caused a lot of hassle for us. Problem: Problems establishing site to site VPN between FortiGate 1500D and Check Point 1430 appliance with Gaia embedded. Error: Main Mode Sent Notification to Peer: payload malformed – possibly a mismatch in pre-shared keys Background: We were […]

Microsoft CA commands and cheat sheet

This post does not go into depth of anything really, but serves more as a post to list useful commands/settings in a PKI setup. If you got anything to add, feel free to leave a comment and I’ll add it to the list as soon as I can. Client commands certutil -pulse – Triggers auto-enrollment […]

How to list users connected to SSLVPN / mobile access blade

Whilst trying to find out who is connected to the Check Point Gateway using mobile access/SSLVPN I found a few neat commands that comes in handy. First and foremost; who is connected to the gateway using SSLVPN: listusers And also to stop, start and restart the mobile access services cvpnstop cvpnstart cvpnrestart The commands are […]

Web server template with private key export

Per default, the web server template in Microsoft CA does not allow exportation of the private key once installed onto a system. To enable this option you need to create a new WebServer template which allows just that. As we can see from the default WebServer template, the export Private Key is unticked which is […]

Unattended installation of Check Point appliance

Check Point features an unattended installation mode for fresh installation, which may come in handy if you need to upgrade/install an appliance remotely with an non-technical person onsite. A few limitations to be aware of – Fresh installs only. – Preconfiguration for basic networking can only be done on appliances when installing R77.20 or higher […]

Multiple commands in auto-script / set script-variable

Just a quick note about the auto-script functionality and how to run multiple commands, because this had me stomped on a Monday morning. (Thank you FortiNet for your sparse documentation) There is no fancy solution, no special new line characters, no encapsulating the commands in quatation marks and separating them by a delimiter or anything […]

Automated backup of Forti -Gate, -Manager & -Analyzer

Just a quick note on how to automate backup of your FortiGate, FortiAnalyzer and FortiManager. FortiManager / FortiAnalyzer Use the following configuration config system backup all-settings set status enable set protocol sftp set server “10.200.10.50” set user “fortibackup” set passwd “YourPassword” set directory “/home/fortibackup” set week_days sunday set time “23:00:00” set crptpasswd “CryptoKeyForYourBackup” end A […]

Check Point and GRUB-problems

This post serves more as a reminder to myself about Grub rather than providing new and exciting information. The /boot/grub/grub.conf file is either empty, or corrupted. Check Point FW boots into grub command prompt – Manual boot If all you can see is a grub command prompt you need to do the following to manually […]