Category Archives: Security

Allowing VPN/L2TP through ASA

Whilst there probably is many answers to the problem “allowing VPN through ASA”, the following will fix problems with regards clients on the inside trying to establish a VPN-connection (L2TP) to remote peer on the outside. The logs show the following error: “regular translation creation failed for protocol 47 src such and such” Due to […]

RANCID and restricted user on ASA

You may not want to configure RANCID using yout your default privilege level 15 user when it performs backup of your Cisco ASA. Leveraging commmand authorization will enable granular control of which commands it runs. !– Allowed commands privilege cmd level 4 mode exec command more privilege cmd level 4 mode exec command dir privilege […]

Unable to delete object in Check Point

I encountered this error today, where I was prohibited to delete a network object. The “where used” referred to the firewall object and the following context string: “interfaces->{F618DF02-1BE7-4A2E-AC7E-B22C44F1ED22}->security->netaccess->allowed” The solution, althrough a bit tricky to find, was very simple. The firewall’s anti-spoofing on the external interface was configured to not check packets with IP-addresses originating […]

Check Point Security Gateway stores fw.log locally

I came across an issue where the Check Point Security Gateway consistently stored the firewall logs locally as well as forwarding them to the Security Management server. As a result the /var/log partition reached 100%. Thinking this was the result of the Security Gateway having lost connection with the SM at some point (which makes […]

Check Point Upgrade_export – out.tar: Cannot write: No space left on device

The error message “… out.tar: Cannot write: No space left on device” can be seen when running the upgrade_export migration utility. The upgrade_export migration utility fails due to a very simple fact – The system partition is not big enough to accommodate the out.tar-file temporarily created during the migration. Workaround There is however workaround. We […]

SmartDashboard – The Fingerprint of the server SERVERNAME was changed

When trying to connect to the Security Management Server a warning read “The Fingerprint of the server SERVERNAME was changed.” …. “Do you approve the Fingerprint as valid?” This message is very typical when you for the first time connect to the SM using SmartConsole, but this particular SM had been operational for quite some […]

Access requests discarded on Microsoft IAS

The issue at hand was simply that the wireless clients were unable to connect to a 802.1X-enabled wireless network. The clients were authentication themselves to a Microsoft Windows 2003 IAS-server and there had been some work with the certificates prior to this so it was most likely related to the certificates. First off I was […]