Just a random day trying out the CLI on my Check Point 1140. The Check Point 1100 and 600 appliance CLI Reference Guide can be found here.
1140-Gateway> show software-version
This is Check Point's 1100 Appliance R77.20.11 - Build 471
1140-Gateway> fw ver -k
This is Check Point's 1100 Appliance R77.20.11 - Build 471
kernel: R77.20.11 - Build 383
1140-Gateway> show diag
Current system info
-----------------------------------
Image name: R77_990171471_20_11
Image version: 471
Bootloader version: 983002045
HW MAC Address: 00:1C:7F:2F:93:E8
LAN1 MAC Address: 00:1C:7F:2F:93:E9
LAN2 MAC Address: 00:1C:7F:2F:93:EA
LAN3 MAC Address: 00:1C:7F:2F:93:EB
LAN4 MAC Address: 00:1C:7F:2F:93:EC
LAN5 MAC Address: 00:1C:7F:2F:93:ED
LAN6 MAC Address: 00:1C:7F:2F:93:EE
LAN7 MAC Address: 00:1C:7F:2F:93:EF
LAN8 MAC Address: 00:1C:7F:2F:93:F0
DMZ MAC Address: 00:1C:7F:2F:93:F1
DSL MAC Address: A0:00:00:00:00:00
Wireless region: 5
DSL Annex: <UNKNOWN>
DSL Firmware: <UNKNOWN>
Unit version: 1
Unit name: UTM1
Unit model: L50
Marketing capabilities: 0
Management opaque: PbCCn3B/Cs4=:8mDFYWN68go=:gfFPFZFo7eg=
Hardware capabilities: 3
RTC status: OK
NAND status: OK
NAND bad-blocks:
-----------------------------------
1140-Gateway> fw stat
HOST POLICY DATE
localhost local 9Apr2016 8:22:31 : [>WAN ] [<WAN ] [>wlan0] [<wlan0] // THE CP 1140 FETCHES THE LOCAL POLICY EACH TIME IT BOOTS UP
1140-Gateway> show license
Host Expiration Features
======================================================================
Check Point product trial period will expire in 12 days.
Until then, you will be able to use the complete Check Point Product Suite.
Please obtain a permanent license from Check Point User Center at:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
======================================================================
1140-Gateway> show users type admin
username permission
admin read-write
1140-Gateway> show interfaces
name: LAN1_Switch
ipv4-address: 192.168.1.1
status:
name: DMZ
ipv4-address:
status: off
name: Lagura
ipv4-address: 192.168.252.1
status: up
name: LAN1
ipv4-address:
status: disconnected
name: LAN2
ipv4-address:
status: disconnected
name: LAN3
ipv4-address:
status: disconnected
name: LAN4
ipv4-address:
status: disconnected
name: LAN5
ipv4-address:
status: disconnected
name: LAN6
ipv4-address:
status: disconnected
name: LAN7
ipv4-address:
status: disconnected
name: LAN8
ipv4-address:
status: disconnected
name: Internet1
ipv4-address: 222.165.111.178
1140-Gateway> show interface Internet1
dhcp-exclude-end-range:
bridge-stp-priority: 32768
vti-is-numbered:
dhcp-range-end:
cluster-status: non-ha
wirelessRadioMode: on
lan-access:
description:
vlan: 1
subnet-mask: 255.255.248.0
is-connection-static: false
ssid:
mask-length: 21
password:
wireless-wep-password1:
interface: WAN
wep-default-key: 1
exclude-ip-pool:
xr: off
mtu: 1500
wpa-authenticate-using: password
wireless-wep-password2:
wmm: on
is-hidden: false
stp: off
bridge-anti-spoofing: off
status:
tkip-group-key-update-interval:600
nat: on
type: internet
wireless-wep-password4:
name: Internet1
wireless-wep-password3:
hide-ssid: off
network-ports:
bridge-stp-aging-time: 20
ipv4-address: 222.165.111.178 // PUBLIC IP NEGOTIATED FROM ISP
beacon-interval: 100
wds-peer-mac-address:
bridge-stp-forward-delay: 15
bridge-range:
relay-secondary:
display-name: Internet1
wireless-mac-filter-list: table: 0x41d43290
dhcp-exclude-start-range:
name: Internet1
security-type: WPA/WPA2
bridge-stp-hello-time: 2
rts-threshold: 2346
assignment: ASSIGNMENT.SEPARATE_NETWORK
dhcp-options: table: 0x41d4b758
vti-number: 0
mac-address:
dhcp-range-start:
internet-connection: table: 0x41d4dc30
type: numbered
guest-wireless:
relay relay-to:
wds: off
hidden-bridge-interface:
hotspot: off
link-speed:
state: on
remote:
dhcp: on
stp-cost: 100
include-ip-pool:
auto-negotiation:
lan-access-track:
internet-can-be-bridged: false
stp-priority: 128
peer:
bridge-log-dropped-non-iP: off
wpa-encryption-type: Auto
wireless-mac-filter: off
dtim-period: 1
fragmentation-threshold: 2346
wireless-transmission-rate: auto
station-to-station: allow
master-key-update-interval: 86400
is-bridge-fw-enabled: on
1140-Gateway> show wlan
wds: off
hide-ssid: off
wpa-auth-type: password
hotspot : off
password2:
password4:
default-wep-password: 1
assignment: ASSIGNMENT.SEPARATE_NETWORK
wpa-encryption-type: Auto
status: up
ssid: Lagura
mode: on
vap: Lagura
data-rate: auto
password: <PASSWORD>
security-type: WPA/WPA2
password1:
station-to-station: allow
name: wlan
password3:
1140-Gateway> show wlan radio
guard-interval: short
region: fcca
operation-mode: 11ng // SUPPORTS 802.11n AND BACKWARDS COMPATIBLE WITH 802.11g
country: other
channel: auto
antenna: auto
channel-width: 20
mode: on
transmitter-power: full
1140-Gateway> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP,
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive
S 0.0.0.0/0 via 222.165.104.1, WAN, cost 0, age 3
C 127.0.0.0/8 is directly connected, lo
lo
C 192.168.252.0/24 is directly connected, wlan0
wlan0
C 222.165.104.0/21 is directly connected, WAN
WAN
1140-Gateway> netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 LAN1
192.168.252.0 * 255.255.255.0 U 0 0 0 wlan0
222.165.104.0 * 255.255.248.0 U 0 0 0 WAN
default unknown.maxonli 0.0.0.0 UG 0 0 0 WAN
1140-Gateway> arp -a
? (192.168.252.4) at D0:25:98:90:1C:D9 [ether] on wlan0
? (192.168.252.8) at EC:55:F9:01:F9:0C [ether] on wlan0
? (192.168.252.6) at 70:3E:AC:93:EF:1A [ether] on wlan0
unknown.maxonline.com.sg (222.165.104.1) at 00:17:10:85:FA:1F [ether] on WAN
? (192.168.252.7) at 30:10:E4:66:CE:5A [ether] on wlan0
? (192.168.252.5) at BC:4C:C4:D8:7D:82 [ether] on wlan0
1140-Gateway> vpn tu
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
q
Aborting ...
1140-Gateway> fw monitor
fw: getting filter (from command line)
fw: compiling
monitorfilter:
Compiled OK.
fw: loading
fw: monitoring (control-C to stop)
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14239
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e07e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14239
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e07e
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11904
TCP: 22 -> 2784 ...PA. seq=1ff1e07e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11904
TCP: 22 -> 2784 ...PA. seq=1ff1e07e ack=b05c1ad8
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11905
TCP: 22 -> 2784 ...PA. seq=1ff1e0f2 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11905
TCP: 22 -> 2784 ...PA. seq=1ff1e0f2 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11906
TCP: 22 -> 2784 ...PA. seq=1ff1e156 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11906
TCP: 22 -> 2784 ...PA. seq=1ff1e156 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14240
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e156
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14240
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e156
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11907
TCP: 22 -> 2784 ...PA. seq=1ff1e1ca ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11907
TCP: 22 -> 2784 ...PA. seq=1ff1e1ca ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11908
TCP: 22 -> 2784 ...PA. seq=1ff1e22e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11908
TCP: 22 -> 2784 ...PA. seq=1ff1e22e ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14241
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e22e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14241
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e22e
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11909
TCP: 22 -> 2784 ...PA. seq=1ff1e2b2 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11909
TCP: 22 -> 2784 ...PA. seq=1ff1e2b2 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11910
TCP: 22 -> 2784 ...PA. seq=1ff1e316 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11910
TCP: 22 -> 2784 ...PA. seq=1ff1e316 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14242
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e316
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14242
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e316
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11911
TCP: 22 -> 2784 ...PA. seq=1ff1e39a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11911
TCP: 22 -> 2784 ...PA. seq=1ff1e39a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11912
TCP: 22 -> 2784 ...PA. seq=1ff1e3fe ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11912
TCP: 22 -> 2784 ...PA. seq=1ff1e3fe ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14243
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e3fe
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14243
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e3fe
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11913
TCP: 22 -> 2784 ...PA. seq=1ff1e482 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11913
TCP: 22 -> 2784 ...PA. seq=1ff1e482 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11914
TCP: 22 -> 2784 ...PA. seq=1ff1e4e6 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11914
TCP: 22 -> 2784 ...PA. seq=1ff1e4e6 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14244
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e4e6
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14244
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e4e6
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11915
TCP: 22 -> 2784 ...PA. seq=1ff1e56a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11915
TCP: 22 -> 2784 ...PA. seq=1ff1e56a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11916
TCP: 22 -> 2784 ...PA. seq=1ff1e5ce ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11916
TCP: 22 -> 2784 ...PA. seq=1ff1e5ce ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14245
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e5ce
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14245
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e5ce
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11917
TCP: 22 -> 2784 ...PA. seq=1ff1e652 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11917
TCP: 22 -> 2784 ...PA. seq=1ff1e652 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11918
TCP: 22 -> 2784 ...PA. seq=1ff1e6b6 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11918
TCP: 22 -> 2784 ...PA. seq=1ff1e6b6 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14246
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e6b6
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14246
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e6b6
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11919
TCP: 22 -> 2784 ...PA. seq=1ff1e73a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11919
TCP: 22 -> 2784 ...PA. seq=1ff1e73a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11920
TCP: 22 -> 2784 ...PA. seq=1ff1e79e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11920
TCP: 22 -> 2784 ...PA. seq=1ff1e79e ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14247
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e79e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14247
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e79e
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11921
TCP: 22 -> 2784 ...PA. seq=1ff1e812 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11921
TCP: 22 -> 2784 ...PA. seq=1ff1e812 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11922
TCP: 22 -> 2784 ...PA. seq=1ff1e876 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11922
TCP: 22 -> 2784 ...PA. seq=1ff1e876 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14248
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e876
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14248
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e876
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len
<OUTPUT TRUNCATED>
fw: caught sig 2
fw: unloading // CTRL+C TO ABORT
1140-Gateway> show logs
system - Display system logs
kernel - Display kernel logs
1140-Gateway> show logs system
Sat Apr 9 08:22:00 GMT+0800 2016 thttpd is not running. Trying to restart it now.
2016 Apr 9 08:22:05 RD6281 syslog.info syslogd: [syslogd] Process started
2016 Apr 9 08:22:07 RD6281 user.err fw_db_handler: osdb_handler_main: Expected more arguments
(currently 5)
2016 Apr 9 08:22:07 RD6281 user.err fw_db_handler: Error when handling table (null).
2016 Apr 9 08:22:07 RD6281 user.notice platformd: [OS] /pfrm2.0/opt/fw1/bin/fw_db_handler was
unable to handle DB update
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] DHCPDISCOVER is sent on WAN to 255.255.255.255 port 67 interval 4
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] Received DHCPOFFER from
172.17.0.207
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] DHCPREQUEST is sent on WAN to
255.255.255.255 port 67
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] Received DHCPACK from 172.17.0.207
2016 Apr 9 08:22:21 1140-Gateway user.notice root: [DHCP] Interface:WAN, IP: 222.165.111.178,
BCAST: 222.165.111.255, SUBNET: 255.255.248.0, GW: 222.165.104.1, DNS1: 202.156.1.16, DNS2:
218.186.2.16, DNS3: 218.186.2.6
2016 Apr 9 08:22:23 1140-Gateway daemon.info dhclient: [DHCP] Bound to 222.165.111.178 -- renewal
in 5911 seconds.
2016 Apr 9 08:22:28 1140-Gateway user.info cposd: [CPOSD] WAN connection "Internet1": Local Area
Network (LAN) connection established, IP address 222.165.111.178 assigned
2016 Apr 9 08:22:53 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.23 from ec:55:f9:01:f9:0c via wlan0: wrong network.
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.23 to ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.23 from ec:55:f9:01:f9:0c via wlan0: wrong network.
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.23 to ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.8 (192.168.252.1) from ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.8 (192.168.252.1) from ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:59 1140-Gateway user.info CHECKPOINT: Machine boot has finished
2016 Apr 9 08:23:05 1140-Gateway user.info CHECKPOINT: [System Operations] Starting process...
2016 Apr 9 08:23:11 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.15 from d0:25:98:90:1c:d9 via wlan0: wrong network.
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.15 to d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.15 from d0:25:98:90:1c:d9 via wlan0: wrong network.
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.15 to d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.4 (192.168.252.1) from d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.4 (192.168.252.1) from d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:21 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.21 from bc:4c:c4:d8:7d:82 via wlan0: wrong network.
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.21 to bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.21 from bc:4c:c4:d8:7d:82 via wlan0: wrong network.
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.21 to bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.5 (192.168.252.1) from bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.5 (192.168.252.1) from bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.16 from 70:3e:ac:93:ef:1a via wlan0: wrong network.
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.16 to 70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.16 from 70:3e:ac:93:ef:1a via wlan0: wrong network.
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.16 to 70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 (192.168.252.1) from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 (12.168.252.1) from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:25 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
deauthorized from wlan network. User credentials: pre-shared key
2016 Apr 9 08:23:53 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.22 from 30:10:e4:66:ce:5a via wlan0: wrong network.
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.22 to 30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.22 from 30:10:e4:66:ce:5a via wlan0: wrong network.
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.22 to 30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:54 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.7 (192.168.252.1) from 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.7 (192.168.252.1) from 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:25:17 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:32:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:33:29 1140-Gateway auth.info login: [WebUI] user 'admin' logged in on 'WebUI' from
'192.168.252.8' with 'Read/Write' permissions
2016 Apr 9 08:35:09 1140-Gateway authpriv.info dropbear[2723]: [SSH] Incoming client connection
from 192.168.252.8:2784 2016 Apr 9 08:35:16 1140-Gateway authpriv.notice dropbear[2723]: [SSH] PAM password auth succeeded for 'admin' from 192.168.252.8:2784
2016 Apr 9 08:39:07 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:39:43 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:42:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:42:24 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:44:42 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:44:44 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:46:13 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:46:14 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:51:15 1140-Gateway user.err rdcfg: unable to connect to routed No such file or directory
2016 Apr 9 08:51:17 1140-Gateway daemon.info routed[4442]: Start routed[4442] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:17 1140-Gateway daemon.notice routed[4442]: rt_instance_init: routed manager id
-1 initialized itself
2016 Apr 9 08:51:17 1140-Gateway daemon.notice routed[4442]: parse_instance_only: my_instance_id
-1 parsing instance default
2016 Apr 9 08:51:18 1140-Gateway daemon.info routed[4443]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:18 1140-Gateway daemon.info routed[4443]: Start routed[4443] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4442]: Clustering not installed (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4442]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4442]: Commence routing updates
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.warn routed[4443]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4443]: Clustering not installed (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4443]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: Commence routing updates
2016 Apr 9 08:51:21 1140-Gateway daemon.info routed[4442]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:21 1140-Gateway daemon.info routed[4443]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:21 1140-Gateway daemon.notice routed[4443]: Exit routed[4443] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:21 1140-Gateway daemon.notice routed[4442]: Exit routed[4442] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:32 1140-Gateway user.err rdcfg: unable to connect to routed Connection refused
2016 Apr 9 08:51:32 1140-Gateway daemon.info routed[4467]: Start routed[4467] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: rt_instance_init: routed manager id-1 initialized itself
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: parse_instance_only: my_instance_id -1 parsing instance default
2016 Apr 9 08:51:33 1140-Gateway daemon.info routed[4468]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:33 1140-Gateway daemon.info routed[4468]: Start routed[4468] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4467]: Clustering not installed (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4467]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: Commence routing updates
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.warn routed[4468]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4468]: Clustering not installed (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4468]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: Commence routing updates
2016 Apr 9 08:51:36 1140-Gateway daemon.info routed[4467]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:36 1140-Gateway daemon.info routed[4468]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:36 1140-Gateway daemon.notice routed[4468]: Exit routed[4468] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:36 1140-Gateway daemon.notice routed[4467]: Exit routed[4467] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:40 1140-Gateway user.err rdcfg: unable to connect to routed Connection refused
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4492]: Start routed[4492] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: rt_instance_init: routed manager id
-1 initialized itself
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: parse_instance_only: my_instance_id
-1 parsing instance default
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4493]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4493]: Start routed[4493] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4492]: Clustering not installed (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4492]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: Commence routing updates
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.warn routed[4493]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4493]: Clustering not installed (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4493]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: Commence routing updates
2016 Apr 9 08:51:43 1140-Gateway daemon.info routed[4492]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:43 1140-Gateway daemon.notice routed[4492]: Exit routed[4492] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:43 1140-Gateway daemon.info routed[4493]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:43 1140-Gateway daemon.notice routed[4493]: Exit routed[4493] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:52:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:52:24 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:52:36 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:52:37 1140-Gateway user.notice cpshell: [CLI] expert command by 'admin' failed -invalid authentication.
2016 Apr 9 08:52:39 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:52:41 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:54:53 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:54:55 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:02:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:02:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:12:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:12:43 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:12:45 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:14:54 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:14:56 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:16:17 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:16:18 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:22:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:22:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:22:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:22:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:22:24 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:27:49 1140-Gateway authpriv.info dropbear[2723]: [SSH] Exit (admin): Disconnect
received
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:32:24 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:41:12 1140-Gateway authpriv.info dropbear[4761]: [SSH] Incoming client connection
from 192.168.252.8:4722
2016 Apr 9 09:41:16 1140-Gateway authpriv.info dropbear[4761]: [SSH] Exit before auth: Exited
normally
2016 Apr 9 09:41:23 1140-Gateway authpriv.info dropbear[4762]: [SSH] Incoming client connection
from 192.168.252.8:4726
2016 Apr 9 09:41:25 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82
deauthorized from wlan network. User credentials: pre-shared key
2016 Apr 9 09:41:31 1140-Gateway authpriv.notice dropbear[4762]: [SSH] PAM password auth succeeded for 'admin' from 192.168.252.8:4726
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:42:54 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': exit.
2016 Apr 9 09:45:40 1140-Gateway user.info CHECKPOINT: [System Operations] Starting process...
1140-Gateway> show logs kernel
h table entries: 65536 (order: 7, 524288 bytes)
TCP bind hash table entries: 65536 (order: 6, 262144 bytes)
TCP: Hash tables configured (established 65536 bind 65536)
TCP reno registered
RTC has been updated!!!
RTC registered
Use the XOR engines (acceleration) for enhancing the following functions:
o RAID 5 Xor calculation
o kernel memcpy
o kenrel memzero
Number of XOR engines to use: 4
cesadev_init(c000e74c)
mvCesaInit: sessions=640, queue=64, pSram=f0000000
squashfs: version 3.3 (2007/10/31) Phillip Lougher
squashfs: LZMA suppport for slax.org by jro
NTFS driver 2.1.28 [Flags: R/W].
JFFS2 version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc.
io scheduler noop registered
io scheduler anticipatory registered (default)
Generic LED driver initialize
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
HDLC line discipline: version $Revision: 4.8 $, maxframe=4096
N_HDLC line discipline registered.
Initialize DSL driver
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
Loading Marvell Ethernet Driver:
o Cached descriptors in DRAM
o DRAM SW cache-coherency
o Single RX Queue support - ETH_DEF_RXQ=0
o Single TX Queue support - ETH_DEF_TXQ=0
o Receive checksum offload enabled
o Driver ERROR statistics enabled
o Driver INFO statistics enabled
o Proc tool API enabled
o Gateway support enabled
o Using Marvell Header Mode
o Rx descripors: q0=512
o Tx descripors: q0=532
o Loading network interface(s):
o device registered under mv88fx_eth platform
eth0: Dropping NETIF_F_SG since no checksum feature.
o eth0, ifindex = 1, GbE port = 0
o Loading Gateway interface(s):
o Using command line network interface configuration
command is 10,(00:1C:7F:2F:93:E9,0)(00:1C:7F:2F:93:F1,8)(00:1C:7F:2F:93:EA,1)
(00:1C:7F:2F:93:EB,2)(00:1C:7F:2F:93:EC,3)(00:1C:7F:2F:93:ED,4)(00:1C:7F:2F:93:EE,5)
(00:1C:7F:2F:93:EF,6)(00:1C:7F:2F:93:F0,7)(A0:00:00:00:00:00,9),mtu=1500
mv_gtw_get_if_nummv_gtw_get_if_num gtw_config.vlans_num=10number of interfaces in command line is
10
o MTU set to 1500
o mac_addr 00:1c:7f:2f:93:e9, VID 0x100, port list: port-0
o mac_addr 00:1c:7f:2f:93:f1, VID 0x200, port list: port-8
o mac_addr 00:1c:7f:2f:93:ea, VID 0x300, port list: port-1
o mac_addr 00:1c:7f:2f:93:eb, VID 0x400, port list: port-2
o mac_addr 00:1c:7f:2f:93:ec, VID 0x500, port list: port-3
o mac_addr 00:1c:7f:2f:93:ed, VID 0x600, port list: port-4
o mac_addr 00:1c:7f:2f:93:ee, VID 0x700, port list: port-5
o mac_addr 00:1c:7f:2f:93:ef, VID 0x800, port list: port-6
o mac_addr 00:1c:7f:2f:93:f0, VID 0x900, port list: port-7
o mac_addr a0:00:00:00:00:00, VID 0xa00, port list: port-9
eth1: Dropping NETIF_F_SG since no checksum feature.
o eth1, ifindex = 2, GbE port = 1
eth2: Dropping NETIF_F_SG since no checksum feature.
o eth2, ifindex = 3, GbE port = 1
eth3: Dropping NETIF_F_SG since no checksum feature.
o eth3, ifindex = 4, GbE port = 1
eth4: Dropping NETIF_F_SG since no checksum feature.
o eth4, ifindex = 5, GbE port = 1
eth5: Dropping NETIF_F_SG since no checksum feature.
o eth5, ifindex = 6, GbE port = 1
eth6: Dropping NETIF_F_SG since no checksum feature.
o eth6, ifindex = 7, GbE port = 1
eth7: Dropping NETIF_F_SG since no checksum feature.
o eth7, ifindex = 8, GbE port = 1
eth8: Dropping NETIF_F_SG since no checksum feature.
o eth8, ifindex = 9, GbE port = 1
eth9: Dropping NETIF_F_SG since no checksum feature.
o eth9, ifindex = 10, GbE port = 1
eth10: Dropping NETIF_F_SG since no checksum feature.
o eth10, ifindex = 11, GbE port = 1
Intel(R) PRO/1000 Network Driver - version 7.3.20-k2-NAPI
Copyright (c) 1999-2006 Intel Corporation.
i2c driver was not initialized yet.
e100: Intel(R) PRO/100 Network Driver, 3.5.17-k4-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
PPP generic driver version 2.4.2
PPP BSD Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
Init ADSL control eth device
usbcore: registered new interface driver cdc_ether
GobiNet: 2013-10-08/NTGR_2.21
usbcore: registered new interface driver GobiNet
Madge ATM Ambassador driver version 1.2.4
amb: debug bitmap is 0
Madge ATM Horizon [Ultra] driver version 1.2.1
hrz: debug bitmap is 0
Integrated Sata device found
scsi0 : Marvell SCSI to SATA adapter
scsi1 : Marvell SCSI to SATA adapter
NFTL driver: nftlcore.c $Revision: 1.98 $, nftlmount.c $Revision: 1.41 $
Using Hamming 1-bit ECC for NAND device
NAND device: Manufacturer ID: 0xad, Chip ID: 0xdc (Hynix NAND 512MiB 3,3V 8-bit)
Scanning device for bad blocks
11 cmdlinepart partitions found on MTD device nand_mtd
Using command line partition definition
Creating 11 MTD partitions on "nand_mtd":
0x00000000-0x000a0000 : "u-boot"
i2c driver was not initialized yet.
0x000a0000-0x00100000 : "bootldr-env"
0x00100000-0x00900000 : "kernel-1"
0x00900000-0x07a00000 : "rootfs-1"
0x07a00000-0x08200000 : "kernel-2"
0x08200000-0x0f300000 : "rootfs-2"
0x0f300000-0x16c00000 : "default_sw"
0x16c00000-0x18400000 : "logs"
0x18400000-0x18500000 : "preset_cfg"
0x18500000-0x18600000 : "adsl"
0x18600000-0x20000000 : "storage"
ehci_marvell ehci_marvell.70059: Marvell Orion EHCI
ehci_marvell ehci_marvell.70059: new USB bus registered, assigned bus number 1
ehci_marvell ehci_marvell.70059: irq 19, io base 0xf1050100
ehci_marvell ehci_marvell.70059: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
i2c driver was not initialized yet.
ohci_hcd: 2006 August 04 USB 1.1 'Open' Host Controller (OHCI) Driver
USB Universal Host Controller Interface driver v3.0
i2c driver was not initialized yet.
i2c driver was not initialized yet.
usb 1-1: new high speed USB device using ehci_marvell and address 2
i2c driver was not initialized yet.
usb 1-1: configuration #1 chosen from 1 choice
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
i2c driver was not initialized yet.
usbcore: registered new interface driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters
usbcore: registered new interface driver usblp
drivers/usb/class/usblp.c: v0.13: USB Printer Device Class driver
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for cp2101
usbcore: registered new interface driver cp2101
drivers/usb/serial/cp2101.c: Silicon Labs CP2101/CP2102 RS232 serial adaptor driver v0.07
drivers/usb/serial/usb-serial.c: USB Serial support registered for FTDI USB Serial Device
usbcore: registered new interface driver ftdi_sio
drivers/usb/serial/ftdi_sio.c: v1.4.3:USB FTDI Serial Converters Driver
drivers/usb/serial/usb-serial.c: USB Serial support registered for IPWireless converter
usbcore: registered new interface driver ipwtty
drivers/usb/serial/ipw.c: IPWireless tty driver v0.3
drivers/usb/serial/usb-serial.c: USB Serial support registered for GSM modem (1-port)
usbcore: registered new interface driver option
drivers/usb/serial/option.c: USB Driver for GSM modems: v0.7.1
drivers/usb/serial/usb-serial.c: USB Serial support registered for pl2303
usbcore: registered new interface driver pl2303
drivers/usb/serial/pl2303.c: Prolific PL2303 USB to serial adaptor driver
drivers/usb/serial/usb-serial.c: USB Serial support registered for Sierra USB modem
usbcore: registered new interface driver sierra
drivers/usb/serial/sierra.c: USB Driver for Sierra Wireless USB modems: v.1.7.40
drivers/usb/serial/usb-serial.c: USB Serial support registered for GobiSerial
usbcore: registered new interface driver GobiSerial
GobiSerial: 2013-10-08/NTGR_2.12
usbcore: registered new interface driver sierra_net
mice: PS/2 mouse device common for all mice
i2c /dev entries driver
rtc-s35390a 0-0030: rtc core: registered rtc-s35390a as rtc0
Linux telephony interface: v1.00
device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised
dm_crypt using the OCF package.
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
mvsdmmc: irq =28 start f1090000
mvsdmmc: irq_detect=110
usbcore: registered new interface driver usbhid
drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
oprofile: using timer interrupt.
Netfilter messages via NETLINK v0.30.
IPv4 over IPv4 tunneling driver
TCP cubic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
lec.c: Jul 22 2015 13:59:48 initialized
mpc.c: Jul 22 2015 13:59:46 initialized
802.1Q VLAN Support v1.8 Ben Greear
All bugs added by David S. Miller
rtc-s35390a 0-0030: setting the system clock to 2016-04-09 08:19:50 (1460189990)
Freeing init memory: 3468K
jffs2_scan_eraseblock(): Node at 0x04e7b7fc {0x1985, 0xe001, 0xffffffff) has invalid CRC 0xffffffff (calculated 0xd4ae663a)
umimod: module license 'Proprietary' taints kernel.
NET: Registered protocol family 32
kernel UMI module loaded
SIM: Linux kernel version 2.6.22 ()
mvCesaInit: sessions=800, queue=4, pSram=f0000000
Sim: driver installed
[fw4_0];FW-1: Linux kernel version 2.6.22--1
[fw4_0];FW-1: driver installed
VPN-1: driver installed
VPNT: IPv4 over VPN Tunnel driver installed
FG-1: driver installed
[fw4_0];FW-1: ld_commit: Attempting to commit unbound or invalid ld 8115
WAN: mac address changed
WAN: link up, full duplex, speed 100 Mbps
WAN: started
MRVDRIVER: LAN1 has no ioctl interface
ksw_mrv_netdev_create_port_netdevice:560 added device LAN1 on port 0
ksw_mrv_netdev_create_port_netdevice:560 added device LAN2 on port 1
ksw_mrv_netdev_create_port_netdevice:560 added device LAN3 on port 2
ksw_mrv_netdev_create_port_netdevice:560 added device LAN4 on port 3
ksw_mrv_netdev_create_port_netdevice:560 added device LAN5 on port 4
ksw_mrv_netdev_create_port_netdevice:560 added device LAN6 on port 5
ksw_mrv_netdev_create_port_netdevice:560 added device LAN7 on port 6
ksw_mrv_netdev_create_port_netdevice:560 added device LAN8 on port 7
ksw_mrv_netdev_create_port_netdevice:560 added device DMZ on port 8
Seattle Switch+Phy driver installed
Initialzing Factory Reset module
ath_hal: 0.9.17.1 (AR5212, AR5416, RF5111, RF5112, RF2413, RF5413, RF2316, RF2317, DEBUG,
WRITE_EEPROM, 11D)
wlan: 0.8.4.2 (Atheros/multi-bss)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Atheros 9287: mem=0xe8000000, irq=9 hw_base=0xe0b40000
wlan: mac acl policy registered
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN1 on port 0
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN2 on port 1
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN3 on port 2
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN4 on port 3
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN5 on port 4
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN6 on port 5
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN7 on port 6
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN8 on port 7
mv_gateway: starting LAN1
mv_gateway: starting DMZ
mv_gateway: stopping DMZ
ksw_mrv_netdev_set_switchport_settings:318 accessing device DMZ on port 8
New timeout is 12Ports vlan
num |VID |port_state |
--------------------------------------------
1 |1 |Auto learning(default) |
2 |1 |Auto learning(default) |
3 |1 |Auto learning(default) |
4 |1 |Auto learning(default) |
5 |1 |Auto learning(default) |
6 |1 |Auto learning(default) |
7 |1 |Auto learning(default) |
8 |1 |Auto learning(default) |
Vlan port Mask
VID |Port mask |
-----------------------
1 |0xff |
g_port_vlan_exist=0
mv_gateway: stopping LAN1
LAN1: Switch port #0 unmapped
mv_gateway: starting LAN1
LAN2: Switch port #1 unmapped
LAN3: Switch port #2 unmapped
LAN4: Switch port #3 unmapped
LAN5: Switch port #4 unmapped
LAN6: Switch port #5 unmapped
LAN7: Switch port #6 unmapped
LAN8: Switch port #7 unmapped
mv_gateway: stopping LAN1
ksw_mrv_dev_apply_current_vlans:403 Adding port 0 to dev LAN1
LAN1: Switch port #0 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 1 to dev LAN1
LAN1: Switch port #1 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 2 to dev LAN1
LAN1: Switch port #2 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 3 to dev LAN1
LAN1: Switch port #3 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 4 to dev LAN1
LAN1: Switch port #4 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 5 to dev LAN1
LAN1: Switch port #5 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 6 to dev LAN1
LAN1: Switch port #6 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 7 to dev LAN1
LAN1: Switch port #7 mapped
mv_gateway: starting LAN1
Country ie is US
VPN-1: AES-NI is allowed on this machine. Testing hardware support
VPN-1: AES-NI is not supported on this hardware
VPN-1: Cryptographic algorithm tests passed successfully
[fw4_0];VPN-1: connected to FW-1
[fw4_0];fwk_cmi_sticky_update_prepare: cmi_context_array_new is not ready
[fw4_0];FW-1: SIM (SecureXL Implementation Module) SecureXL device detected.
[fw4_0];FW-1: SIM (SecureXL Implementation Module) SecureXL device detected.
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];fw_kmalloc_impl: fwk_atomic_logdom: allocates 0 bytes
[fw4_0];FW-1: monitor filter loaded
[fw4_0];FW-1: monitor filter unloaded
1140-Gateway> show configuration
# Configure a persistent domain name for the device
set dynamic-dns provider "DynDns"
# Configure DNS and Domain settings for the device
set dns proxy "enable" resolving "on"
set dns mode "internet"
set domainname "lagura.com"
# HTTPS categorization
set https-categorization advanced-settings validate-cert-expiration "false"
set https-categorization advanced-settings validate-unreachable-crl "false"
set https-categorization advanced-settings validate-crl "true"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set threat-prevention anti-bot user-check ask body "Your computer is trying to access a malicious
server. It is likely infected by malware.
Malware activity: $activity.
URL: $original_url.
Reference: $incident_id
Press OK to continue." activity-text "Ignore warning" fallback-action "block" frequency "day"
subject "Are you sure?" title "Check Point Anti-Bot" reason-displayed "false"
set threat-prevention anti-bot user-check block body "Your computer is trying to access a
malicious server. It is probably infected by malware. For more information and remediation please
contact your administrator.
Activity: $activity.
URL: $original_url.
Reference: $incident_id" subject "Page Blocked" title "Check Point Anti-Bot" redirect-to-url
"false"
# Anti-Bot engine
set threat-prevention anti-bot engine malicious-activity "policy-action" reputation-domains
"policy-action" reputation-ips "policy-action" reputation-urls "policy-action" unusual-activity
"policy-action"
# Active directory server object
# Additional hardware and operating system settings
set additional-hw-settings reset-timeout "12"
# Administrator access IP addresses
delete admin-access-ipv4-address-all
# Administrator access
set admin-access web-access-port "4434" ssh-access-port "22" allowed-ipv4-addresses "any"
# Limit administrators login failure attempts for before locking out for a defined period of time
set administrator session-settings lockout-enable "on" max-lockout-attempts "10" lock-period "30"
inactivity-timeout "10"
# Administrators RADIUS authentication
# ADSL information
# Advanced settings for Threat Prevention
set threat-prevention-advanced advanced-settings file-inspection-size-kb "0"
set threat-prevention-advanced advanced-settings AboutConfigAdvancedTpPolicyHttpSkippingMethod
http-skipping-method "default"
# Reach My Device
set reach-my-device existing-host-name "nil"
set reach-my-device advanced-settings ignore-ssl-cert "false"
set reach-my-device mode "off"
set reach-my-device advanced-settings reach-my-device-server-addr "smbrelay.checkpoint.com"
# Connections aggressive aging
delete aggressive-aging
set aggressive-aging icmp-timeout "3" icmp-timeout-enable "true" other-timeout "15" other-
timeout-enable "false" pending-timeout "15" pending-timeout-enable "false" tcp-end-timeout "3"
tcp-end-timeout-enable "true" tcp-start-timeout "5" tcp-start-timeout-enable "true" tcp-timeout
"600" tcp-timeout-enable "true" udp-timeout "15" udp-timeout-enable "true" general "true" log
"log" connt-limit-high-watermark-pct "80" connt-mem-high-watermark-pct "80" memory-conn-status
"both"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set fw policy user-check ask body "Access to $application_name is intended for work-related use
only.
Category: $category.
Reference: $incident_id" confirm-text "I will use this site or application for work-related use
only" fallback-action "block" frequency "day" subject "Are you sure?" title "Check Point
Application Control" reason-displayed "false"
set fw policy user-check accept body "Access to $application_name is intended for work-related use
only.
Category: $category.
Reference: $incident_id" fallback-action "accept" frequency "day" subject "Please note:" title
"Check Point Application Control"
set fw policy user-check block body "Access to $application_name is not permitted.
Category: $category.
Reference: $incident_id" subject "Page Blocked" title "Check Point Application Control" redirect-
to-url "false"
# Default APPI policy and configuration
set application-control mode "off" url-flitering-only "false" block-security-categories "true"
block-inappropriate-content "true" block-other-undesired-applications "true" block-file-sharing-
applications "true" limit-bandwidth "true" limit-upload "true" set-limit "1" limit-download "true"
set-limit "1"
# Security management settings
set security-management mode "locally-managed"
# Application
# List of allowed IP addresses, email addresses (senders) and domains for Anti-Spam blade
delete antispam allowed-sender all
# List of blocked IP addresses, email addresses (senders) and domains for Anti-Spam blade
delete antispam blocked-sender all
# Policy for Anti-Spam blade
set antispam mode "off" detection-method "email-content" log "log" action-spam-email-content
"block" flag-subject-stamp "SPAM" detect-mode "off" specify-suspected-spam-settings "false"
set antispam advanced-settings allow-mail-track "none"
set antispam advanced-settings transparent-proxy "true"
set antispam advanced-settings ip-rep-timeout "10"
set antispam advanced-settings spam-engine-timeout "10"
set antispam advanced-settings ip-rep-fail-open "true"
set antispam advanced-settings email-size-scan "8"
set antispam advanced-settings spam-engine-all-mail-track "none"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set threat-prevention anti-virus user-check ask body "The site you are trying to access is
classified as malicious.
Malware activity: $activity.
URL: $original_url.
Reference: $incident_id.
Press OK to continue." activity-text "Ignore warning" fallback-action "block" frequency "day"
subject "Are you sure?" title "Check Point Anti-Virus" reason-displayed "false"
set threat-prevention anti-virus user-check block body "The site you are trying to access is
classified as malicious and has been blocked.
For more information, please contact your administrator.
Activity: $activity.
URL: $original_url.
Reference: $incident_id" subject "Page Blocked" title "Check Point Anti-Virus" redirect-to-url
"false"
# Anti-Virus engine
set threat-prevention anti-virus engine urls-with-malware "policy-action" viruses "policy-action"
# Manage Anti-Virus policy per file type
delete threat-prevention anti-virus file-type custom all
set threat-prevention anti-virus file-type action "scan" description "AFX compressed file data"
set threat-prevention anti-virus file-type action "scan" description "Web browser cookie text"
set threat-prevention anti-virus file-type extension "7z" action "scan" description "7Z archive data"
set threat-prevention anti-virus file-type extension "8BPS" action "scan" description "8BPS Adobe
Photoshop image"
set threat-prevention anti-virus file-type extension "ace" action "scan" description "ACE compressed archive"
set threat-prevention anti-virus file-type extension "adp,ade" action "scan" description "Access project"
set threat-prevention anti-virus file-type extension "arc" action "scan" description "ARC archive data"
set threat-prevention anti-virus file-type extension "arj" action "scan" description "ARJ archive data"
set threat-prevention anti-virus file-type extension "asf" action "scan" description "Microsoft ASF"
set threat-prevention anti-virus file-type extension "bas" action "scan" description "BASIC source code"
set threat-prevention anti-virus file-type extension "bat" action "block" description "MS-DOS batch file text"
set threat-prevention anti-virus file-type extension "bmp" action "scan" description "BITMAP"
set threat-prevention anti-virus file-type extension "bz" action "scan" description "BZIP compressed data"
set threat-prevention anti-virus file-type extension "bz2" action "scan" description "BZIP2 compressed data"
set threat-prevention anti-virus file-type extension "cab" action "scan" description "InstallShield cabinet file"
set threat-prevention anti-virus file-type extension "cab" action "scan" description "Microsoft cabinet file"
set threat-prevention anti-virus file-type extension "chm" action "block" description "Windows HTML Help data"
set threat-prevention anti-virus file-type extension "class" action "scan" description "Compiled Java class data"
set threat-prevention anti-virus file-type extension "cmd" action "block" description "Windows command file"
set threat-prevention anti-virus file-type extension "com" action "scan" description "Command"
set threat-prevention anti-virus file-type extension "cpl" action "scan" description "Windows Control Panel extension"
set threat-prevention anti-virus file-type extension "crt" action "scan" description "Certificate file"
set threat-prevention anti-virus file-type extension "dat" action "scan" description "TNEF"
set threat-prevention anti-virus file-type extension "dmf" action "scan" description "Windows disk map file"
set threat-prevention anti-virus file-type extension "doc" action "scan" description "Microsoft Word 6.0 document"
set threat-prevention anti-virus file-type extension "doc,xls,ppt" action "scan" description
"Microsoft Office document"
set threat-prevention anti-virus file-type extension "emf" action "scan" description "Windows Enhanced Metafile"
set threat-prevention anti-virus file-type extension "eps" action "scan" description "DOS EPS Binary File"
set threat-prevention anti-virus file-type extension "exe" action "scan" description "MS-DOS executable (built-in)"
set threat-prevention anti-virus file-type extension "exe,dll" action "scan" description "Windows PE"
set threat-prevention anti-virus file-type extension "exe,scr" action "scan" description "MS-DOS executable (including self-extracting archives)"
set threat-prevention anti-virus file-type extension "gif" action "scan" description "GIF"
set threat-prevention anti-virus file-type extension "gzip,gz" action "scan" description "GZIP compressed data"
set threat-prevention anti-virus file-type extension "hlp" action "block" description "Windows Help data"
set threat-prevention anti-virus file-type extension "hta" action "scan" description "HTML application"
set threat-prevention anti-virus file-type extension "html,htm" action "scan" description "HTML"
set threat-prevention anti-virus file-type extension "ico" action "scan" description "Windows icon"
set threat-prevention anti-virus file-type extension "inf" action "scan" description "Information or Setup file"
set threat-prevention anti-virus file-type extension "ins,isp" action "scan" description "IIS settings"
set threat-prevention anti-virus file-type extension "jar" action "scan" description "Java archive"
set threat-prevention anti-virus file-type extension "jp2" action "scan" description "JPEG 2000"
set threat-prevention anti-virus file-type extension "jpeg" action "scan" description "JPEG, HSI proprietary"
set threat-prevention anti-virus file-type extension "jpg,jpeg" action "scan" description "JPEG"
set threat-prevention anti-virus file-type extension "js,jse" action "scan" description "JavaScript"
set threat-prevention anti-virus file-type extension "lbr" action "scan" description "LBR archive data"
set threat-prevention anti-virus file-type extension "lnk" action "block" description "Windows shortcut"
set threat-prevention anti-virus file-type extension "lzo" action "scan" description "LZOP compressed data"
set threat-prevention anti-virus file-type extension "mdb,mde" action "scan" description "Accessdatabase"
set threat-prevention anti-virus file-type extension "midi" action "scan" description "Standard MIDI data"
set threat-prevention anti-virus file-type extension "mp2" action "scan" description "MPEG ADTS,layer II"
set threat-prevention anti-virus file-type extension "mp3" action "scan" description "MP3 file with ID3 version 2"
set threat-prevention anti-virus file-type extension "mp3" action "scan" description "MPEG ADTS, layer III"
set threat-prevention anti-virus file-type extension "mpa" action "scan" description "MPEG ADTS, layer I"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG ADIF, AAC"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG-4 LOAS"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG transport stream data"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG ADTS, AAC"
set threat-prevention anti-virus file-type extension "mpeg,mpg" action "scan" description "JVT NAL sequence"
set threat-prevention anti-virus file-type extension "msc" action "scan" description "MMC Snap-in"
set threat-prevention anti-virus file-type extension "msi" action "scan" description "Windows Installer file"
set threat-prevention anti-virus file-type extension "pcx" action "scan" description "PCX ver. 2.5"
set threat-prevention anti-virus file-type extension "pdf" action "scan" description "PDF"
set threat-prevention anti-virus file-type extension "perl" action "scan" description "PERL script"
set threat-prevention anti-virus file-type extension "php" action "scan" description "PHP script"
set threat-prevention anti-virus file-type extension "pif" action "block" description "Windows program information file"
set threat-prevention anti-virus file-type extension "png" action "scan" description "PNG"
set threat-prevention anti-virus file-type extension "ps" action "scan" description "PostScript"
set threat-prevention anti-virus file-type extension "qt,mov" action "scan" description "Apple QuickTime"
set threat-prevention anti-virus file-type extension "ra" action "scan" description "RealAudio sound file"
set threat-prevention anti-virus file-type extension "rar" action "scan" description "RAR archive data"
set threat-prevention anti-virus file-type extension "reg" action "block" description "Windows registry file"
set threat-prevention anti-virus file-type extension "rtf" action "scan" description "Rich Text Format"
set threat-prevention anti-virus file-type extension "shar" action "scan" description "Shell archive text"
set threat-prevention anti-virus file-type extension "sig" action "scan" description "PGP sig"
set threat-prevention anti-virus file-type extension "swf" action "scan" description "Macromedia Flash data"
set threat-prevention anti-virus file-type extension "tar" action "scan" description "POSIX tar archive"
set threat-prevention anti-virus file-type extension "tif" action "scan" description "TIFF"
set threat-prevention anti-virus file-type extension "uue,xxe" action "scan" description "uuencoded or xxencoded text"
set threat-prevention anti-virus file-type extension "vb,vbe,vbs" action "block" description "Visual Basic script"
set threat-prevention anti-virus file-type extension "vsd" action "scan" description "Visio drawing"
set threat-prevention anti-virus file-type extension "wav" action "scan" description "Waveform audio format"
set threat-prevention anti-virus file-type extension "wmf" action "scan" description "Windows metafont"
set threat-prevention anti-virus file-type extension "ws,wsc,wsf" action "block" description "Windows script file"
set threat-prevention anti-virus file-type extension "xls" action "scan" description "Microsoft Excel 5.0 Worksheet"
set threat-prevention anti-virus file-type extension "xml" action "scan" description "XML"
set threat-prevention anti-virus file-type extension "xsl" action "scan" description "XML stylesheet"
set threat-prevention anti-virus file-type extension "zip" action "scan" description "ZIP archive data"
set threat-prevention anti-virus file-type extension "zoo" action "scan" description "ZOO archive data"
# backup
set periodic-backup mode "false" file-encryption "false" schedule "daily" hour "01:00"
# Table for activation status of a blade
# Bookmark to use with the SNX
delete bookmark all
# Internet Connection
delete internet-connections
set internet-connection "Internet1" type "dhcp"
set internet-connection "Internet1" type "pppoa" local-ipv4-address "auto" method "auto" idle-time "20"
set internet-connection "Internet1" auto-negotiation "on" link-speed "10/half" mtu "1500" mac-addr "default" vpi "0" vci "0" standard "adsl2+" encapsulation "llc"
set internet-connection "Internet1" type "cellular"
set internet-connection "Internet1" type "pppoa"
set internet-connection "Internet1" ha-priority "1" load-balancing-weight "10"
set internet-connection "Internet1" qos-upload "disable"
set internet-connection "Internet1" qos-download "disable"
set internet-connection "Internet1" "enable"
set internet-connection "Internet1" connect-on-demand "false"
# Virtual Access Point
delete wlan vaps
set wlan advanced-settings hide-ssid "off" station-to-station "allow" wds "off"
set wlan assignment "ASSIGNMENT.SEPARATE_NETWORK"
set wlan security-type "WPA/WPA2"
set wlan ssid "Lagura"
set wlan wpa-encryption-type "Auto"
# Switch
add switch name "LAN1_Switch"
set switch "LAN1_Switch" add port "LAN1"
set switch "LAN1_Switch" add port "LAN2"
set switch "LAN1_Switch" add port "LAN3"
set switch "LAN1_Switch" add port "LAN4"
set switch "LAN1_Switch" add port "LAN5"
set switch "LAN1_Switch" add port "LAN6"
set switch "LAN1_Switch" add port "LAN7"
set switch "LAN1_Switch" add port "LAN8"
# Bridge configured in the device
# Additional firewall configuration for Citrix service
# Cloud Deployment Settings
set cloud-deployment cloud-url "smbclouddeployment.checkpoint.com"
# Cloud Services
set cloud-services advanced-settings cloud-management-configuration smp-login "true" show-mgmt-server-details-on-login "true"
# Cloud services managed by the provider
# Status of current connection to the cloud services provider
# Database of user-defined URLs
# User defined application group
set application-group name "Security_Risks" add application-name "Critical Risk"
set application-group name "Security_Risks" add application-name "Anonymizer"
set application-group name "Security_Risks" add application-name "Spyware / Malicious Sites"
set application-group name "Security_Risks" add application-name "Botnets"
set application-group name "Security_Risks" add application-name "Spam"
set application-group name "Security_Risks" add application-name "Phishing"
set application-group name "Security_Risks" add application-name "Hacking"
set application-group name "Inappropriate" add application-name "Violence"
set application-group name "Inappropriate" add application-name "Sex"
set application-group name "Inappropriate" add application-name "Gambling"
set application-group name "Inappropriate" add application-name "Hate / Racism"
set application-group name "Inappropriate" add application-name "Illegal / Questionable"
set application-group name "Inappropriate" add application-name "Illegal Drugs"
set application-group name "Inappropriate" add application-name "Weapons"
set application-group name "Torrents_and_P2P_applications" add application-name "BitTorrent protocol"
set application-group name "Torrents_and_P2P_applications" add application-name "Share Music"
set application-group name "Torrents_and_P2P_applications" add application-name "Gnutella protocol"
set application-group name "Torrents_and_P2P_applications" add application-name "eDonkey"
set application-group name "Torrents_and_P2P_applications" add application-name "Facebook File Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "P2P File Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "File Storage and
Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "Torrent Trackers"
set application-group name "Other_undesired_applications" add application-name "Blogger"
set application-group name "Other_undesired_applications" add application-name "Facebook"
set application-group name "Other_undesired_applications" add application-name "eBay"
set application-group name "Predefined_Groups" add application-name "Security_Risks"
set application-group name "Predefined_Groups" add application-name "Inappropriate"
set application-group name "Predefined_Groups" add application-name "Torrents_and_P2P_applications"
set application-group name "Predefined_Groups" add application-name "Other_undesired_applications"
set application-group name "Bandwidth_Consuming_Applications" add application-name "High Bandwidth"
set application-group name "Bandwidth_Consuming_Applications" add application-name "P2P File Sharing"
set application-group name "Bandwidth_Consuming_Applications" add application-name "Media Sharing"
set application-group name "Bandwidth_Consuming_Applications" add application-name "Media Streams"
set application-group name "Bandwidth_Consuming_Applications" add application-name "YouTube"
# Security management settings
# Device details
# DHCP custom option
# DHCP Relay advanced options
set dhcp-relay advanced-settings use-internal-ip-addrs-as-source "false"
# Additional configuration for FTP service
set service-system-default FTP firewall-settings mode "any"
# Service objects
add service-tcp name "HTTP" port "80, 3128, 8080" comments "Hypertext Transfer Protocol"
set service-tcp "HTTP" name "HTTP" port "80, 3128, 8080" comments "Hypertext Transfer Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "0" use-source-port "nil"
set service-system-default HTTP port "80, 3128, 8080" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "0"
add service-tcp name "FTP" port "21" comments "File Transfer Protocol"
set service-tcp "FTP" name "FTP" port "21" comments "File Transfer Protocol" session-timeout
"3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default FTP port "21" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "PPTP_TCP" port "1723" comments "Point-to-Point Tunneling Protocol, extension
of PPP"
set service-tcp "PPTP_TCP" name "PPTP_TCP" port "1723" comments "Point-to-Point Tunneling
Protocol, extension of PPP" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-
enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout
"600" use-source-port "nil"
set service-system-default PPTP_TCP port "1723" disable-inspection "true" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "SNMP" port "161" comments "Simple Network Management Protocol"
set service-udp "SNMP" name "SNMP" port "161" comments "Simple Network Management Protocol"
session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-
enable "true" aggressive-aging-timeout "15"
set service-system-default SNMP port "161" disable-inspection "false" session-timeout "40" use-
source-port "nil" accept-replies "true"
add service-udp name "TFTP" port "69" comments "Trivial File Transfer Protocol"
set service-udp "TFTP" name "TFTP" port "69" comments "Trivial File Transfer Protocol" session-
timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-enable
"true" aggressive-aging-timeout "15"
set service-system-default TFTP port "69" disable-inspection "false" accept-replies "true"
session-timeout "40" use-source-port "nil" keep-connections-open-after-policy-installation "false"
sync-connections-on-cluster "true"
add service-tcp name "SSH" port "22" comments "Secure shell, encrypted and authenticated rsh"
set service-tcp "SSH" name "SSH" port "22" comments "Secure shell, encrypted and authenticated
rsh" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-
sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port
"nil"
set service-system-default SSH port "22" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "TELNET" port "23" comments "Telnet Protocol"
set service-tcp "TELNET" name "TELNET" port "23" comments "Telnet Protocol" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default TELNET port "23" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-tcp name "SMTP" port "25" comments "Simple Mail Transfer Protocol"
set service-tcp "SMTP" name "SMTP" port "25" comments "Simple Mail Transfer Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SMTP port "25" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "IMAP" port "143" comments "Interactive Mail Access Protocol"
set service-tcp "IMAP" name "IMAP" port "143" comments "Interactive Mail Access Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default IMAP port "143" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "POP3" port "110" comments "Post Office Protocol - Version 3"
set service-tcp "POP3" name "POP3" port "110" comments "Post Office Protocol - Version 3"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default POP3 port "110" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "NNTP" port "119" comments "Network News Transfer Protocol"
set service-tcp "NNTP" name "NNTP" port "119" comments "Network News Transfer Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default NNTP port "119" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-udp name "DNS_UDP" port "53" comments "Domain Name System Queries"
set service-udp "DNS_UDP" name "DNS_UDP" port "53" comments "Domain Name System Queries" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-enable
"true" aggressive-aging-timeout "15"
set service-system-default DNS_UDP port "53" disable-inspection "false" session-timeout "40" use-
source-port "nil" accept-replies "true"
add service-tcp name "DNS_TCP" port "53" comments "Domain Name System Download"
set service-tcp "DNS_TCP" name "DNS_TCP" port "53" comments "Domain Name System Download"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default DNS_TCP port "53" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "DHCP" port "67, 68" comments "DHCP request from enforcement module only"
set service-udp "DHCP" name "DHCP" port "67, 68" comments "DHCP request from enforcement module
only" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive- aging-enable "true" aggressive-aging-timeout "15"
set service-system-default DHCP port "67, 68" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "CIFS" port "139, 445" comments "Common Internet File System Services"
set service-tcp "CIFS" name "CIFS" port "139, 445" comments "Common Internet File System Services"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default CIFS port "139, 445" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "NetBIOSName" port "137" comments "NetBios Name Service"
set service-udp "NetBIOSName" name "NetBIOSName" port "137" comments "NetBios Name Service"
session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-
enable "true" aggressive-aging-timeout "15"
set service-system-default NetBIOSName port "137" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-udp name "NetBIOSDatagram" port "138" comments "NetBios Datagram Service"
set service-udp "NetBIOSDatagram" name "NetBIOSDatagram" port "138" comments "NetBios Datagram
Service" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default NetBIOSDatagram port "138" disable-inspection "false" session-timeout
"40" use-source-port "nil" accept-replies "true"
add service-tcp name "HTTPS" port "443" comments "HTTP protocol over TLS-SSL"
set service-tcp "HTTPS" name "HTTPS" port "443" comments "HTTP protocol over TLS-SSL" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "0" use-source-port "nil"
set service-system-default HTTPS port "443" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "0"
add service-tcp name "SQLNet" port "1525-1526" comments "Part of Oracle SQL Net Version 2
Services"
set service-tcp "SQLNet" name "SQLNet" port "1525-1526" comments "Part of Oracle SQL Net Version 2
Services" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SQLNet port "1525-1526" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "H323" port "1720" comments "Video conference transmissions over IP networks"
set service-tcp "H323" name "H323" port "1720" comments "Video conference transmissions over IP
networks" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default H323 port "1720" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
add service-tcp name "RTSP" port "554" comments "Real Time Streaming Protocol"
set service-tcp "RTSP" name "RTSP" port "554" comments "Real Time Streaming Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RTSP port "554" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "RealAudio" port "7070" comments "RealNetworks PNA Protocol"
set service-tcp "RealAudio" name "RealAudio" port "7070" comments "RealNetworks PNA Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RealAudio port "7070" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "RSH" port "512, 514" comments "Remote shell and execution"
set service-tcp "RSH" name "RSH" port "512, 514" comments "Remote shell and execution" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RSH port "512, 514" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "NetShow" port "1755" comments "Microsoft NetShow, Windows Media Player"
set service-tcp "NetShow" name "NetShow" port "1755" comments "Microsoft NetShow, Windows Media
Player" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default NetShow port "1755" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-tcp name "Citrix" port "1494" comments "Allows servers to provide applications and
data for attached computer workstations for Windows"
set service-tcp "Citrix" name "Citrix" port "1494" comments "Allows servers to provide
applications and data for attached computer workstations for Windows" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default Citrix port "1494" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "IIOP" port "1570-1571, 2649, 2651" comments "Internet Inter-ORB Protocol -
Oracle Application Server NameServer, ORB, Orbix daemon"
set service-tcp "IIOP" name "IIOP" port "1570-1571, 2649, 2651" comments "Internet Inter-ORB
Protocol - Oracle Application Server NameServer, ORB, Orbix daemon" session-timeout "3600" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default IIOP port "1570-1571, 2649, 2651" disable-inspection "false" session-
timeout "3600" use-source-port "nil" keep-connections-open-after-policy-installation "false"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "LDAP" port "389" comments "LDAP Protocol"
set service-tcp "LDAP" name "LDAP" port "389" comments "LDAP Protocol" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default LDAP port "389" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "Any_TCP" port "0-65535" comments "Any TCP service"
set service-tcp "Any_TCP" name "Any_TCP" port "0-65535" comments "Any TCP service" session-timeout
"3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default Any_TCP port "0-65535" session-timeout "3600" use-source-port "nil"
keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" sync-
delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "Any_UDP" port "0-65535" comments "Any UDP service"
set service-system-default Any_UDP port "0-65535" session-timeout "40" use-source-port "nil"
keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15" accept-replies "true"
add service-udp name "MGCP" port "2427,2727" comments "Media Gateway Control Protocol - Call-Agent and Media Gateway"
set service-udp "MGCP" name "MGCP" port "2427,2727" comments "Media Gateway Control Protocol -
Call-Agent and Media Gateway" session-timeout "40" accept-replies "true" sync-connections-on-
cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default MGCP port "2427,2727" disable-inspection "true" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "SCCP" port "2000" comments "Skinny Client Control Protocol"
set service-tcp "SCCP" name "SCCP" port "2000" comments "Skinny Client Control Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SCCP port "2000" disable-inspection "true" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "SCCPS" port "2443" comments "Secure Skinny Client Control Protocol"
set service-tcp "SCCPS" name "SCCPS" port "2443" comments "Secure Skinny Client Control Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SCCPS port "2443" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "H323_RAS" port "1719" comments "H.323 Protocols RAS - Registration,
Admission and Status"
set service-udp "H323_RAS" name "H323_RAS" port "1719" comments "H.323 Protocols RAS -
Registration, Admission and Status" session-timeout "40" accept-replies "true" sync-connections-
on-cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default H323_RAS port "1719" disable-inspection "true" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "SIP_TCP" port "5060-5061" comments "Session Initialization Protocol over TCP
and over non-encrypted TLS"
set service-tcp "SIP_TCP" name "SIP_TCP" port "5060-5061" comments "Session Initialization
Protocol over TCP and over non-encrypted TLS" session-timeout "3600" sync-connections-on-cluster
"true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SIP_TCP port "5060-5061" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "SIP_UDP" port "5060" comments "Session Initialization Protocol over UDP"
set service-udp "SIP_UDP" name "SIP_UDP" port "5060" comments "Session Initialization Protocol
over UDP" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default SIP_UDP port "5060" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-protocol name "GRE" ip-protocol "47" comments "Generic Routing Encapsulation"
set service-system-default GRE ip-protocol "47" disable-inspection "false" session-timeout "600"
accept-replies "true" keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
# The activation modes for firewall
# A group of services
add service-group name "DNS" comments "Domain Name system services" member "DNS_UDP"
set service-group "DNS" add member "DNS_UDP"
set service-group "DNS" add member "DNS_TCP"
add service-group name "Mail" comments "Mail protocols" member "SMTP"
set service-group "Mail" add member "SMTP"
set service-group "Mail" add member "IMAP"
set service-group "Mail" add member "POP3"
add service-group name "NetBios" comments "Network Basic Input-Output System" member "NetBIOSName"
set service-group "NetBios" add member "NetBIOSName"
set service-group "NetBios" add member "NetBIOSDatagram"
set service-group "NetBios" add member "SMBOverNetBIOS"
add service-group name "Web" comments "Web protocols" member "HTTP"
set service-group "Web" add member "HTTP"
set service-group "Web" add member "HTTPS"
add service-group name "Any_TCP_UDP" comments "Any TCP-UDP services" member "Any_TCP"
set service-group "Any_TCP_UDP" add member "Any_TCP"
set service-group "Any_TCP_UDP" add member "Any_UDP"
add service-group name "Delay_Sensitive_Services" comments "Delay sensitive services" member "H323"
set service-group "Delay_Sensitive_Services" add member "H323"
set service-group "Delay_Sensitive_Services" add member "MGCP"
set service-group "Delay_Sensitive_Services" add member "SCCP"
set service-group "Delay_Sensitive_Services" add member "SCCPS"
set service-group "Delay_Sensitive_Services" add member "H323_RAS"
set service-group "Delay_Sensitive_Services" add member "SIP_TCP"
set service-group "Delay_Sensitive_Services" add member "SIP_UDP"
add service-group name "Guaranteed_Bandwidth_Services" comments "Guaranteed Bandwidth Services"
add service-group name "VoIP" comments "VoIP Protocols" member "H323"
set service-group "VoIP" add member "H323"
set service-group "VoIP" add member "MGCP"
set service-group "VoIP" add member "SCCP"
set service-group "VoIP" add member "SCCPS"
set service-group "VoIP" add member "H323_RAS"
set service-group "VoIP" add member "SIP_TCP"
set service-group "VoIP" add member "SIP_UDP"
add service-group name "SIP" comments "Session Initialization Protocols, used in VoIP" member "SIP_TCP"
set service-group "SIP" add member "SIP_TCP"
set service-group "SIP" add member "SIP_UDP"
# Default policy for firewall blade
set fw policy mode "MODE.TYPICAL" track-allowed-traffic "none" track-blocked-traffic "log"
# Local Users Group
delete local-group all
# Address range object
# Server network object
# AD groups that are in use
# Firewall rule base
# Network Objects Group model
# Access rule
# Hotspot settings
set hotspot require-auth "false" auth-mode "allow-all" timeout "240" portal-title "Check Point Hotspot" portal-msg "Welcome to Check Point Hotspot - your input is required to continue." show-terms-of-use "off"
set hotspot advanced-settings activation "on"
# Additional configuration for HTTP service
set service-system-default HTTP ips-settings non-standard-ports-action "accept" non-standard-
ports-track "log" parser-failure-action "accept" parser-failure-track "log" strict-request "true" strict-response "false" split-url "false" no-colon "true" tab-as-seperator "true" duplicate-content-length "true" duplicate-host "true" responses "false" invalid-chunk "true" empty-value "false" post "false" recursive-url "false" trailing-whitespaces "false"
# Additional configuration for HTTPS service
set service-system-default HTTPS url-filtering-settings categorize-https-sites "true"
# User awareness configuration table
set user-awareness browser-based-authentication redirect-upon-destinations "manually-defined"
redirect-upon-destination-internet "true" redirect-upon-destinations-net-objs "false" block-
unauthenticated-non-web-traffic "false" require-user-agreement "false" portal-address "<dynamic-ip>" session-timeout "720" log-out-on-portal-close "false"
set user-awareness mode "off" ad-queries-mode "off" browser-based-authentication-mode "off"
set user-awareness advanced-settings association-timeout "720"
set user-awareness advanced-settings assume-single-user "true"
# Infected host
# Global settings that affect all internet connections
set internet advanced-settings reset-sierra-usb-on-lsi-event "false"
# IP fragments parameters
set ip-fragments-params advanced-settings config track "log" limit "200" advanced-state "allow"
timeout "1" pkt-cap "false"
set ip-fragments-params advanced-settings minsize "0"
# IPS engine settings
set ips engine-settings protection-scope "protect-internal-hosts-only" bypass-under-load "false"
set ips engine-settings advanced-settings AboutConfigIPSErrorPageConfig status-code-desc "Access
denied due to IPS policy violation" show-error-code "false" send-detailed-status-code "true" enable-logo-url "false"
set ips engine-settings advanced-settings AboutConfigIPSErrorPage send-error-code "false" error-page-for-supported-web-protections "show-pre-defined-html-error-page"
# IPS topic view
# Configure the custom default policy if chosen as custom
set threat-prevention ips custom-default-policy server-protections "enable" client-protections
"enable" disable-by-confidence-level "true" disable-confidence-level-below-or-equal "Medium"
disable-by-severity "true" disable-severity-below-or-equal "Low" disable-by-performance-impact
"true" disable-performance-impact-above-or-equal "High" disable-protocol-anomalies "false"
# Threat Prevention IPS global policy
set threat-prevention ips policy mode "off" log "log" default-policy "Recommended" detect-mode "false"
# Configure exception rules to bypass IPS protections for specific traffic
delete threat-prevention ips network-exception all
# Traffic will be distributed automatically across the defined Internet connections according to
the configured load balancing weights
set internet mode "high-availability"
# Local network
set dhcp server interface "LAN1_Switch" dns "auto"
set interface "LAN1_Switch" ipv4-address "192.168.1.1" mask-length "24"
set interface "LAN1_Switch" mtu "1500"
set interface "LAN1_Switch" lan-access "accept" lan-access-track "none"
set interface "LAN1_Switch" state "on"
set dhcp server interface "LAN1_Switch" include-ip-pool "192.168.1.1-192.168.1.50"
set dhcp server interface "LAN1_Switch" exclude-ip-pool "192.168.1.2-192.168.1.10"
set dhcp server interface "LAN1_Switch" lease-time "72"
set dhcp server interface "DMZ" dns "auto"
set interface "DMZ" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "DMZ" lan-access "block" lan-access-track "log"
set interface "DMZ" state "off"
set dhcp server interface "DMZ" lease-time "72"
set dhcp server interface "Lagura" dns "auto"
set interface "Lagura" ipv4-address "192.168.252.1" mask-length "24"
set interface "Lagura" mtu "1500"
set interface "Lagura" lan-access "accept" lan-access-track "none"
set interface "Lagura" state "on"
set dhcp server interface "Lagura" include-ip-pool "192.168.252.1-192.168.252.254"
set dhcp server interface "Lagura" lease-time "72"
set dhcp server interface "LAN1" dns "auto"
set interface "LAN1" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN1" lan-access "accept" lan-access-track "none"
set interface "LAN1" state "off"
set dhcp server interface "LAN1" lease-time "72"
set dhcp server interface "LAN2" dns "auto"
set interface "LAN2" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN2" lan-access "accept" lan-access-track "none"
set interface "LAN2" state "off"
set dhcp server interface "LAN2" lease-time "72"
set dhcp server interface "LAN3" dns "auto"
set interface "LAN3" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN3" lan-access "accept" lan-access-track "none"
set interface "LAN3" state "off"
set dhcp server interface "LAN3" lease-time "72"
set dhcp server interface "LAN4" dns "auto"
set interface "LAN4" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN4" lan-access "accept" lan-access-track "none"
set interface "LAN4" state "off"
set dhcp server interface "LAN4" lease-time "72"
set dhcp server interface "LAN5" dns "auto"
set interface "LAN5" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN5" lan-access "accept" lan-access-track "none"
set interface "LAN5" state "off"
set dhcp server interface "LAN5" lease-time "72"
set dhcp server interface "LAN6" dns "auto"
set interface "LAN6" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN6" lan-access "accept" lan-access-track "none"
set interface "LAN6" state "off"
set dhcp server interface "LAN6" lease-time "72"
set dhcp server interface "LAN7" dns "auto"
set interface "LAN7" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN7" lan-access "accept" lan-access-track "none"
set interface "LAN7" state "off"
set dhcp server interface "LAN7" lease-time "72"
set dhcp server interface "LAN8" dns "auto"
set interface "LAN8" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN8" lan-access "accept" lan-access-track "none"
set interface "LAN8" state "off"
set dhcp server interface "LAN8" lease-time "72"
# Log servers configuration
set log-servers-configuration mgmt-server-ip-addr "0.0.0.0" external-log-server-enable "false"
# loginMessages
# NAT global
set nat advanced-settings ip-pool-nat ip-pool-securemote "false" ip-pool-log "log" ip-pool-per-interface "false" ip-pool-override-hide "true" ip-pool-gw2Gw "false" ip-pool-unused-return-interval "60" log-ip-pool-allocation "none" ip-pool-mode "do-not-use-IP-pool-NAT" ip-pool-alloc-per-destination "false"
set nat advanced-settings nat-limit "0"
set nat advanced-settings nat-cache-num-entries "10000"
set nat advanced-settings increase-hide-capacity "true"
set nat advanced-settings nat-cache-expiration "30"
set nat advanced-settings perform-cluster-hide-fold "false"
set nat advanced-settings nat-hash-size "0"
set nat advanced-settings nat-automatic-arp "true"
set nat advanced-settings nat-destination-client-side "true"
set nat advanced-settings nat-destination-client-side-manual "true"
set nat advanced-settings arp-proxy-merge "false"
set nat advanced-settings address-trans "true"
set nat hide-internal-networks "on"
# Manual NAT rules
# Netflow object table
# NTP
set ntp local-time-zone "TIMEZONE.KUALA_LUMPUR_SINGAPORE" auto-adjust-daylight-saving "on"
set ntp interval "30"
set ntp server primary "ntp.checkpoint.com"
set ntp active "off"
set ntp server secondary "ntp2.checkpoint.com"
# Additional configuration for PPTP service
set service-system-default PPTP_TCP ips-settings action "accept" track "log" strict "false"
# Configure proxy settings for connecting with Check Point update and license servers
set proxy "disable"
# QoS blade basic configuration
set qos default-policy limit-bandwidth-consuming-applications "on" limit-upload-traffic "enable"
upload-limit "1" limit-download-traffic "enable" download-limit "1" guarantee-bandwidth-to-
configured-traffic "off" guarantee-bandwidth-percentage "20" guarantee-bandwidth-traffic "vpn"
guarantee-bandwidth-on-services "all" ensure-low-latency-for-delay-sensitive-services "on"
set qos low-latency-traffic maximum-percentage-of-bandwidth "20"
set qos mode "off"
set qos advanced-settings qos-logging "true"
# QoS rule base rule configuration
# View for QoS rule base
# VPN Remote Access
set vpn remote-access advanced om-network-ip "172.16.10.0" om-subnet-mask "255.255.255.0"
default-route-through-this-gateway "off" enc-dom "auto" use-this-gateway-as-dns-server "on" dns-domain-mode "on"
set vpn remote-access default-access-to-lan "accept" mode "on" track "log" mobile-client "on"
sslvpn-client "off" l2tp-vpn-client "off"
set vpn remote-access advanced-settings port visitor-mode-port "443" reserve-port-443 "false"
set vpn remote-access advanced-settings office-mode single-om-per-site "false" om-perform-antispoofing "false"
set vpn remote-access advanced-settings visitor-mode enable-visitor-mode-all "all" visitor-mode-
interface "0.0.0.0"
set vpn remote-access advanced-settings update-topo-startup "true"
set vpn remote-access advanced-settings ike-ip-comp-support "false"
set vpn remote-access advanced-settings snx-upgrade "ask-user"
set vpn remote-access advanced-settings disconnect-enc-domain "true"
set vpn remote-access advanced-settings om-enable-with-multiple-if "false"
set vpn remote-access advanced-settings snx-encryption-enable-rc4 "true"
set vpn remote-access advanced-settings allow-update-topo "false"
set vpn remote-access advanced-settings enable-back-conn "false"
set vpn remote-access advanced-settings prevent-ip-pool-nat "false"
set vpn remote-access advanced-settings allow-caching-passwords-on-client "false"
set vpn remote-access advanced-settings allow-clear-traffic-while-disconnected "true"
set vpn remote-access advanced-settings allow-simultaneous-login "true"
set vpn remote-access advanced-settings disable-office-mode "false"
set vpn remote-access advanced-settings verify-gateway-cert "true"
set vpn remote-access advanced-settings snx-user-re-auth-timeout "480"
set vpn remote-access advanced-settings ike-support-crash-recovery "true"
set vpn remote-access advanced-settings ike-over-tcp "false"
set vpn remote-access advanced-settings is-udp-enc-active "true"
set vpn remote-access advanced-settings endpoint-vpn-user-re-auth-timeout "480"
set vpn remote-access advanced-settings keep-alive-time "20"
set vpn remote-access advanced-settings enc-method "ike-v1"
set vpn remote-access advanced-settings om-method-radius "false"
set vpn remote-access advanced-settings snx-keep-alive-timeout "20"
set vpn remote-access advanced-settings enc-dns-traffic "true"
set vpn remote-access advanced-settings snx-uninstall-on-disconnect "do-not-uninstall"
set vpn remote-access advanced-settings use-limited-auth-timeout "false"
set vpn remote-access advanced-settings update-topo "168"
set vpn remote-access advanced-settings auth-timeout-limit "120"
# Cloud report
# Serial port
set serial-port port-speed "115200" flow-control "rts-cts" disabled "false" mode "console"
# SNMP general configuration options
set snmp agent "off" agent-version "any" community "public"
# Additional configuration for SNMP service
set service-system-default SNMP firewall-settings read-only "false"
# snmp traps
set snmp traps trap-name "interface-disconnected" enable "on" severity "4" repetitions "1" repetitions-delay "30"
set snmp traps trap-name "interface-unassigned" enable "on" severity "4" repetitions "1" repetitions-delay "30"
set snmp traps trap-name "high-memory-utilization" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "90"
set snmp traps trap-name "low-disk-space" enable "on" severity "4" repetitions "1" repetitions-
delay "30" threshold "10"
set snmp traps trap-name "high-cpu-utilization" enable "off" severity "4" repetitions "1"
repetitions-delay "30" threshold "95"
set snmp traps trap-name "high-cpu-interrupts-rate" enable "off" severity "4" repetitions "1"
repetitions-delay "30" threshold "20000000"
set snmp traps trap-name "high-connections-rate" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "3000"
set snmp traps trap-name "high-concurrent-connections" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "50000"
set snmp traps trap-name "high-firewall-throughput" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "1000"
set snmp traps trap-name "high-accepted-packet-rate" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "100000"
set snmp traps trap-name "cluster-member-state-changed" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-severe-active" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-state" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-device-status-problem" enable "off" severity "4"
repetitions "1" repetitions-delay "30"
set snmp traps trap-name "cluster-interface-problem" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "connection-with-log-server-error" enable "on" severity "4" repetitions
"1" repetitions-delay "30"
# snmp users
delete snmp users all
# Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent's way
of notifying the manager that something is wrong
delete snmp traps-receivers all
# Additional configuration for SSH service
set service-system-default SSH ips-settings block-version "false"
# Static routes
delete static-routes
# Streaming engine settings
delete streaming-engine-settings
set streaming-engine-settings tcp-block-out-of-win-mon-only "prevent" tcp-block-out-of-win-track
"none" tcp-block-retrans-err-mon-only "prevent" tcp-block-retrans-err-track "log" tcp-block-syn-
retrans-mon-only "prevent" tcp-block-syn-retrans-track "log" tcp-block-urg-bit-mon-only "prevent"
tcp-block-urg-bit-track "log" tcp-hold-timeout-mon-only "prevent" tcp-hold-timeout-track "log"
tcp-invalid-checksum-mon-only "prevent" tcp-invalid-checksum-track "none" tcp-segment-limit-mon-
only "prevent" tcp-segment-limit-track "log"
# Policy for Threat Prevention, shared by Anti-Virus and Anti-Bot
set threat-prevention policy high-confidence "prevent" medium-confidence "prevent" low-confidence
"detect" performance-impact "medium" track "log"
set threat-prevention policy advanced-settings fail-mode "allow-all-requests"
set threat-prevention policy advanced-settings block-requests-when-the-web-service-is-unavailable
"false"
# Threat Prevention Anti-Bot policy
set threat-prevention anti-bot policy mode "off" detect-mode "off"
set threat-prevention anti-bot policy advanced-settings res-class-mode "rs-hold"
# Threat Prevention Anti-Virus policy
set threat-prevention anti-virus policy mode "off" detect-mode "off" scope "incoming" interfaces
"external-dmz" protocol-http "true" protocol-mail "true" protocol-ftp "true" file-types-policy
"malware"
set threat-prevention anti-virus policy advanced-settings max-nesting-level "7"
set threat-prevention anti-virus policy advanced-settings action-when-nesting-level-exceeded
"block"
set threat-prevention anti-virus policy advanced-settings file-scan-size-kb "0"
set threat-prevention anti-virus policy advanced-settings priority-scanning "true"
set threat-prevention anti-virus policy advanced-settings res-class-mode "rs-hold"
# Malware exceptions
delete threat-prevention exceptions all
# Threat prevention whitelist file
delete threat-prevention whitelist type-file all
# Threat Prevention whitelist URL
delete threat-prevention whitelist type-url all
# Web Interface Settings and Customizations
delete ui-settings
set ui-settings use-custom-webui-logo "false"
# Users and administrators
# Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet
connectivity problems
set usb-modem-watchdog advanced-settings interval "5"
set usb-modem-watchdog advanced-settings mode "off"
# Configured administrator for the appliance
add administrator username "admin" password-hash "$1$pqXRwj91$pfpHFBF003C0u/ytWGLGO0" permission "read-write"
# Users RADIUS server
set radius-server priority "1" udp-port "1812" timeout "3"
set radius-server priority "2" udp-port "1812" timeout "3"
# VPN Global
set vpn site-to-site enc-dom manual remove-all name
set vpn site-to-site mode "on" default-access-to-lan "accept" track "log" local-encryption-domain
"auto" sourceIpSelection "automatically" outgoing-interface-selection "routing-table"
set vpn site-to-site advanced-settings ike-dos-protection-known-sites "none"
set vpn site-to-site advanced-settings maximum-concurrent-ike-negotiations "200"
set vpn site-to-site advanced-settings reply-from-same-ip "true"
set vpn site-to-site advanced-settings check-validity-of-ipsec-reply-packets "false"
set vpn site-to-site advanced-settings ike-dos-protection-unknown-sites "none"
set vpn site-to-site advanced-settings permanent-tunnel-down-track "log"
set vpn site-to-site advanced-settings log-vpn-outgoing-link "none"
set vpn site-to-site advanced-settings enable-link-selection "true"
set vpn site-to-site advanced-settings maximum-concurrent-vpn-tunnels "10000"
set vpn site-to-site advanced-settings period-before-crl-valid "7200"
set vpn site-to-site advanced-settings perform-ike-using-cluster-ip "true"
set vpn site-to-site advanced-settings limit-open-sas "20"
set vpn site-to-site advanced-settings timeout-for-an-rdp-packet-reply "10"
set vpn site-to-site advanced-settings ike-use-largest-possible-subnets "true"
set vpn site-to-site advanced-settings log-vpn-packet-handling-errors "log"
set vpn site-to-site advanced-settings is-admin-access-agnostic "true"
set vpn site-to-site advanced-settings log-notification-for-administrative-actions "log"
set vpn site-to-site advanced-settings udp-encapsulation-for-firewalls-and-proxies "true"
set vpn site-to-site advanced-settings period-after-crl-not-valid "1800"
set vpn site-to-site advanced-settings sync-sa-with-other-cluster-members "200000"
set vpn site-to-site advanced-settings keep-dont-fragment-flag-on-packet "false"
set vpn site-to-site advanced-settings log-vpn-successful-key-exchange "log"
set vpn site-to-site advanced-settings copy-diff-serv-from-ipsec-packet "false"
set vpn site-to-site advanced-settings tunnel-test-from-internal "false"
set vpn site-to-site advanced-settings reply-from-incoming-interface "false"
set vpn site-to-site advanced-settings permanent-tunnel-up-track "log"
set vpn site-to-site advanced-settings vpn-configuration-and-key-exchange-errors "log"
set vpn site-to-site advanced-settings vpn-tunnel-sharing "subnets"
set vpn site-to-site advanced-settings copy-diff-serv-to-ipsec-packet "true"
# Configure remote VPN sites
delete vpn site all
# Wireless networks
set wlan radio country "other" operation-mode "11ng" channel "auto" channel-width "20
transmitter-power "full"
set wlan radio advanced-settings antenna "auto"
set wlan radio "on"
set wlan radio advanced-settings guard-interval "short"
# Wireless statistics
# Wireless statistics per vap
1140-Gateway> expert
This is the first time you enter the expert mode.
Expert password must be changed.
Enter new expert password:
Illegal password choice: it is based on a dictionary word, try again.
Enter new expert password:
Enter new expert password (again):
You are in expert mode now.
Expert@1140-Gateway]# ifconfig // EXPERTS MODE SUPPORTS LINUX COMMANDS
LAN1 Link encap:Ethernet HWaddr 00:1C:7F:2F:93:E9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:15
WAN Link encap:Ethernet HWaddr 00:1C:7F:2F:93:E8
inet addr:222.165.111.178 Bcast:222.165.111.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:320633 errors:0 dropped:0 overruns:0 frame:0
TX packets:106254 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:228209724 (217.6 MiB) TX bytes:11919551 (11.3 MiB)
Interrupt:11
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5187 errors:0 dropped:0 overruns:0 frame:0
TX packets:5187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:444534 (434.1 KiB) TX bytes:444534 (434.1 KiB)
wifi0 Link encap:Ethernet HWaddr 48:A9:D2:86:F6:21
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:499 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:9 Memory:e0b40000-e0b50000
wlan0 Link encap:Ethernet HWaddr 48:A9:D2:86:F6:21
inet addr:192.168.252.1 Bcast:192.168.252.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:120298 errors:5684 dropped:0 overruns:0 frame:0
TX packets:198359 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14166128 (13.5 MiB) TX bytes:225822886 (215.3 MiB)
[Expert@1140-Gateway]# top // show proc cpu IN CISCO
Mem: 360460K used, 154520K free, 0K shrd, 0K buff, 128272K cached
CPU: 0% usr 0% sys 0% nice 100% idle 0% io 0% irq 0% softirq
Load average: 0.34 0.71 0.70
PID PPID USER STAT RSS VSZ %MEM %CPU COMMAND
1928 1261 root S 53884 128m 26% 0% fw sfwd
2223 1 root S < 9648 67244 13% 0% /opt/fw1/bin/fw web_mon start
2205 2201 root S < 15860 36532 7% 0% /pfrm2.0/bin/lua
/pfrm2.0/share/lua/5.1/sapi/sfw_webd/sfw_webd.lua
1270 1261 root S < 11308 35788 7% 0% cposd
4517 2735 root S 8872 29024 6% 0% /pfrm2.0/bin/lua /pfrm2.0/bin/cli/runCliCommand.lua
expert
1321 1261 root S 1804 28688 6% 0% rtdbd
541 1 root S 2104 21072 4% 0% /pfrm2.0/bin/ntpd /fwtmp/system.db
468 1 root S 2120 21068 4% 0% /pfrm2.0/bin/evtDsptchd /fwtmp/system.db
488 1 root S 2096 21064 4% 0% /pfrm2.0/bin/platformd /fwtmp/system.db
531 1 root S 1148 20544 4% 0% /pfrm2.0/bin/rebootd /fwtmp/system.db
2735 2723 root S 12120 14920 3% 0% /pfrm2.0/bin/newSfwsh.bin
2025 1928 root S 4364 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2047 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2045 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2046 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2048 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2049 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2024 1928 root S 4248 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2050 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2065 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
983 982 root S 5352 8836 2% 0% /pfrm2.0/bin/thttpd -nos -c **.cgi -d
/pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1261 1 root S 2292 6248 1% 0% cpwd
1510 1 root S < 1772 5636 1% 0% /usr/sbin/hostapd /etc/hostap/wireless3.conf
982 1 root S 968 5412 1% 0% thttpd watchdog tpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1544 1 root S < 1152 4756 1% 0% /usr/bin/arping -S 0 -E 30 -I WAN 222.165.104.1
2142 1 root S 1176 4752 1% 0% /sbin/getty -L ttyS0 115200 vt100
999 1 root S 608 4748 1% 0% syslogd -l 7 -p /logs/messages -t 0 -x /pfrm2.0/bin/log_gzip.sh
4540 4520 root R 1168 4748 1% 0% top
1628 1 root S < 1396 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.wlan0 -lf /var/dhcpd.leases.wlan0 -pf /var/run/dhcpd.pid.wlan0 wlan0
1615 1 root S < 900 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.LAN1 -lf
/var/dhcpd.leases.LAN1 -pf /var/run/dhcpd.pid.LAN1 LAN1
2723 981 root S 1432 4312 1% 0% dropbear -j -k -p 22 -r /pfrm2.0/etc/dropbear_rsa_host_key
1464 1 root S < 1132 4236 1% 0% /pfrm2.0/bin/dhclient -q -e
CONN_STATUS=/var/dhclient.status.WAN -e WAN_INDEX=0 -pf /var/run/dhclient.pid.WAN -cf
/var/dhclient.conf.WAN -lf /var/
981 1 root S 584 4188 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1476 1 nobody S < 892 3888 1% 0% /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h
-H /var/hosts -c 0 -E --domain=#
1014 1 root S 236 3632 1% 0% /pfrm2.0/bin/fReset
807 1 root S 816 3556 1% 0% /opt/fw1/bin/sfw_netflowd
4520 4517 root S 1528 2776 1% 0% bash
2201 1 root S < 1204 2676 1% 0% /bin/sh /pfrm2.0/bin/start_sfw_webd.sh
1 0 root S 576 1592 0% 0% init
420 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd3]
383 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd10]
779 2 root RW 0 0 0% 0% [fw_worker_0]
3 2 root SWN 0 0 0% 0% [ksoftirqd/0]
95 2 root SW 0 0 0% 0% [pdflush]
4 2 root SW< 0 0 0% 0% [events/0]
115 2 root SW< 0 0 0% 0% [led_wq]
728 2 root SW 0 0 0% 0% [kissd]
2 0 root SW< 0 0 0% 0% [kthreadd]
5 2 root SW< 0 0 0% 0% [khelper]
67 2 root SW< 0 0 0% 0% [kblockd/0]
70 2 root SW< 0 0 0% 0% [khubd]
73 2 root SW< 0 0 0% 0% [kmmcd]
Mem: 360412K used, 154568K free, 0K shrd, 0K buff, 128272K cached
CPU: 0% usr 0% sys 0% nice 98% idle 0% io 0% irq 0% softirq
Load average: 0.31 0.70 0.70
PID PPID USER STAT RSS VSZ %MEM %CPU COMMAND
779 2 root RW 0 0 0% 0% [fw_worker_0]
1544 1 root S < 1152 4756 1% 0% /usr/bin/arping -S 0 -E 30 -I WAN 222.165.104.1
1928 1261 root S 53884 128m 26% 0% fw sfwd
2223 1 root S < 9648 67244 13% 0% /opt/fw1/bin/fw web_mon start
2205 2201 root S < 15860 36532 7% 0% /pfrm2.0/bin/lua
/pfrm2.0/share/lua/5.1/sapi/sfw_webd/sfw_webd.lua
1270 1261 root S < 11308 35788 7% 0% cposd
4517 2735 root S 8872 29024 6% 0% /pfrm2.0/bin/lua /pfrm2.0/bin/cli/runCliCommand.lua
expert
1321 1261 root S 1804 28688 6% 0% rtdbd
541 1 root S 2104 21072 4% 0% /pfrm2.0/bin/ntpd /fwtmp/system.db
468 1 root S 2120 21068 4% 0% /pfrm2.0/bin/evtDsptchd /fwtmp/system.db
488 1 root S 2096 21064 4% 0% /pfrm2.0/bin/platformd /fwtmp/system.db
531 1 root S 1148 20544 4% 0% /pfrm2.0/bin/rebootd /fwtmp/system.db
2735 2723 root S 12120 14920 3% 0% /pfrm2.0/bin/newSfwsh.bin
2025 1928 root S 4364 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2047 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2045 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2046 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2048 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2049 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2024 1928 root S 4248 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2050 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2065 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
983 982 root S 5352 8836 2% 0% /pfrm2.0/bin/thttpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1261 1 root S 2292 6248 1% 0% cpwd
1510 1 root S < 1772 5636 1% 0% /usr/sbin/hostapd /etc/hostap/wireless3.conf
982 1 root S 968 5412 1% 0% thttpd watchdog tpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
4540 4520 root R 1320 4824 1% 0% top
2142 1 root S 1176 4752 1% 0% /sbin/getty -L ttyS0 115200 vt100
999 1 root S 608 4748 1% 0% syslogd -l 7 -p /logs/messages -t 0 -x /pfrm2.0/bin/log_gzip.sh
1628 1 root S < 1396 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.wlan0 -lf /var/dhcpd.leases.wlan0 -pf /var/run/dhcpd.pid.wlan0 wlan0
1615 1 root S < 900 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.LAN1 -lf
/var/dhcpd.leases.LAN1 -pf /var/run/dhcpd.pid.LAN1 LAN1
2723 981 root S 1432 4312 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1464 1 root S < 1132 4236 1% 0% /pfrm2.0/bin/dhclient -q -e
CONN_STATUS=/var/dhclient.status.WAN -e WAN_INDEX=0 -pf /var/run/dhclient.pid.WAN -cf
/var/dhclient.conf.WAN -lf /var/
981 1 root S 584 4188 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1476 1 nobody S < 892 3888 1% 0% /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h
-H /var/hosts -c 0 -E --domain=#
1014 1 root S 236 3632 1% 0% /pfrm2.0/bin/fReset
807 1 root S 816 3556 1% 0% /opt/fw1/bin/sfw_netflowd
4520 4517 root S 1528 2776 1% 0% bash
2201 1 root S < 1204 2676 1% 0% /bin/sh /pfrm2.0/bin/start_sfw_webd.sh
1 0 root S 576 1592 0% 0% init
420 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd3]
383 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd10]
3 2 root SWN 0 0 0% 0% [ksoftirqd/0]
95 2 root SW 0 0 0% 0% [pdflush]
4 2 root SW< 0 0 0% 0% [events/0]
115 2 root SW< 0 0 0% 0% [led_wq]
728 2 root SW 0 0 0% 0% [kissd]
2 0 root SW< 0 0 0% 0% [kthreadd]
5 2 root SW< 0 0 0% 0% [khelper]
67 2 root SW< 0 0 0% 0% [kblockd/0]
70 2 root SW< 0 0 0% 0% [khubd]
73 2 root SW< 0 0 0% 0% [kmmcd]
[Expert@1140-Gateway]# exit
exit
1140-Gateway> cpshell // ALTERNATE TO EXPERT MODE
? for list of commands
[1140-Gateway]#
1140-Gateway> show software-version
This is Check Point's 1100 Appliance R77.20.11 - Build 471
1140-Gateway> fw ver -k
This is Check Point's 1100 Appliance R77.20.11 - Build 471
kernel: R77.20.11 - Build 383
1140-Gateway> show diag
Current system info
-----------------------------------
Image name: R77_990171471_20_11
Image version: 471
Bootloader version: 983002045
HW MAC Address: 00:1C:7F:2F:93:E8
LAN1 MAC Address: 00:1C:7F:2F:93:E9
LAN2 MAC Address: 00:1C:7F:2F:93:EA
LAN3 MAC Address: 00:1C:7F:2F:93:EB
LAN4 MAC Address: 00:1C:7F:2F:93:EC
LAN5 MAC Address: 00:1C:7F:2F:93:ED
LAN6 MAC Address: 00:1C:7F:2F:93:EE
LAN7 MAC Address: 00:1C:7F:2F:93:EF
LAN8 MAC Address: 00:1C:7F:2F:93:F0
DMZ MAC Address: 00:1C:7F:2F:93:F1
DSL MAC Address: A0:00:00:00:00:00
Wireless region: 5
DSL Annex: <UNKNOWN>
DSL Firmware: <UNKNOWN>
Unit version: 1
Unit name: UTM1
Unit model: L50
Marketing capabilities: 0
Management opaque: PbCCn3B/Cs4=:8mDFYWN68go=:gfFPFZFo7eg=
Hardware capabilities: 3
RTC status: OK
NAND status: OK
NAND bad-blocks:
-----------------------------------
1140-Gateway> fw stat
HOST POLICY DATE
localhost local 9Apr2016 8:22:31 : [>WAN ] [<WAN ] [>wlan0] [<wlan0] // THE CP 1140 FETCHES THE LOCAL POLICY EACH TIME IT BOOTS UP
1140-Gateway> show license
Host Expiration Features
======================================================================
Check Point product trial period will expire in 12 days.
Until then, you will be able to use the complete Check Point Product Suite.
Please obtain a permanent license from Check Point User Center at:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
======================================================================
1140-Gateway> show users type admin
username permission
admin read-write
1140-Gateway> show interfaces
name: LAN1_Switch
ipv4-address: 192.168.1.1
status:
name: DMZ
ipv4-address:
status: off
name: Lagura
ipv4-address: 192.168.252.1
status: up
name: LAN1
ipv4-address:
status: disconnected
name: LAN2
ipv4-address:
status: disconnected
name: LAN3
ipv4-address:
status: disconnected
name: LAN4
ipv4-address:
status: disconnected
name: LAN5
ipv4-address:
status: disconnected
name: LAN6
ipv4-address:
status: disconnected
name: LAN7
ipv4-address:
status: disconnected
name: LAN8
ipv4-address:
status: disconnected
name: Internet1
ipv4-address: 222.165.111.178
1140-Gateway> show interface Internet1
dhcp-exclude-end-range:
bridge-stp-priority: 32768
vti-is-numbered:
dhcp-range-end:
cluster-status: non-ha
wirelessRadioMode: on
lan-access:
description:
vlan: 1
subnet-mask: 255.255.248.0
is-connection-static: false
ssid:
mask-length: 21
password:
wireless-wep-password1:
interface: WAN
wep-default-key: 1
exclude-ip-pool:
xr: off
mtu: 1500
wpa-authenticate-using: password
wireless-wep-password2:
wmm: on
is-hidden: false
stp: off
bridge-anti-spoofing: off
status:
tkip-group-key-update-interval:600
nat: on
type: internet
wireless-wep-password4:
name: Internet1
wireless-wep-password3:
hide-ssid: off
network-ports:
bridge-stp-aging-time: 20
ipv4-address: 222.165.111.178 // PUBLIC IP NEGOTIATED FROM ISP
beacon-interval: 100
wds-peer-mac-address:
bridge-stp-forward-delay: 15
bridge-range:
relay-secondary:
display-name: Internet1
wireless-mac-filter-list: table: 0x41d43290
dhcp-exclude-start-range:
name: Internet1
security-type: WPA/WPA2
bridge-stp-hello-time: 2
rts-threshold: 2346
assignment: ASSIGNMENT.SEPARATE_NETWORK
dhcp-options: table: 0x41d4b758
vti-number: 0
mac-address:
dhcp-range-start:
internet-connection: table: 0x41d4dc30
type: numbered
guest-wireless:
relay relay-to:
wds: off
hidden-bridge-interface:
hotspot: off
link-speed:
state: on
remote:
dhcp: on
stp-cost: 100
include-ip-pool:
auto-negotiation:
lan-access-track:
internet-can-be-bridged: false
stp-priority: 128
peer:
bridge-log-dropped-non-iP: off
wpa-encryption-type: Auto
wireless-mac-filter: off
dtim-period: 1
fragmentation-threshold: 2346
wireless-transmission-rate: auto
station-to-station: allow
master-key-update-interval: 86400
is-bridge-fw-enabled: on
1140-Gateway> show wlan
wds: off
hide-ssid: off
wpa-auth-type: password
hotspot : off
password2:
password4:
default-wep-password: 1
assignment: ASSIGNMENT.SEPARATE_NETWORK
wpa-encryption-type: Auto
status: up
ssid: Lagura
mode: on
vap: Lagura
data-rate: auto
password: <PASSWORD>
security-type: WPA/WPA2
password1:
station-to-station: allow
name: wlan
password3:
1140-Gateway> show wlan radio
guard-interval: short
region: fcca
operation-mode: 11ng // SUPPORTS 802.11n AND BACKWARDS COMPATIBLE WITH 802.11g
country: other
channel: auto
antenna: auto
channel-width: 20
mode: on
transmitter-power: full
1140-Gateway> show route
Codes: C - Connected, S - Static, R - RIP, B - BGP,
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive
S 0.0.0.0/0 via 222.165.104.1, WAN, cost 0, age 3
C 127.0.0.0/8 is directly connected, lo
lo
C 192.168.252.0/24 is directly connected, wlan0
wlan0
C 222.165.104.0/21 is directly connected, WAN
WAN
1140-Gateway> netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 LAN1
192.168.252.0 * 255.255.255.0 U 0 0 0 wlan0
222.165.104.0 * 255.255.248.0 U 0 0 0 WAN
default unknown.maxonli 0.0.0.0 UG 0 0 0 WAN
1140-Gateway> arp -a
? (192.168.252.4) at D0:25:98:90:1C:D9 [ether] on wlan0
? (192.168.252.8) at EC:55:F9:01:F9:0C [ether] on wlan0
? (192.168.252.6) at 70:3E:AC:93:EF:1A [ether] on wlan0
unknown.maxonline.com.sg (222.165.104.1) at 00:17:10:85:FA:1F [ether] on WAN
? (192.168.252.7) at 30:10:E4:66:CE:5A [ether] on wlan0
? (192.168.252.5) at BC:4C:C4:D8:7D:82 [ether] on wlan0
1140-Gateway> vpn tu
********** Select Option **********
(1) List all IKE SAs
(2) List all IPsec SAs
(3) List all IKE SAs for a given peer (GW) or user (Client)
(4) List all IPsec SAs for a given peer (GW) or user (Client)
(5) Delete all IPsec SAs for a given peer (GW)
(6) Delete all IPsec SAs for a given User (Client)
(7) Delete all IPsec+IKE SAs for a given peer (GW)
(8) Delete all IPsec+IKE SAs for a given User (Client)
(9) Delete all IPsec SAs for ALL peers and users
(0) Delete all IPsec+IKE SAs for ALL peers and users
(Q) Quit
*******************************************
q
Aborting ...
1140-Gateway> fw monitor
fw: getting filter (from command line)
fw: compiling
monitorfilter:
Compiled OK.
fw: loading
fw: monitoring (control-C to stop)
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14239
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e07e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14239
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e07e
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11904
TCP: 22 -> 2784 ...PA. seq=1ff1e07e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11904
TCP: 22 -> 2784 ...PA. seq=1ff1e07e ack=b05c1ad8
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11905
TCP: 22 -> 2784 ...PA. seq=1ff1e0f2 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11905
TCP: 22 -> 2784 ...PA. seq=1ff1e0f2 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11906
TCP: 22 -> 2784 ...PA. seq=1ff1e156 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11906
TCP: 22 -> 2784 ...PA. seq=1ff1e156 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14240
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e156
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14240
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e156
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11907
TCP: 22 -> 2784 ...PA. seq=1ff1e1ca ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11907
TCP: 22 -> 2784 ...PA. seq=1ff1e1ca ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11908
TCP: 22 -> 2784 ...PA. seq=1ff1e22e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11908
TCP: 22 -> 2784 ...PA. seq=1ff1e22e ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14241
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e22e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14241
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e22e
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11909
TCP: 22 -> 2784 ...PA. seq=1ff1e2b2 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11909
TCP: 22 -> 2784 ...PA. seq=1ff1e2b2 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11910
TCP: 22 -> 2784 ...PA. seq=1ff1e316 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11910
TCP: 22 -> 2784 ...PA. seq=1ff1e316 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14242
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e316
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14242
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e316
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11911
TCP: 22 -> 2784 ...PA. seq=1ff1e39a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11911
TCP: 22 -> 2784 ...PA. seq=1ff1e39a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11912
TCP: 22 -> 2784 ...PA. seq=1ff1e3fe ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11912
TCP: 22 -> 2784 ...PA. seq=1ff1e3fe ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14243
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e3fe
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14243
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e3fe
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11913
TCP: 22 -> 2784 ...PA. seq=1ff1e482 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11913
TCP: 22 -> 2784 ...PA. seq=1ff1e482 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11914
TCP: 22 -> 2784 ...PA. seq=1ff1e4e6 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11914
TCP: 22 -> 2784 ...PA. seq=1ff1e4e6 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14244
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e4e6
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14244
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e4e6
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11915
TCP: 22 -> 2784 ...PA. seq=1ff1e56a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11915
TCP: 22 -> 2784 ...PA. seq=1ff1e56a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11916
TCP: 22 -> 2784 ...PA. seq=1ff1e5ce ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11916
TCP: 22 -> 2784 ...PA. seq=1ff1e5ce ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14245
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e5ce
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14245
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e5ce
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11917
TCP: 22 -> 2784 ...PA. seq=1ff1e652 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11917
TCP: 22 -> 2784 ...PA. seq=1ff1e652 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11918
TCP: 22 -> 2784 ...PA. seq=1ff1e6b6 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[172]: 192.168.1.1 -> 192.168.252.8 (TCP) len=172 id=11918
TCP: 22 -> 2784 ...PA. seq=1ff1e6b6 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14246
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e6b6
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14246
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e6b6
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11919
TCP: 22 -> 2784 ...PA. seq=1ff1e73a ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11919
TCP: 22 -> 2784 ...PA. seq=1ff1e73a ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11920
TCP: 22 -> 2784 ...PA. seq=1ff1e79e ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11920
TCP: 22 -> 2784 ...PA. seq=1ff1e79e ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14247
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e79e
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14247
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e79e
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11921
TCP: 22 -> 2784 ...PA. seq=1ff1e812 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len=140 id=11921
TCP: 22 -> 2784 ...PA. seq=1ff1e812 ack=b05c1ad8
[vs_0][fw_0] wlan0:o[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11922
TCP: 22 -> 2784 ...PA. seq=1ff1e876 ack=b05c1ad8
[vs_0][fw_0] wlan0:O[156]: 192.168.1.1 -> 192.168.252.8 (TCP) len=156 id=11922
TCP: 22 -> 2784 ...PA. seq=1ff1e876 ack=b05c1ad8
[vs_0][fw_0] wlan0:i[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14248
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e876
[vs_0][fw_0] wlan0:I[40]: 192.168.252.8 -> 192.168.1.1 (TCP) len=40 id=14248
TCP: 2784 -> 22 ....A. seq=b05c1ad8 ack=1ff1e876
[vs_0][fw_0] wlan0:o[140]: 192.168.1.1 -> 192.168.252.8 (TCP) len
<OUTPUT TRUNCATED>
fw: caught sig 2
fw: unloading // CTRL+C TO ABORT
1140-Gateway> show logs
system - Display system logs
kernel - Display kernel logs
1140-Gateway> show logs system
Sat Apr 9 08:22:00 GMT+0800 2016 thttpd is not running. Trying to restart it now.
2016 Apr 9 08:22:05 RD6281 syslog.info syslogd: [syslogd] Process started
2016 Apr 9 08:22:07 RD6281 user.err fw_db_handler: osdb_handler_main: Expected more arguments
(currently 5)
2016 Apr 9 08:22:07 RD6281 user.err fw_db_handler: Error when handling table (null).
2016 Apr 9 08:22:07 RD6281 user.notice platformd: [OS] /pfrm2.0/opt/fw1/bin/fw_db_handler was
unable to handle DB update
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] DHCPDISCOVER is sent on WAN to 255.255.255.255 port 67 interval 4
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] Received DHCPOFFER from
172.17.0.207
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] DHCPREQUEST is sent on WAN to
255.255.255.255 port 67
2016 Apr 9 08:22:20 1140-Gateway daemon.info dhclient: [DHCP] Received DHCPACK from 172.17.0.207
2016 Apr 9 08:22:21 1140-Gateway user.notice root: [DHCP] Interface:WAN, IP: 222.165.111.178,
BCAST: 222.165.111.255, SUBNET: 255.255.248.0, GW: 222.165.104.1, DNS1: 202.156.1.16, DNS2:
218.186.2.16, DNS3: 218.186.2.6
2016 Apr 9 08:22:23 1140-Gateway daemon.info dhclient: [DHCP] Bound to 222.165.111.178 -- renewal
in 5911 seconds.
2016 Apr 9 08:22:28 1140-Gateway user.info cposd: [CPOSD] WAN connection "Internet1": Local Area
Network (LAN) connection established, IP address 222.165.111.178 assigned
2016 Apr 9 08:22:53 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.23 from ec:55:f9:01:f9:0c via wlan0: wrong network.
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.23 to ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.23 from ec:55:f9:01:f9:0c via wlan0: wrong network.
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.23 to ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
ec:55:f9:01:f9:0c via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.8 (192.168.252.1) from ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.8 (192.168.252.1) from ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.8 to ec:55:f9:01:f9:0c (JohnLloyd-PC) via wlan0
2016 Apr 9 08:22:59 1140-Gateway user.info CHECKPOINT: Machine boot has finished
2016 Apr 9 08:23:05 1140-Gateway user.info CHECKPOINT: [System Operations] Starting process...
2016 Apr 9 08:23:11 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.15 from d0:25:98:90:1c:d9 via wlan0: wrong network.
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.15 to d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.15 from d0:25:98:90:1c:d9 via wlan0: wrong network.
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.15 to d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
d0:25:98:90:1c:d9 via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:11 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.4 (192.168.252.1) from d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.4 (192.168.252.1) from d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:13 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.4 to d0:25:98:90:1c:d9 (JohnLlodsiPhone) via wlan0
2016 Apr 9 08:23:21 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.21 from bc:4c:c4:d8:7d:82 via wlan0: wrong network.
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.21 to bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.21 from bc:4c:c4:d8:7d:82 via wlan0: wrong network.
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.21 to bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
bc:4c:c4:d8:7d:82 via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:22 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.5 (192.168.252.1) from bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.5 (192.168.252.1) from bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.5 to bc:4c:c4:d8:7d:82 (lemski) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.16 from 70:3e:ac:93:ef:1a via wlan0: wrong network.
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.16 to 70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.16 from 70:3e:ac:93:ef:1a via wlan0: wrong network.
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.16 to 70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
70:3e:ac:93:ef:1a via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:23 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 (192.168.252.1) from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 (12.168.252.1) from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:24 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:23:25 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
deauthorized from wlan network. User credentials: pre-shared key
2016 Apr 9 08:23:53 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.22 from 30:10:e4:66:ce:5a via wlan0: wrong network.
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.22 to 30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.1.22 from 30:10:e4:66:ce:5a via wlan0: wrong network.
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] Sending DHCPNAK on
192.168.1.22 to 30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:53 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPDISCOVER from
30:10:e4:66:ce:5a via wlan0
2016 Apr 9 08:23:54 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPOFFER on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.7 (192.168.252.1) from 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.7 (192.168.252.1) from 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:23:55 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.7 to 30:10:e4:66:ce:5a (Sheryls-iPad) via wlan0
2016 Apr 9 08:25:17 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A
authorized to wlan network using WPA2 (AES). User credentials: pre-shared key
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPREQUEST for
192.168.252.6 from 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:25:18 1140-Gateway local7.info dhcpd: [Local Network: DHCP] DHCPACK on
192.168.252.6 to 70:3e:ac:93:ef:1a (Sais-iPhone) via wlan0
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:32:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:33:29 1140-Gateway auth.info login: [WebUI] user 'admin' logged in on 'WebUI' from
'192.168.252.8' with 'Read/Write' permissions
2016 Apr 9 08:35:09 1140-Gateway authpriv.info dropbear[2723]: [SSH] Incoming client connection
from 192.168.252.8:2784 2016 Apr 9 08:35:16 1140-Gateway authpriv.notice dropbear[2723]: [SSH] PAM password auth succeeded for 'admin' from 192.168.252.8:2784
2016 Apr 9 08:39:07 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:39:43 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:42:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:42:24 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:44:42 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:44:44 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:46:13 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:46:14 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:51:15 1140-Gateway user.err rdcfg: unable to connect to routed No such file or directory
2016 Apr 9 08:51:17 1140-Gateway daemon.info routed[4442]: Start routed[4442] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:17 1140-Gateway daemon.notice routed[4442]: rt_instance_init: routed manager id
-1 initialized itself
2016 Apr 9 08:51:17 1140-Gateway daemon.notice routed[4442]: parse_instance_only: my_instance_id
-1 parsing instance default
2016 Apr 9 08:51:18 1140-Gateway daemon.info routed[4443]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:18 1140-Gateway daemon.info routed[4443]: Start routed[4443] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4442]: Clustering not installed (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4442]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4442]: Commence routing updates
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:18 1140-Gateway daemon.warn routed[4443]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4443]: Clustering not installed (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.err routed[4443]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:18 1140-Gateway daemon.notice routed[4443]: Commence routing updates
2016 Apr 9 08:51:21 1140-Gateway daemon.info routed[4442]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:21 1140-Gateway daemon.info routed[4443]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:21 1140-Gateway daemon.notice routed[4443]: Exit routed[4443] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:21 1140-Gateway daemon.notice routed[4442]: Exit routed[4442] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:32 1140-Gateway user.err rdcfg: unable to connect to routed Connection refused
2016 Apr 9 08:51:32 1140-Gateway daemon.info routed[4467]: Start routed[4467] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: rt_instance_init: routed manager id-1 initialized itself
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: parse_instance_only: my_instance_id -1 parsing instance default
2016 Apr 9 08:51:33 1140-Gateway daemon.info routed[4468]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:33 1140-Gateway daemon.info routed[4468]: Start routed[4468] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4467]: Clustering not installed (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4467]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4467]: Commence routing updates
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:33 1140-Gateway daemon.warn routed[4468]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4468]: Clustering not installed (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.err routed[4468]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:33 1140-Gateway daemon.notice routed[4468]: Commence routing updates
2016 Apr 9 08:51:36 1140-Gateway daemon.info routed[4467]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:36 1140-Gateway daemon.info routed[4468]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:36 1140-Gateway daemon.notice routed[4468]: Exit routed[4468] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:36 1140-Gateway daemon.notice routed[4467]: Exit routed[4467] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:40 1140-Gateway user.err rdcfg: unable to connect to routed Connection refused
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4492]: Start routed[4492] version routed-
06.30.2015-16:39:29 instance -1
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: rt_instance_init: routed manager id
-1 initialized itself
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: parse_instance_only: my_instance_id
-1 parsing instance default
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4493]: task_cmd_init(152): command subsystem
initialized.
2016 Apr 9 08:51:40 1140-Gateway daemon.info routed[4493]: Start routed[4493] version routed-
06.30.2015-16:39:29 instance 0
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4492]: Clustering not installed (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4492]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4492]: Commence routing updates
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fw_is_running_vrrp and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fw_is_running_on_cbs and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: vrrp_set_fw: Command is
fwha_cbs_which_member_is_running_gated and value is 0
2016 Apr 9 08:51:40 1140-Gateway daemon.warn routed[4493]: task_get_proto: getprotobyname("icmp")
failed, using proto 1
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4493]: Clustering not installed (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.err routed[4493]: cprd runs with clustering disabled. (-1)
2016 Apr 9 08:51:40 1140-Gateway daemon.notice routed[4493]: Commence routing updates
2016 Apr 9 08:51:43 1140-Gateway daemon.info routed[4492]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:43 1140-Gateway daemon.notice routed[4492]: Exit routed[4492] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:51:43 1140-Gateway daemon.info routed[4493]: task_cmd_terminate(203): command
subsystem terminated.
2016 Apr 9 08:51:43 1140-Gateway daemon.notice routed[4493]: Exit routed[4493] version routed-
06.30.2015-16:39:29
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 08:52:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 08:52:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 08:52:24 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 08:52:36 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:52:37 1140-Gateway user.notice cpshell: [CLI] expert command by 'admin' failed -invalid authentication.
2016 Apr 9 08:52:39 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:52:41 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 08:54:53 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 08:54:55 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:02:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:02:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:02:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:12:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:12:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:12:43 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:12:45 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:14:54 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:14:56 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:16:17 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': expert.
2016 Apr 9 09:16:18 1140-Gateway user.notice cpshell: [CLI] expert mode was entered by 'admin'.
2016 Apr 9 09:22:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:22:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:22:23 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:22:23 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:22:24 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:27:49 1140-Gateway authpriv.info dropbear[2723]: [SSH] Exit (admin): Disconnect
received
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:32:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:32:24 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82 received group key (TKIP) from wlan network
2016 Apr 9 09:41:12 1140-Gateway authpriv.info dropbear[4761]: [SSH] Incoming client connection
from 192.168.252.8:4722
2016 Apr 9 09:41:16 1140-Gateway authpriv.info dropbear[4761]: [SSH] Exit before auth: Exited
normally
2016 Apr 9 09:41:23 1140-Gateway authpriv.info dropbear[4762]: [SSH] Incoming client connection
from 192.168.252.8:4726
2016 Apr 9 09:41:25 1140-Gateway user.info cposd: [CPOSD] WLAN client BC:4C:C4:D8:7D:82
deauthorized from wlan network. User credentials: pre-shared key
2016 Apr 9 09:41:31 1140-Gateway authpriv.notice dropbear[4762]: [SSH] PAM password auth succeeded for 'admin' from 192.168.252.8:4726
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client EC:55:F9:01:F9:0C received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 70:3E:AC:93:EF:1A received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client 30:10:E4:66:CE:5A received group key (TKIP) from wlan network
2016 Apr 9 09:42:22 1140-Gateway user.info cposd: [CPOSD] WLAN client D0:25:98:90:1C:D9 received group key (TKIP) from wlan network
2016 Apr 9 09:42:54 1140-Gateway user.notice cpshell: [CLI] Command by 'admin': exit.
2016 Apr 9 09:45:40 1140-Gateway user.info CHECKPOINT: [System Operations] Starting process...
1140-Gateway> show logs kernel
h table entries: 65536 (order: 7, 524288 bytes)
TCP bind hash table entries: 65536 (order: 6, 262144 bytes)
TCP: Hash tables configured (established 65536 bind 65536)
TCP reno registered
RTC has been updated!!!
RTC registered
Use the XOR engines (acceleration) for enhancing the following functions:
o RAID 5 Xor calculation
o kernel memcpy
o kenrel memzero
Number of XOR engines to use: 4
cesadev_init(c000e74c)
mvCesaInit: sessions=640, queue=64, pSram=f0000000
squashfs: version 3.3 (2007/10/31) Phillip Lougher
squashfs: LZMA suppport for slax.org by jro
NTFS driver 2.1.28 [Flags: R/W].
JFFS2 version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat, Inc.
io scheduler noop registered
io scheduler anticipatory registered (default)
Generic LED driver initialize
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
HDLC line discipline: version $Revision: 4.8 $, maxframe=4096
N_HDLC line discipline registered.
Initialize DSL driver
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
i2c driver was not initialized yet.
Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing disabled
serial8250.0: ttyS0 at MMIO 0xf1012000 (irq = 33) is a 16550A
Loading Marvell Ethernet Driver:
o Cached descriptors in DRAM
o DRAM SW cache-coherency
o Single RX Queue support - ETH_DEF_RXQ=0
o Single TX Queue support - ETH_DEF_TXQ=0
o Receive checksum offload enabled
o Driver ERROR statistics enabled
o Driver INFO statistics enabled
o Proc tool API enabled
o Gateway support enabled
o Using Marvell Header Mode
o Rx descripors: q0=512
o Tx descripors: q0=532
o Loading network interface(s):
o device registered under mv88fx_eth platform
eth0: Dropping NETIF_F_SG since no checksum feature.
o eth0, ifindex = 1, GbE port = 0
o Loading Gateway interface(s):
o Using command line network interface configuration
command is 10,(00:1C:7F:2F:93:E9,0)(00:1C:7F:2F:93:F1,8)(00:1C:7F:2F:93:EA,1)
(00:1C:7F:2F:93:EB,2)(00:1C:7F:2F:93:EC,3)(00:1C:7F:2F:93:ED,4)(00:1C:7F:2F:93:EE,5)
(00:1C:7F:2F:93:EF,6)(00:1C:7F:2F:93:F0,7)(A0:00:00:00:00:00,9),mtu=1500
mv_gtw_get_if_nummv_gtw_get_if_num gtw_config.vlans_num=10number of interfaces in command line is
10
o MTU set to 1500
o mac_addr 00:1c:7f:2f:93:e9, VID 0x100, port list: port-0
o mac_addr 00:1c:7f:2f:93:f1, VID 0x200, port list: port-8
o mac_addr 00:1c:7f:2f:93:ea, VID 0x300, port list: port-1
o mac_addr 00:1c:7f:2f:93:eb, VID 0x400, port list: port-2
o mac_addr 00:1c:7f:2f:93:ec, VID 0x500, port list: port-3
o mac_addr 00:1c:7f:2f:93:ed, VID 0x600, port list: port-4
o mac_addr 00:1c:7f:2f:93:ee, VID 0x700, port list: port-5
o mac_addr 00:1c:7f:2f:93:ef, VID 0x800, port list: port-6
o mac_addr 00:1c:7f:2f:93:f0, VID 0x900, port list: port-7
o mac_addr a0:00:00:00:00:00, VID 0xa00, port list: port-9
eth1: Dropping NETIF_F_SG since no checksum feature.
o eth1, ifindex = 2, GbE port = 1
eth2: Dropping NETIF_F_SG since no checksum feature.
o eth2, ifindex = 3, GbE port = 1
eth3: Dropping NETIF_F_SG since no checksum feature.
o eth3, ifindex = 4, GbE port = 1
eth4: Dropping NETIF_F_SG since no checksum feature.
o eth4, ifindex = 5, GbE port = 1
eth5: Dropping NETIF_F_SG since no checksum feature.
o eth5, ifindex = 6, GbE port = 1
eth6: Dropping NETIF_F_SG since no checksum feature.
o eth6, ifindex = 7, GbE port = 1
eth7: Dropping NETIF_F_SG since no checksum feature.
o eth7, ifindex = 8, GbE port = 1
eth8: Dropping NETIF_F_SG since no checksum feature.
o eth8, ifindex = 9, GbE port = 1
eth9: Dropping NETIF_F_SG since no checksum feature.
o eth9, ifindex = 10, GbE port = 1
eth10: Dropping NETIF_F_SG since no checksum feature.
o eth10, ifindex = 11, GbE port = 1
Intel(R) PRO/1000 Network Driver - version 7.3.20-k2-NAPI
Copyright (c) 1999-2006 Intel Corporation.
i2c driver was not initialized yet.
e100: Intel(R) PRO/100 Network Driver, 3.5.17-k4-NAPI
e100: Copyright(c) 1999-2006 Intel Corporation
PPP generic driver version 2.4.2
PPP BSD Compression module registered
PPP MPPE Compression module registered
NET: Registered protocol family 24
Init ADSL control eth device
usbcore: registered new interface driver cdc_ether
GobiNet: 2013-10-08/NTGR_2.21
usbcore: registered new interface driver GobiNet
Madge ATM Ambassador driver version 1.2.4
amb: debug bitmap is 0
Madge ATM Horizon [Ultra] driver version 1.2.1
hrz: debug bitmap is 0
Integrated Sata device found
scsi0 : Marvell SCSI to SATA adapter
scsi1 : Marvell SCSI to SATA adapter
NFTL driver: nftlcore.c $Revision: 1.98 $, nftlmount.c $Revision: 1.41 $
Using Hamming 1-bit ECC for NAND device
NAND device: Manufacturer ID: 0xad, Chip ID: 0xdc (Hynix NAND 512MiB 3,3V 8-bit)
Scanning device for bad blocks
11 cmdlinepart partitions found on MTD device nand_mtd
Using command line partition definition
Creating 11 MTD partitions on "nand_mtd":
0x00000000-0x000a0000 : "u-boot"
i2c driver was not initialized yet.
0x000a0000-0x00100000 : "bootldr-env"
0x00100000-0x00900000 : "kernel-1"
0x00900000-0x07a00000 : "rootfs-1"
0x07a00000-0x08200000 : "kernel-2"
0x08200000-0x0f300000 : "rootfs-2"
0x0f300000-0x16c00000 : "default_sw"
0x16c00000-0x18400000 : "logs"
0x18400000-0x18500000 : "preset_cfg"
0x18500000-0x18600000 : "adsl"
0x18600000-0x20000000 : "storage"
ehci_marvell ehci_marvell.70059: Marvell Orion EHCI
ehci_marvell ehci_marvell.70059: new USB bus registered, assigned bus number 1
ehci_marvell ehci_marvell.70059: irq 19, io base 0xf1050100
ehci_marvell ehci_marvell.70059: USB 2.0 started, EHCI 1.00, driver 10 Dec 2004
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
i2c driver was not initialized yet.
ohci_hcd: 2006 August 04 USB 1.1 'Open' Host Controller (OHCI) Driver
USB Universal Host Controller Interface driver v3.0
i2c driver was not initialized yet.
i2c driver was not initialized yet.
usb 1-1: new high speed USB device using ehci_marvell and address 2
i2c driver was not initialized yet.
usb 1-1: configuration #1 chosen from 1 choice
hub 1-1:1.0: USB hub found
hub 1-1:1.0: 4 ports detected
i2c driver was not initialized yet.
usbcore: registered new interface driver cdc_acm
drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters
usbcore: registered new interface driver usblp
drivers/usb/class/usblp.c: v0.13: USB Printer Device Class driver
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver usbserial
drivers/usb/serial/usb-serial.c: USB Serial support registered for generic
usbcore: registered new interface driver usbserial_generic
drivers/usb/serial/usb-serial.c: USB Serial Driver core
drivers/usb/serial/usb-serial.c: USB Serial support registered for cp2101
usbcore: registered new interface driver cp2101
drivers/usb/serial/cp2101.c: Silicon Labs CP2101/CP2102 RS232 serial adaptor driver v0.07
drivers/usb/serial/usb-serial.c: USB Serial support registered for FTDI USB Serial Device
usbcore: registered new interface driver ftdi_sio
drivers/usb/serial/ftdi_sio.c: v1.4.3:USB FTDI Serial Converters Driver
drivers/usb/serial/usb-serial.c: USB Serial support registered for IPWireless converter
usbcore: registered new interface driver ipwtty
drivers/usb/serial/ipw.c: IPWireless tty driver v0.3
drivers/usb/serial/usb-serial.c: USB Serial support registered for GSM modem (1-port)
usbcore: registered new interface driver option
drivers/usb/serial/option.c: USB Driver for GSM modems: v0.7.1
drivers/usb/serial/usb-serial.c: USB Serial support registered for pl2303
usbcore: registered new interface driver pl2303
drivers/usb/serial/pl2303.c: Prolific PL2303 USB to serial adaptor driver
drivers/usb/serial/usb-serial.c: USB Serial support registered for Sierra USB modem
usbcore: registered new interface driver sierra
drivers/usb/serial/sierra.c: USB Driver for Sierra Wireless USB modems: v.1.7.40
drivers/usb/serial/usb-serial.c: USB Serial support registered for GobiSerial
usbcore: registered new interface driver GobiSerial
GobiSerial: 2013-10-08/NTGR_2.12
usbcore: registered new interface driver sierra_net
mice: PS/2 mouse device common for all mice
i2c /dev entries driver
rtc-s35390a 0-0030: rtc core: registered rtc-s35390a as rtc0
Linux telephony interface: v1.00
device-mapper: ioctl: 4.11.0-ioctl (2006-10-12) initialised
dm_crypt using the OCF package.
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
mvsdmmc: irq =28 start f1090000
mvsdmmc: irq_detect=110
usbcore: registered new interface driver usbhid
drivers/hid/usbhid/hid-core.c: v2.6:USB HID core driver
oprofile: using timer interrupt.
Netfilter messages via NETLINK v0.30.
IPv4 over IPv4 tunneling driver
TCP cubic registered
NET: Registered protocol family 1
NET: Registered protocol family 17
lec.c: Jul 22 2015 13:59:48 initialized
mpc.c: Jul 22 2015 13:59:46 initialized
802.1Q VLAN Support v1.8 Ben Greear
All bugs added by David S. Miller
rtc-s35390a 0-0030: setting the system clock to 2016-04-09 08:19:50 (1460189990)
Freeing init memory: 3468K
jffs2_scan_eraseblock(): Node at 0x04e7b7fc {0x1985, 0xe001, 0xffffffff) has invalid CRC 0xffffffff (calculated 0xd4ae663a)
umimod: module license 'Proprietary' taints kernel.
NET: Registered protocol family 32
kernel UMI module loaded
SIM: Linux kernel version 2.6.22 ()
mvCesaInit: sessions=800, queue=4, pSram=f0000000
Sim: driver installed
[fw4_0];FW-1: Linux kernel version 2.6.22--1
[fw4_0];FW-1: driver installed
VPN-1: driver installed
VPNT: IPv4 over VPN Tunnel driver installed
FG-1: driver installed
[fw4_0];FW-1: ld_commit: Attempting to commit unbound or invalid ld 8115
WAN: mac address changed
WAN: link up, full duplex, speed 100 Mbps
WAN: started
MRVDRIVER: LAN1 has no ioctl interface
ksw_mrv_netdev_create_port_netdevice:560 added device LAN1 on port 0
ksw_mrv_netdev_create_port_netdevice:560 added device LAN2 on port 1
ksw_mrv_netdev_create_port_netdevice:560 added device LAN3 on port 2
ksw_mrv_netdev_create_port_netdevice:560 added device LAN4 on port 3
ksw_mrv_netdev_create_port_netdevice:560 added device LAN5 on port 4
ksw_mrv_netdev_create_port_netdevice:560 added device LAN6 on port 5
ksw_mrv_netdev_create_port_netdevice:560 added device LAN7 on port 6
ksw_mrv_netdev_create_port_netdevice:560 added device LAN8 on port 7
ksw_mrv_netdev_create_port_netdevice:560 added device DMZ on port 8
Seattle Switch+Phy driver installed
Initialzing Factory Reset module
ath_hal: 0.9.17.1 (AR5212, AR5416, RF5111, RF5112, RF2413, RF5413, RF2316, RF2317, DEBUG,
WRITE_EEPROM, 11D)
wlan: 0.8.4.2 (Atheros/multi-bss)
ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved
ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved
ath_pci: 0.9.4.5 (Atheros/multi-bss)
wifi0: Atheros 9287: mem=0xe8000000, irq=9 hw_base=0xe0b40000
wlan: mac acl policy registered
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN1 on port 0
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN2 on port 1
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN3 on port 2
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN4 on port 3
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN5 on port 4
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN6 on port 5
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN7 on port 6
ksw_mrv_netdev_set_switchport_settings:318 accessing device LAN8 on port 7
mv_gateway: starting LAN1
mv_gateway: starting DMZ
mv_gateway: stopping DMZ
ksw_mrv_netdev_set_switchport_settings:318 accessing device DMZ on port 8
New timeout is 12Ports vlan
num |VID |port_state |
--------------------------------------------
1 |1 |Auto learning(default) |
2 |1 |Auto learning(default) |
3 |1 |Auto learning(default) |
4 |1 |Auto learning(default) |
5 |1 |Auto learning(default) |
6 |1 |Auto learning(default) |
7 |1 |Auto learning(default) |
8 |1 |Auto learning(default) |
Vlan port Mask
VID |Port mask |
-----------------------
1 |0xff |
g_port_vlan_exist=0
mv_gateway: stopping LAN1
LAN1: Switch port #0 unmapped
mv_gateway: starting LAN1
LAN2: Switch port #1 unmapped
LAN3: Switch port #2 unmapped
LAN4: Switch port #3 unmapped
LAN5: Switch port #4 unmapped
LAN6: Switch port #5 unmapped
LAN7: Switch port #6 unmapped
LAN8: Switch port #7 unmapped
mv_gateway: stopping LAN1
ksw_mrv_dev_apply_current_vlans:403 Adding port 0 to dev LAN1
LAN1: Switch port #0 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 1 to dev LAN1
LAN1: Switch port #1 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 2 to dev LAN1
LAN1: Switch port #2 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 3 to dev LAN1
LAN1: Switch port #3 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 4 to dev LAN1
LAN1: Switch port #4 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 5 to dev LAN1
LAN1: Switch port #5 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 6 to dev LAN1
LAN1: Switch port #6 mapped
ksw_mrv_dev_apply_current_vlans:403 Adding port 7 to dev LAN1
LAN1: Switch port #7 mapped
mv_gateway: starting LAN1
Country ie is US
VPN-1: AES-NI is allowed on this machine. Testing hardware support
VPN-1: AES-NI is not supported on this hardware
VPN-1: Cryptographic algorithm tests passed successfully
[fw4_0];VPN-1: connected to FW-1
[fw4_0];fwk_cmi_sticky_update_prepare: cmi_context_array_new is not ready
[fw4_0];FW-1: SIM (SecureXL Implementation Module) SecureXL device detected.
[fw4_0];FW-1: SIM (SecureXL Implementation Module) SecureXL device detected.
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];FW-1: fwha_validate_member_running_gated: 0 is not a valid member id
[fw4_0];fw_kmalloc_impl: fwk_atomic_logdom: allocates 0 bytes
[fw4_0];FW-1: monitor filter loaded
[fw4_0];FW-1: monitor filter unloaded
1140-Gateway> show configuration
# Configure a persistent domain name for the device
set dynamic-dns provider "DynDns"
# Configure DNS and Domain settings for the device
set dns proxy "enable" resolving "on"
set dns mode "internet"
set domainname "lagura.com"
# HTTPS categorization
set https-categorization advanced-settings validate-cert-expiration "false"
set https-categorization advanced-settings validate-unreachable-crl "false"
set https-categorization advanced-settings validate-crl "true"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set threat-prevention anti-bot user-check ask body "Your computer is trying to access a malicious
server. It is likely infected by malware.
Malware activity: $activity.
URL: $original_url.
Reference: $incident_id
Press OK to continue." activity-text "Ignore warning" fallback-action "block" frequency "day"
subject "Are you sure?" title "Check Point Anti-Bot" reason-displayed "false"
set threat-prevention anti-bot user-check block body "Your computer is trying to access a
malicious server. It is probably infected by malware. For more information and remediation please
contact your administrator.
Activity: $activity.
URL: $original_url.
Reference: $incident_id" subject "Page Blocked" title "Check Point Anti-Bot" redirect-to-url
"false"
# Anti-Bot engine
set threat-prevention anti-bot engine malicious-activity "policy-action" reputation-domains
"policy-action" reputation-ips "policy-action" reputation-urls "policy-action" unusual-activity
"policy-action"
# Active directory server object
# Additional hardware and operating system settings
set additional-hw-settings reset-timeout "12"
# Administrator access IP addresses
delete admin-access-ipv4-address-all
# Administrator access
set admin-access web-access-port "4434" ssh-access-port "22" allowed-ipv4-addresses "any"
# Limit administrators login failure attempts for before locking out for a defined period of time
set administrator session-settings lockout-enable "on" max-lockout-attempts "10" lock-period "30"
inactivity-timeout "10"
# Administrators RADIUS authentication
# ADSL information
# Advanced settings for Threat Prevention
set threat-prevention-advanced advanced-settings file-inspection-size-kb "0"
set threat-prevention-advanced advanced-settings AboutConfigAdvancedTpPolicyHttpSkippingMethod
http-skipping-method "default"
# Reach My Device
set reach-my-device existing-host-name "nil"
set reach-my-device advanced-settings ignore-ssl-cert "false"
set reach-my-device mode "off"
set reach-my-device advanced-settings reach-my-device-server-addr "smbrelay.checkpoint.com"
# Connections aggressive aging
delete aggressive-aging
set aggressive-aging icmp-timeout "3" icmp-timeout-enable "true" other-timeout "15" other-
timeout-enable "false" pending-timeout "15" pending-timeout-enable "false" tcp-end-timeout "3"
tcp-end-timeout-enable "true" tcp-start-timeout "5" tcp-start-timeout-enable "true" tcp-timeout
"600" tcp-timeout-enable "true" udp-timeout "15" udp-timeout-enable "true" general "true" log
"log" connt-limit-high-watermark-pct "80" connt-mem-high-watermark-pct "80" memory-conn-status
"both"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set fw policy user-check ask body "Access to $application_name is intended for work-related use
only.
Category: $category.
Reference: $incident_id" confirm-text "I will use this site or application for work-related use
only" fallback-action "block" frequency "day" subject "Are you sure?" title "Check Point
Application Control" reason-displayed "false"
set fw policy user-check accept body "Access to $application_name is intended for work-related use
only.
Category: $category.
Reference: $incident_id" fallback-action "accept" frequency "day" subject "Please note:" title
"Check Point Application Control"
set fw policy user-check block body "Access to $application_name is not permitted.
Category: $category.
Reference: $incident_id" subject "Page Blocked" title "Check Point Application Control" redirect-
to-url "false"
# Default APPI policy and configuration
set application-control mode "off" url-flitering-only "false" block-security-categories "true"
block-inappropriate-content "true" block-other-undesired-applications "true" block-file-sharing-
applications "true" limit-bandwidth "true" limit-upload "true" set-limit "1" limit-download "true"
set-limit "1"
# Security management settings
set security-management mode "locally-managed"
# Application
# List of allowed IP addresses, email addresses (senders) and domains for Anti-Spam blade
delete antispam allowed-sender all
# List of blocked IP addresses, email addresses (senders) and domains for Anti-Spam blade
delete antispam blocked-sender all
# Policy for Anti-Spam blade
set antispam mode "off" detection-method "email-content" log "log" action-spam-email-content
"block" flag-subject-stamp "SPAM" detect-mode "off" specify-suspected-spam-settings "false"
set antispam advanced-settings allow-mail-track "none"
set antispam advanced-settings transparent-proxy "true"
set antispam advanced-settings ip-rep-timeout "10"
set antispam advanced-settings spam-engine-timeout "10"
set antispam advanced-settings ip-rep-fail-open "true"
set antispam advanced-settings email-size-scan "8"
set antispam advanced-settings spam-engine-all-mail-track "none"
# User Check is a customizable message shown to users upon match, and allows to 'ask' the user for
the desired action
set threat-prevention anti-virus user-check ask body "The site you are trying to access is
classified as malicious.
Malware activity: $activity.
URL: $original_url.
Reference: $incident_id.
Press OK to continue." activity-text "Ignore warning" fallback-action "block" frequency "day"
subject "Are you sure?" title "Check Point Anti-Virus" reason-displayed "false"
set threat-prevention anti-virus user-check block body "The site you are trying to access is
classified as malicious and has been blocked.
For more information, please contact your administrator.
Activity: $activity.
URL: $original_url.
Reference: $incident_id" subject "Page Blocked" title "Check Point Anti-Virus" redirect-to-url
"false"
# Anti-Virus engine
set threat-prevention anti-virus engine urls-with-malware "policy-action" viruses "policy-action"
# Manage Anti-Virus policy per file type
delete threat-prevention anti-virus file-type custom all
set threat-prevention anti-virus file-type action "scan" description "AFX compressed file data"
set threat-prevention anti-virus file-type action "scan" description "Web browser cookie text"
set threat-prevention anti-virus file-type extension "7z" action "scan" description "7Z archive data"
set threat-prevention anti-virus file-type extension "8BPS" action "scan" description "8BPS Adobe
Photoshop image"
set threat-prevention anti-virus file-type extension "ace" action "scan" description "ACE compressed archive"
set threat-prevention anti-virus file-type extension "adp,ade" action "scan" description "Access project"
set threat-prevention anti-virus file-type extension "arc" action "scan" description "ARC archive data"
set threat-prevention anti-virus file-type extension "arj" action "scan" description "ARJ archive data"
set threat-prevention anti-virus file-type extension "asf" action "scan" description "Microsoft ASF"
set threat-prevention anti-virus file-type extension "bas" action "scan" description "BASIC source code"
set threat-prevention anti-virus file-type extension "bat" action "block" description "MS-DOS batch file text"
set threat-prevention anti-virus file-type extension "bmp" action "scan" description "BITMAP"
set threat-prevention anti-virus file-type extension "bz" action "scan" description "BZIP compressed data"
set threat-prevention anti-virus file-type extension "bz2" action "scan" description "BZIP2 compressed data"
set threat-prevention anti-virus file-type extension "cab" action "scan" description "InstallShield cabinet file"
set threat-prevention anti-virus file-type extension "cab" action "scan" description "Microsoft cabinet file"
set threat-prevention anti-virus file-type extension "chm" action "block" description "Windows HTML Help data"
set threat-prevention anti-virus file-type extension "class" action "scan" description "Compiled Java class data"
set threat-prevention anti-virus file-type extension "cmd" action "block" description "Windows command file"
set threat-prevention anti-virus file-type extension "com" action "scan" description "Command"
set threat-prevention anti-virus file-type extension "cpl" action "scan" description "Windows Control Panel extension"
set threat-prevention anti-virus file-type extension "crt" action "scan" description "Certificate file"
set threat-prevention anti-virus file-type extension "dat" action "scan" description "TNEF"
set threat-prevention anti-virus file-type extension "dmf" action "scan" description "Windows disk map file"
set threat-prevention anti-virus file-type extension "doc" action "scan" description "Microsoft Word 6.0 document"
set threat-prevention anti-virus file-type extension "doc,xls,ppt" action "scan" description
"Microsoft Office document"
set threat-prevention anti-virus file-type extension "emf" action "scan" description "Windows Enhanced Metafile"
set threat-prevention anti-virus file-type extension "eps" action "scan" description "DOS EPS Binary File"
set threat-prevention anti-virus file-type extension "exe" action "scan" description "MS-DOS executable (built-in)"
set threat-prevention anti-virus file-type extension "exe,dll" action "scan" description "Windows PE"
set threat-prevention anti-virus file-type extension "exe,scr" action "scan" description "MS-DOS executable (including self-extracting archives)"
set threat-prevention anti-virus file-type extension "gif" action "scan" description "GIF"
set threat-prevention anti-virus file-type extension "gzip,gz" action "scan" description "GZIP compressed data"
set threat-prevention anti-virus file-type extension "hlp" action "block" description "Windows Help data"
set threat-prevention anti-virus file-type extension "hta" action "scan" description "HTML application"
set threat-prevention anti-virus file-type extension "html,htm" action "scan" description "HTML"
set threat-prevention anti-virus file-type extension "ico" action "scan" description "Windows icon"
set threat-prevention anti-virus file-type extension "inf" action "scan" description "Information or Setup file"
set threat-prevention anti-virus file-type extension "ins,isp" action "scan" description "IIS settings"
set threat-prevention anti-virus file-type extension "jar" action "scan" description "Java archive"
set threat-prevention anti-virus file-type extension "jp2" action "scan" description "JPEG 2000"
set threat-prevention anti-virus file-type extension "jpeg" action "scan" description "JPEG, HSI proprietary"
set threat-prevention anti-virus file-type extension "jpg,jpeg" action "scan" description "JPEG"
set threat-prevention anti-virus file-type extension "js,jse" action "scan" description "JavaScript"
set threat-prevention anti-virus file-type extension "lbr" action "scan" description "LBR archive data"
set threat-prevention anti-virus file-type extension "lnk" action "block" description "Windows shortcut"
set threat-prevention anti-virus file-type extension "lzo" action "scan" description "LZOP compressed data"
set threat-prevention anti-virus file-type extension "mdb,mde" action "scan" description "Accessdatabase"
set threat-prevention anti-virus file-type extension "midi" action "scan" description "Standard MIDI data"
set threat-prevention anti-virus file-type extension "mp2" action "scan" description "MPEG ADTS,layer II"
set threat-prevention anti-virus file-type extension "mp3" action "scan" description "MP3 file with ID3 version 2"
set threat-prevention anti-virus file-type extension "mp3" action "scan" description "MPEG ADTS, layer III"
set threat-prevention anti-virus file-type extension "mpa" action "scan" description "MPEG ADTS, layer I"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG ADIF, AAC"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG-4 LOAS"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG transport stream data"
set threat-prevention anti-virus file-type extension "mpeg" action "scan" description "MPEG ADTS, AAC"
set threat-prevention anti-virus file-type extension "mpeg,mpg" action "scan" description "JVT NAL sequence"
set threat-prevention anti-virus file-type extension "msc" action "scan" description "MMC Snap-in"
set threat-prevention anti-virus file-type extension "msi" action "scan" description "Windows Installer file"
set threat-prevention anti-virus file-type extension "pcx" action "scan" description "PCX ver. 2.5"
set threat-prevention anti-virus file-type extension "pdf" action "scan" description "PDF"
set threat-prevention anti-virus file-type extension "perl" action "scan" description "PERL script"
set threat-prevention anti-virus file-type extension "php" action "scan" description "PHP script"
set threat-prevention anti-virus file-type extension "pif" action "block" description "Windows program information file"
set threat-prevention anti-virus file-type extension "png" action "scan" description "PNG"
set threat-prevention anti-virus file-type extension "ps" action "scan" description "PostScript"
set threat-prevention anti-virus file-type extension "qt,mov" action "scan" description "Apple QuickTime"
set threat-prevention anti-virus file-type extension "ra" action "scan" description "RealAudio sound file"
set threat-prevention anti-virus file-type extension "rar" action "scan" description "RAR archive data"
set threat-prevention anti-virus file-type extension "reg" action "block" description "Windows registry file"
set threat-prevention anti-virus file-type extension "rtf" action "scan" description "Rich Text Format"
set threat-prevention anti-virus file-type extension "shar" action "scan" description "Shell archive text"
set threat-prevention anti-virus file-type extension "sig" action "scan" description "PGP sig"
set threat-prevention anti-virus file-type extension "swf" action "scan" description "Macromedia Flash data"
set threat-prevention anti-virus file-type extension "tar" action "scan" description "POSIX tar archive"
set threat-prevention anti-virus file-type extension "tif" action "scan" description "TIFF"
set threat-prevention anti-virus file-type extension "uue,xxe" action "scan" description "uuencoded or xxencoded text"
set threat-prevention anti-virus file-type extension "vb,vbe,vbs" action "block" description "Visual Basic script"
set threat-prevention anti-virus file-type extension "vsd" action "scan" description "Visio drawing"
set threat-prevention anti-virus file-type extension "wav" action "scan" description "Waveform audio format"
set threat-prevention anti-virus file-type extension "wmf" action "scan" description "Windows metafont"
set threat-prevention anti-virus file-type extension "ws,wsc,wsf" action "block" description "Windows script file"
set threat-prevention anti-virus file-type extension "xls" action "scan" description "Microsoft Excel 5.0 Worksheet"
set threat-prevention anti-virus file-type extension "xml" action "scan" description "XML"
set threat-prevention anti-virus file-type extension "xsl" action "scan" description "XML stylesheet"
set threat-prevention anti-virus file-type extension "zip" action "scan" description "ZIP archive data"
set threat-prevention anti-virus file-type extension "zoo" action "scan" description "ZOO archive data"
# backup
set periodic-backup mode "false" file-encryption "false" schedule "daily" hour "01:00"
# Table for activation status of a blade
# Bookmark to use with the SNX
delete bookmark all
# Internet Connection
delete internet-connections
set internet-connection "Internet1" type "dhcp"
set internet-connection "Internet1" type "pppoa" local-ipv4-address "auto" method "auto" idle-time "20"
set internet-connection "Internet1" auto-negotiation "on" link-speed "10/half" mtu "1500" mac-addr "default" vpi "0" vci "0" standard "adsl2+" encapsulation "llc"
set internet-connection "Internet1" type "cellular"
set internet-connection "Internet1" type "pppoa"
set internet-connection "Internet1" ha-priority "1" load-balancing-weight "10"
set internet-connection "Internet1" qos-upload "disable"
set internet-connection "Internet1" qos-download "disable"
set internet-connection "Internet1" "enable"
set internet-connection "Internet1" connect-on-demand "false"
# Virtual Access Point
delete wlan vaps
set wlan advanced-settings hide-ssid "off" station-to-station "allow" wds "off"
set wlan assignment "ASSIGNMENT.SEPARATE_NETWORK"
set wlan security-type "WPA/WPA2"
set wlan ssid "Lagura"
set wlan wpa-encryption-type "Auto"
# Switch
add switch name "LAN1_Switch"
set switch "LAN1_Switch" add port "LAN1"
set switch "LAN1_Switch" add port "LAN2"
set switch "LAN1_Switch" add port "LAN3"
set switch "LAN1_Switch" add port "LAN4"
set switch "LAN1_Switch" add port "LAN5"
set switch "LAN1_Switch" add port "LAN6"
set switch "LAN1_Switch" add port "LAN7"
set switch "LAN1_Switch" add port "LAN8"
# Bridge configured in the device
# Additional firewall configuration for Citrix service
# Cloud Deployment Settings
set cloud-deployment cloud-url "smbclouddeployment.checkpoint.com"
# Cloud Services
set cloud-services advanced-settings cloud-management-configuration smp-login "true" show-mgmt-server-details-on-login "true"
# Cloud services managed by the provider
# Status of current connection to the cloud services provider
# Database of user-defined URLs
# User defined application group
set application-group name "Security_Risks" add application-name "Critical Risk"
set application-group name "Security_Risks" add application-name "Anonymizer"
set application-group name "Security_Risks" add application-name "Spyware / Malicious Sites"
set application-group name "Security_Risks" add application-name "Botnets"
set application-group name "Security_Risks" add application-name "Spam"
set application-group name "Security_Risks" add application-name "Phishing"
set application-group name "Security_Risks" add application-name "Hacking"
set application-group name "Inappropriate" add application-name "Violence"
set application-group name "Inappropriate" add application-name "Sex"
set application-group name "Inappropriate" add application-name "Gambling"
set application-group name "Inappropriate" add application-name "Hate / Racism"
set application-group name "Inappropriate" add application-name "Illegal / Questionable"
set application-group name "Inappropriate" add application-name "Illegal Drugs"
set application-group name "Inappropriate" add application-name "Weapons"
set application-group name "Torrents_and_P2P_applications" add application-name "BitTorrent protocol"
set application-group name "Torrents_and_P2P_applications" add application-name "Share Music"
set application-group name "Torrents_and_P2P_applications" add application-name "Gnutella protocol"
set application-group name "Torrents_and_P2P_applications" add application-name "eDonkey"
set application-group name "Torrents_and_P2P_applications" add application-name "Facebook File Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "P2P File Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "File Storage and
Sharing"
set application-group name "Torrents_and_P2P_applications" add application-name "Torrent Trackers"
set application-group name "Other_undesired_applications" add application-name "Blogger"
set application-group name "Other_undesired_applications" add application-name "Facebook"
set application-group name "Other_undesired_applications" add application-name "eBay"
set application-group name "Predefined_Groups" add application-name "Security_Risks"
set application-group name "Predefined_Groups" add application-name "Inappropriate"
set application-group name "Predefined_Groups" add application-name "Torrents_and_P2P_applications"
set application-group name "Predefined_Groups" add application-name "Other_undesired_applications"
set application-group name "Bandwidth_Consuming_Applications" add application-name "High Bandwidth"
set application-group name "Bandwidth_Consuming_Applications" add application-name "P2P File Sharing"
set application-group name "Bandwidth_Consuming_Applications" add application-name "Media Sharing"
set application-group name "Bandwidth_Consuming_Applications" add application-name "Media Streams"
set application-group name "Bandwidth_Consuming_Applications" add application-name "YouTube"
# Security management settings
# Device details
# DHCP custom option
# DHCP Relay advanced options
set dhcp-relay advanced-settings use-internal-ip-addrs-as-source "false"
# Additional configuration for FTP service
set service-system-default FTP firewall-settings mode "any"
# Service objects
add service-tcp name "HTTP" port "80, 3128, 8080" comments "Hypertext Transfer Protocol"
set service-tcp "HTTP" name "HTTP" port "80, 3128, 8080" comments "Hypertext Transfer Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "0" use-source-port "nil"
set service-system-default HTTP port "80, 3128, 8080" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "0"
add service-tcp name "FTP" port "21" comments "File Transfer Protocol"
set service-tcp "FTP" name "FTP" port "21" comments "File Transfer Protocol" session-timeout
"3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default FTP port "21" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "PPTP_TCP" port "1723" comments "Point-to-Point Tunneling Protocol, extension
of PPP"
set service-tcp "PPTP_TCP" name "PPTP_TCP" port "1723" comments "Point-to-Point Tunneling
Protocol, extension of PPP" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-
enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout
"600" use-source-port "nil"
set service-system-default PPTP_TCP port "1723" disable-inspection "true" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "SNMP" port "161" comments "Simple Network Management Protocol"
set service-udp "SNMP" name "SNMP" port "161" comments "Simple Network Management Protocol"
session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-
enable "true" aggressive-aging-timeout "15"
set service-system-default SNMP port "161" disable-inspection "false" session-timeout "40" use-
source-port "nil" accept-replies "true"
add service-udp name "TFTP" port "69" comments "Trivial File Transfer Protocol"
set service-udp "TFTP" name "TFTP" port "69" comments "Trivial File Transfer Protocol" session-
timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-enable
"true" aggressive-aging-timeout "15"
set service-system-default TFTP port "69" disable-inspection "false" accept-replies "true"
session-timeout "40" use-source-port "nil" keep-connections-open-after-policy-installation "false"
sync-connections-on-cluster "true"
add service-tcp name "SSH" port "22" comments "Secure shell, encrypted and authenticated rsh"
set service-tcp "SSH" name "SSH" port "22" comments "Secure shell, encrypted and authenticated
rsh" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-
sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port
"nil"
set service-system-default SSH port "22" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "TELNET" port "23" comments "Telnet Protocol"
set service-tcp "TELNET" name "TELNET" port "23" comments "Telnet Protocol" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default TELNET port "23" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-tcp name "SMTP" port "25" comments "Simple Mail Transfer Protocol"
set service-tcp "SMTP" name "SMTP" port "25" comments "Simple Mail Transfer Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SMTP port "25" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "IMAP" port "143" comments "Interactive Mail Access Protocol"
set service-tcp "IMAP" name "IMAP" port "143" comments "Interactive Mail Access Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default IMAP port "143" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "POP3" port "110" comments "Post Office Protocol - Version 3"
set service-tcp "POP3" name "POP3" port "110" comments "Post Office Protocol - Version 3"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default POP3 port "110" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "NNTP" port "119" comments "Network News Transfer Protocol"
set service-tcp "NNTP" name "NNTP" port "119" comments "Network News Transfer Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default NNTP port "119" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-udp name "DNS_UDP" port "53" comments "Domain Name System Queries"
set service-udp "DNS_UDP" name "DNS_UDP" port "53" comments "Domain Name System Queries" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-enable
"true" aggressive-aging-timeout "15"
set service-system-default DNS_UDP port "53" disable-inspection "false" session-timeout "40" use-
source-port "nil" accept-replies "true"
add service-tcp name "DNS_TCP" port "53" comments "Domain Name System Download"
set service-tcp "DNS_TCP" name "DNS_TCP" port "53" comments "Domain Name System Download"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default DNS_TCP port "53" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "DHCP" port "67, 68" comments "DHCP request from enforcement module only"
set service-udp "DHCP" name "DHCP" port "67, 68" comments "DHCP request from enforcement module
only" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive- aging-enable "true" aggressive-aging-timeout "15"
set service-system-default DHCP port "67, 68" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "CIFS" port "139, 445" comments "Common Internet File System Services"
set service-tcp "CIFS" name "CIFS" port "139, 445" comments "Common Internet File System Services"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default CIFS port "139, 445" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "NetBIOSName" port "137" comments "NetBios Name Service"
set service-udp "NetBIOSName" name "NetBIOSName" port "137" comments "NetBios Name Service"
session-timeout "40" accept-replies "true" sync-connections-on-cluster "true" aggressive-aging-
enable "true" aggressive-aging-timeout "15"
set service-system-default NetBIOSName port "137" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-udp name "NetBIOSDatagram" port "138" comments "NetBios Datagram Service"
set service-udp "NetBIOSDatagram" name "NetBIOSDatagram" port "138" comments "NetBios Datagram
Service" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default NetBIOSDatagram port "138" disable-inspection "false" session-timeout
"40" use-source-port "nil" accept-replies "true"
add service-tcp name "HTTPS" port "443" comments "HTTP protocol over TLS-SSL"
set service-tcp "HTTPS" name "HTTPS" port "443" comments "HTTP protocol over TLS-SSL" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "0" use-source-port "nil"
set service-system-default HTTPS port "443" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "0"
add service-tcp name "SQLNet" port "1525-1526" comments "Part of Oracle SQL Net Version 2
Services"
set service-tcp "SQLNet" name "SQLNet" port "1525-1526" comments "Part of Oracle SQL Net Version 2
Services" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SQLNet port "1525-1526" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "H323" port "1720" comments "Video conference transmissions over IP networks"
set service-tcp "H323" name "H323" port "1720" comments "Video conference transmissions over IP
networks" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default H323 port "1720" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
add service-tcp name "RTSP" port "554" comments "Real Time Streaming Protocol"
set service-tcp "RTSP" name "RTSP" port "554" comments "Real Time Streaming Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RTSP port "554" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "RealAudio" port "7070" comments "RealNetworks PNA Protocol"
set service-tcp "RealAudio" name "RealAudio" port "7070" comments "RealNetworks PNA Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RealAudio port "7070" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "RSH" port "512, 514" comments "Remote shell and execution"
set service-tcp "RSH" name "RSH" port "512, 514" comments "Remote shell and execution" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default RSH port "512, 514" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "NetShow" port "1755" comments "Microsoft NetShow, Windows Media Player"
set service-tcp "NetShow" name "NetShow" port "1755" comments "Microsoft NetShow, Windows Media
Player" session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false"
delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default NetShow port "1755" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-tcp name "Citrix" port "1494" comments "Allows servers to provide applications and
data for attached computer workstations for Windows"
set service-tcp "Citrix" name "Citrix" port "1494" comments "Allows servers to provide
applications and data for attached computer workstations for Windows" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default Citrix port "1494" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "IIOP" port "1570-1571, 2649, 2651" comments "Internet Inter-ORB Protocol -
Oracle Application Server NameServer, ORB, Orbix daemon"
set service-tcp "IIOP" name "IIOP" port "1570-1571, 2649, 2651" comments "Internet Inter-ORB
Protocol - Oracle Application Server NameServer, ORB, Orbix daemon" session-timeout "3600" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default IIOP port "1570-1571, 2649, 2651" disable-inspection "false" session-
timeout "3600" use-source-port "nil" keep-connections-open-after-policy-installation "false"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-tcp name "LDAP" port "389" comments "LDAP Protocol"
set service-tcp "LDAP" name "LDAP" port "389" comments "LDAP Protocol" session-timeout "3600"
sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default LDAP port "389" disable-inspection "false" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "Any_TCP" port "0-65535" comments "Any TCP service"
set service-tcp "Any_TCP" name "Any_TCP" port "0-65535" comments "Any TCP service" session-timeout
"3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30"
aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default Any_TCP port "0-65535" session-timeout "3600" use-source-port "nil"
keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" sync-
delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "Any_UDP" port "0-65535" comments "Any UDP service"
set service-system-default Any_UDP port "0-65535" session-timeout "40" use-source-port "nil"
keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15" accept-replies "true"
add service-udp name "MGCP" port "2427,2727" comments "Media Gateway Control Protocol - Call-Agent and Media Gateway"
set service-udp "MGCP" name "MGCP" port "2427,2727" comments "Media Gateway Control Protocol -
Call-Agent and Media Gateway" session-timeout "40" accept-replies "true" sync-connections-on-
cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default MGCP port "2427,2727" disable-inspection "true" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "SCCP" port "2000" comments "Skinny Client Control Protocol"
set service-tcp "SCCP" name "SCCP" port "2000" comments "Skinny Client Control Protocol" session-
timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval
"30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SCCP port "2000" disable-inspection "true" session-timeout "3600" use-
source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-on-
cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600"
add service-tcp name "SCCPS" port "2443" comments "Secure Skinny Client Control Protocol"
set service-tcp "SCCPS" name "SCCPS" port "2443" comments "Secure Skinny Client Control Protocol"
session-timeout "3600" sync-connections-on-cluster "true" sync-delay-enable "false" delay-sync-
interval "30" aggressive-aging-enable "true" aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SCCPS port "2443" disable-inspection "false" session-timeout "3600"
use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-connections-
on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable
"true" aggressive-aging-timeout "600"
add service-udp name "H323_RAS" port "1719" comments "H.323 Protocols RAS - Registration,
Admission and Status"
set service-udp "H323_RAS" name "H323_RAS" port "1719" comments "H.323 Protocols RAS -
Registration, Admission and Status" session-timeout "40" accept-replies "true" sync-connections-
on-cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default H323_RAS port "1719" disable-inspection "true" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-tcp name "SIP_TCP" port "5060-5061" comments "Session Initialization Protocol over TCP
and over non-encrypted TLS"
set service-tcp "SIP_TCP" name "SIP_TCP" port "5060-5061" comments "Session Initialization
Protocol over TCP and over non-encrypted TLS" session-timeout "3600" sync-connections-on-cluster
"true" sync-delay-enable "false" delay-sync-interval "30" aggressive-aging-enable "true"
aggressive-aging-timeout "600" use-source-port "nil"
set service-system-default SIP_TCP port "5060-5061" disable-inspection "false" session-timeout
"3600" use-source-port "nil" keep-connections-open-after-policy-installation "false" sync-
connections-on-cluster "true" sync-delay-enable "false" delay-sync-interval "30" aggressive-
aging-enable "true" aggressive-aging-timeout "600"
add service-udp name "SIP_UDP" port "5060" comments "Session Initialization Protocol over UDP"
set service-udp "SIP_UDP" name "SIP_UDP" port "5060" comments "Session Initialization Protocol
over UDP" session-timeout "40" accept-replies "true" sync-connections-on-cluster "true"
aggressive-aging-enable "true" aggressive-aging-timeout "15"
set service-system-default SIP_UDP port "5060" disable-inspection "false" session-timeout "40"
use-source-port "nil" accept-replies "true"
add service-protocol name "GRE" ip-protocol "47" comments "Generic Routing Encapsulation"
set service-system-default GRE ip-protocol "47" disable-inspection "false" session-timeout "600"
accept-replies "true" keep-connections-open-after-policy-installation "false" sync-connections-on-cluster "true" aggressive-aging-enable "true" aggressive-aging-timeout "15"
# The activation modes for firewall
# A group of services
add service-group name "DNS" comments "Domain Name system services" member "DNS_UDP"
set service-group "DNS" add member "DNS_UDP"
set service-group "DNS" add member "DNS_TCP"
add service-group name "Mail" comments "Mail protocols" member "SMTP"
set service-group "Mail" add member "SMTP"
set service-group "Mail" add member "IMAP"
set service-group "Mail" add member "POP3"
add service-group name "NetBios" comments "Network Basic Input-Output System" member "NetBIOSName"
set service-group "NetBios" add member "NetBIOSName"
set service-group "NetBios" add member "NetBIOSDatagram"
set service-group "NetBios" add member "SMBOverNetBIOS"
add service-group name "Web" comments "Web protocols" member "HTTP"
set service-group "Web" add member "HTTP"
set service-group "Web" add member "HTTPS"
add service-group name "Any_TCP_UDP" comments "Any TCP-UDP services" member "Any_TCP"
set service-group "Any_TCP_UDP" add member "Any_TCP"
set service-group "Any_TCP_UDP" add member "Any_UDP"
add service-group name "Delay_Sensitive_Services" comments "Delay sensitive services" member "H323"
set service-group "Delay_Sensitive_Services" add member "H323"
set service-group "Delay_Sensitive_Services" add member "MGCP"
set service-group "Delay_Sensitive_Services" add member "SCCP"
set service-group "Delay_Sensitive_Services" add member "SCCPS"
set service-group "Delay_Sensitive_Services" add member "H323_RAS"
set service-group "Delay_Sensitive_Services" add member "SIP_TCP"
set service-group "Delay_Sensitive_Services" add member "SIP_UDP"
add service-group name "Guaranteed_Bandwidth_Services" comments "Guaranteed Bandwidth Services"
add service-group name "VoIP" comments "VoIP Protocols" member "H323"
set service-group "VoIP" add member "H323"
set service-group "VoIP" add member "MGCP"
set service-group "VoIP" add member "SCCP"
set service-group "VoIP" add member "SCCPS"
set service-group "VoIP" add member "H323_RAS"
set service-group "VoIP" add member "SIP_TCP"
set service-group "VoIP" add member "SIP_UDP"
add service-group name "SIP" comments "Session Initialization Protocols, used in VoIP" member "SIP_TCP"
set service-group "SIP" add member "SIP_TCP"
set service-group "SIP" add member "SIP_UDP"
# Default policy for firewall blade
set fw policy mode "MODE.TYPICAL" track-allowed-traffic "none" track-blocked-traffic "log"
# Local Users Group
delete local-group all
# Address range object
# Server network object
# AD groups that are in use
# Firewall rule base
# Network Objects Group model
# Access rule
# Hotspot settings
set hotspot require-auth "false" auth-mode "allow-all" timeout "240" portal-title "Check Point Hotspot" portal-msg "Welcome to Check Point Hotspot - your input is required to continue." show-terms-of-use "off"
set hotspot advanced-settings activation "on"
# Additional configuration for HTTP service
set service-system-default HTTP ips-settings non-standard-ports-action "accept" non-standard-
ports-track "log" parser-failure-action "accept" parser-failure-track "log" strict-request "true" strict-response "false" split-url "false" no-colon "true" tab-as-seperator "true" duplicate-content-length "true" duplicate-host "true" responses "false" invalid-chunk "true" empty-value "false" post "false" recursive-url "false" trailing-whitespaces "false"
# Additional configuration for HTTPS service
set service-system-default HTTPS url-filtering-settings categorize-https-sites "true"
# User awareness configuration table
set user-awareness browser-based-authentication redirect-upon-destinations "manually-defined"
redirect-upon-destination-internet "true" redirect-upon-destinations-net-objs "false" block-
unauthenticated-non-web-traffic "false" require-user-agreement "false" portal-address "<dynamic-ip>" session-timeout "720" log-out-on-portal-close "false"
set user-awareness mode "off" ad-queries-mode "off" browser-based-authentication-mode "off"
set user-awareness advanced-settings association-timeout "720"
set user-awareness advanced-settings assume-single-user "true"
# Infected host
# Global settings that affect all internet connections
set internet advanced-settings reset-sierra-usb-on-lsi-event "false"
# IP fragments parameters
set ip-fragments-params advanced-settings config track "log" limit "200" advanced-state "allow"
timeout "1" pkt-cap "false"
set ip-fragments-params advanced-settings minsize "0"
# IPS engine settings
set ips engine-settings protection-scope "protect-internal-hosts-only" bypass-under-load "false"
set ips engine-settings advanced-settings AboutConfigIPSErrorPageConfig status-code-desc "Access
denied due to IPS policy violation" show-error-code "false" send-detailed-status-code "true" enable-logo-url "false"
set ips engine-settings advanced-settings AboutConfigIPSErrorPage send-error-code "false" error-page-for-supported-web-protections "show-pre-defined-html-error-page"
# IPS topic view
# Configure the custom default policy if chosen as custom
set threat-prevention ips custom-default-policy server-protections "enable" client-protections
"enable" disable-by-confidence-level "true" disable-confidence-level-below-or-equal "Medium"
disable-by-severity "true" disable-severity-below-or-equal "Low" disable-by-performance-impact
"true" disable-performance-impact-above-or-equal "High" disable-protocol-anomalies "false"
# Threat Prevention IPS global policy
set threat-prevention ips policy mode "off" log "log" default-policy "Recommended" detect-mode "false"
# Configure exception rules to bypass IPS protections for specific traffic
delete threat-prevention ips network-exception all
# Traffic will be distributed automatically across the defined Internet connections according to
the configured load balancing weights
set internet mode "high-availability"
# Local network
set dhcp server interface "LAN1_Switch" dns "auto"
set interface "LAN1_Switch" ipv4-address "192.168.1.1" mask-length "24"
set interface "LAN1_Switch" mtu "1500"
set interface "LAN1_Switch" lan-access "accept" lan-access-track "none"
set interface "LAN1_Switch" state "on"
set dhcp server interface "LAN1_Switch" include-ip-pool "192.168.1.1-192.168.1.50"
set dhcp server interface "LAN1_Switch" exclude-ip-pool "192.168.1.2-192.168.1.10"
set dhcp server interface "LAN1_Switch" lease-time "72"
set dhcp server interface "DMZ" dns "auto"
set interface "DMZ" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "DMZ" lan-access "block" lan-access-track "log"
set interface "DMZ" state "off"
set dhcp server interface "DMZ" lease-time "72"
set dhcp server interface "Lagura" dns "auto"
set interface "Lagura" ipv4-address "192.168.252.1" mask-length "24"
set interface "Lagura" mtu "1500"
set interface "Lagura" lan-access "accept" lan-access-track "none"
set interface "Lagura" state "on"
set dhcp server interface "Lagura" include-ip-pool "192.168.252.1-192.168.252.254"
set dhcp server interface "Lagura" lease-time "72"
set dhcp server interface "LAN1" dns "auto"
set interface "LAN1" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN1" lan-access "accept" lan-access-track "none"
set interface "LAN1" state "off"
set dhcp server interface "LAN1" lease-time "72"
set dhcp server interface "LAN2" dns "auto"
set interface "LAN2" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN2" lan-access "accept" lan-access-track "none"
set interface "LAN2" state "off"
set dhcp server interface "LAN2" lease-time "72"
set dhcp server interface "LAN3" dns "auto"
set interface "LAN3" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN3" lan-access "accept" lan-access-track "none"
set interface "LAN3" state "off"
set dhcp server interface "LAN3" lease-time "72"
set dhcp server interface "LAN4" dns "auto"
set interface "LAN4" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN4" lan-access "accept" lan-access-track "none"
set interface "LAN4" state "off"
set dhcp server interface "LAN4" lease-time "72"
set dhcp server interface "LAN5" dns "auto"
set interface "LAN5" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN5" lan-access "accept" lan-access-track "none"
set interface "LAN5" state "off"
set dhcp server interface "LAN5" lease-time "72"
set dhcp server interface "LAN6" dns "auto"
set interface "LAN6" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN6" lan-access "accept" lan-access-track "none"
set interface "LAN6" state "off"
set dhcp server interface "LAN6" lease-time "72"
set dhcp server interface "LAN7" dns "auto"
set interface "LAN7" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN7" lan-access "accept" lan-access-track "none"
set interface "LAN7" state "off"
set dhcp server interface "LAN7" lease-time "72"
set dhcp server interface "LAN8" dns "auto"
set interface "LAN8" auto-negotiation "on" mtu "1500" link-speed "10/half"
set interface "LAN8" lan-access "accept" lan-access-track "none"
set interface "LAN8" state "off"
set dhcp server interface "LAN8" lease-time "72"
# Log servers configuration
set log-servers-configuration mgmt-server-ip-addr "0.0.0.0" external-log-server-enable "false"
# loginMessages
# NAT global
set nat advanced-settings ip-pool-nat ip-pool-securemote "false" ip-pool-log "log" ip-pool-per-interface "false" ip-pool-override-hide "true" ip-pool-gw2Gw "false" ip-pool-unused-return-interval "60" log-ip-pool-allocation "none" ip-pool-mode "do-not-use-IP-pool-NAT" ip-pool-alloc-per-destination "false"
set nat advanced-settings nat-limit "0"
set nat advanced-settings nat-cache-num-entries "10000"
set nat advanced-settings increase-hide-capacity "true"
set nat advanced-settings nat-cache-expiration "30"
set nat advanced-settings perform-cluster-hide-fold "false"
set nat advanced-settings nat-hash-size "0"
set nat advanced-settings nat-automatic-arp "true"
set nat advanced-settings nat-destination-client-side "true"
set nat advanced-settings nat-destination-client-side-manual "true"
set nat advanced-settings arp-proxy-merge "false"
set nat advanced-settings address-trans "true"
set nat hide-internal-networks "on"
# Manual NAT rules
# Netflow object table
# NTP
set ntp local-time-zone "TIMEZONE.KUALA_LUMPUR_SINGAPORE" auto-adjust-daylight-saving "on"
set ntp interval "30"
set ntp server primary "ntp.checkpoint.com"
set ntp active "off"
set ntp server secondary "ntp2.checkpoint.com"
# Additional configuration for PPTP service
set service-system-default PPTP_TCP ips-settings action "accept" track "log" strict "false"
# Configure proxy settings for connecting with Check Point update and license servers
set proxy "disable"
# QoS blade basic configuration
set qos default-policy limit-bandwidth-consuming-applications "on" limit-upload-traffic "enable"
upload-limit "1" limit-download-traffic "enable" download-limit "1" guarantee-bandwidth-to-
configured-traffic "off" guarantee-bandwidth-percentage "20" guarantee-bandwidth-traffic "vpn"
guarantee-bandwidth-on-services "all" ensure-low-latency-for-delay-sensitive-services "on"
set qos low-latency-traffic maximum-percentage-of-bandwidth "20"
set qos mode "off"
set qos advanced-settings qos-logging "true"
# QoS rule base rule configuration
# View for QoS rule base
# VPN Remote Access
set vpn remote-access advanced om-network-ip "172.16.10.0" om-subnet-mask "255.255.255.0"
default-route-through-this-gateway "off" enc-dom "auto" use-this-gateway-as-dns-server "on" dns-domain-mode "on"
set vpn remote-access default-access-to-lan "accept" mode "on" track "log" mobile-client "on"
sslvpn-client "off" l2tp-vpn-client "off"
set vpn remote-access advanced-settings port visitor-mode-port "443" reserve-port-443 "false"
set vpn remote-access advanced-settings office-mode single-om-per-site "false" om-perform-antispoofing "false"
set vpn remote-access advanced-settings visitor-mode enable-visitor-mode-all "all" visitor-mode-
interface "0.0.0.0"
set vpn remote-access advanced-settings update-topo-startup "true"
set vpn remote-access advanced-settings ike-ip-comp-support "false"
set vpn remote-access advanced-settings snx-upgrade "ask-user"
set vpn remote-access advanced-settings disconnect-enc-domain "true"
set vpn remote-access advanced-settings om-enable-with-multiple-if "false"
set vpn remote-access advanced-settings snx-encryption-enable-rc4 "true"
set vpn remote-access advanced-settings allow-update-topo "false"
set vpn remote-access advanced-settings enable-back-conn "false"
set vpn remote-access advanced-settings prevent-ip-pool-nat "false"
set vpn remote-access advanced-settings allow-caching-passwords-on-client "false"
set vpn remote-access advanced-settings allow-clear-traffic-while-disconnected "true"
set vpn remote-access advanced-settings allow-simultaneous-login "true"
set vpn remote-access advanced-settings disable-office-mode "false"
set vpn remote-access advanced-settings verify-gateway-cert "true"
set vpn remote-access advanced-settings snx-user-re-auth-timeout "480"
set vpn remote-access advanced-settings ike-support-crash-recovery "true"
set vpn remote-access advanced-settings ike-over-tcp "false"
set vpn remote-access advanced-settings is-udp-enc-active "true"
set vpn remote-access advanced-settings endpoint-vpn-user-re-auth-timeout "480"
set vpn remote-access advanced-settings keep-alive-time "20"
set vpn remote-access advanced-settings enc-method "ike-v1"
set vpn remote-access advanced-settings om-method-radius "false"
set vpn remote-access advanced-settings snx-keep-alive-timeout "20"
set vpn remote-access advanced-settings enc-dns-traffic "true"
set vpn remote-access advanced-settings snx-uninstall-on-disconnect "do-not-uninstall"
set vpn remote-access advanced-settings use-limited-auth-timeout "false"
set vpn remote-access advanced-settings update-topo "168"
set vpn remote-access advanced-settings auth-timeout-limit "120"
# Cloud report
# Serial port
set serial-port port-speed "115200" flow-control "rts-cts" disabled "false" mode "console"
# SNMP general configuration options
set snmp agent "off" agent-version "any" community "public"
# Additional configuration for SNMP service
set service-system-default SNMP firewall-settings read-only "false"
# snmp traps
set snmp traps trap-name "interface-disconnected" enable "on" severity "4" repetitions "1" repetitions-delay "30"
set snmp traps trap-name "interface-unassigned" enable "on" severity "4" repetitions "1" repetitions-delay "30"
set snmp traps trap-name "high-memory-utilization" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "90"
set snmp traps trap-name "low-disk-space" enable "on" severity "4" repetitions "1" repetitions-
delay "30" threshold "10"
set snmp traps trap-name "high-cpu-utilization" enable "off" severity "4" repetitions "1"
repetitions-delay "30" threshold "95"
set snmp traps trap-name "high-cpu-interrupts-rate" enable "off" severity "4" repetitions "1"
repetitions-delay "30" threshold "20000000"
set snmp traps trap-name "high-connections-rate" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "3000"
set snmp traps trap-name "high-concurrent-connections" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "50000"
set snmp traps trap-name "high-firewall-throughput" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "1000"
set snmp traps trap-name "high-accepted-packet-rate" enable "on" severity "4" repetitions "1"
repetitions-delay "30" threshold "100000"
set snmp traps trap-name "cluster-member-state-changed" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-severe-active" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-state" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "cluster-member-device-status-problem" enable "off" severity "4"
repetitions "1" repetitions-delay "30"
set snmp traps trap-name "cluster-interface-problem" enable "off" severity "4" repetitions "1"
repetitions-delay "30"
set snmp traps trap-name "connection-with-log-server-error" enable "on" severity "4" repetitions
"1" repetitions-delay "30"
# snmp users
delete snmp users all
# Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent's way
of notifying the manager that something is wrong
delete snmp traps-receivers all
# Additional configuration for SSH service
set service-system-default SSH ips-settings block-version "false"
# Static routes
delete static-routes
# Streaming engine settings
delete streaming-engine-settings
set streaming-engine-settings tcp-block-out-of-win-mon-only "prevent" tcp-block-out-of-win-track
"none" tcp-block-retrans-err-mon-only "prevent" tcp-block-retrans-err-track "log" tcp-block-syn-
retrans-mon-only "prevent" tcp-block-syn-retrans-track "log" tcp-block-urg-bit-mon-only "prevent"
tcp-block-urg-bit-track "log" tcp-hold-timeout-mon-only "prevent" tcp-hold-timeout-track "log"
tcp-invalid-checksum-mon-only "prevent" tcp-invalid-checksum-track "none" tcp-segment-limit-mon-
only "prevent" tcp-segment-limit-track "log"
# Policy for Threat Prevention, shared by Anti-Virus and Anti-Bot
set threat-prevention policy high-confidence "prevent" medium-confidence "prevent" low-confidence
"detect" performance-impact "medium" track "log"
set threat-prevention policy advanced-settings fail-mode "allow-all-requests"
set threat-prevention policy advanced-settings block-requests-when-the-web-service-is-unavailable
"false"
# Threat Prevention Anti-Bot policy
set threat-prevention anti-bot policy mode "off" detect-mode "off"
set threat-prevention anti-bot policy advanced-settings res-class-mode "rs-hold"
# Threat Prevention Anti-Virus policy
set threat-prevention anti-virus policy mode "off" detect-mode "off" scope "incoming" interfaces
"external-dmz" protocol-http "true" protocol-mail "true" protocol-ftp "true" file-types-policy
"malware"
set threat-prevention anti-virus policy advanced-settings max-nesting-level "7"
set threat-prevention anti-virus policy advanced-settings action-when-nesting-level-exceeded
"block"
set threat-prevention anti-virus policy advanced-settings file-scan-size-kb "0"
set threat-prevention anti-virus policy advanced-settings priority-scanning "true"
set threat-prevention anti-virus policy advanced-settings res-class-mode "rs-hold"
# Malware exceptions
delete threat-prevention exceptions all
# Threat prevention whitelist file
delete threat-prevention whitelist type-file all
# Threat Prevention whitelist URL
delete threat-prevention whitelist type-url all
# Web Interface Settings and Customizations
delete ui-settings
set ui-settings use-custom-webui-logo "false"
# Users and administrators
# Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet
connectivity problems
set usb-modem-watchdog advanced-settings interval "5"
set usb-modem-watchdog advanced-settings mode "off"
# Configured administrator for the appliance
add administrator username "admin" password-hash "$1$pqXRwj91$pfpHFBF003C0u/ytWGLGO0" permission "read-write"
# Users RADIUS server
set radius-server priority "1" udp-port "1812" timeout "3"
set radius-server priority "2" udp-port "1812" timeout "3"
# VPN Global
set vpn site-to-site enc-dom manual remove-all name
set vpn site-to-site mode "on" default-access-to-lan "accept" track "log" local-encryption-domain
"auto" sourceIpSelection "automatically" outgoing-interface-selection "routing-table"
set vpn site-to-site advanced-settings ike-dos-protection-known-sites "none"
set vpn site-to-site advanced-settings maximum-concurrent-ike-negotiations "200"
set vpn site-to-site advanced-settings reply-from-same-ip "true"
set vpn site-to-site advanced-settings check-validity-of-ipsec-reply-packets "false"
set vpn site-to-site advanced-settings ike-dos-protection-unknown-sites "none"
set vpn site-to-site advanced-settings permanent-tunnel-down-track "log"
set vpn site-to-site advanced-settings log-vpn-outgoing-link "none"
set vpn site-to-site advanced-settings enable-link-selection "true"
set vpn site-to-site advanced-settings maximum-concurrent-vpn-tunnels "10000"
set vpn site-to-site advanced-settings period-before-crl-valid "7200"
set vpn site-to-site advanced-settings perform-ike-using-cluster-ip "true"
set vpn site-to-site advanced-settings limit-open-sas "20"
set vpn site-to-site advanced-settings timeout-for-an-rdp-packet-reply "10"
set vpn site-to-site advanced-settings ike-use-largest-possible-subnets "true"
set vpn site-to-site advanced-settings log-vpn-packet-handling-errors "log"
set vpn site-to-site advanced-settings is-admin-access-agnostic "true"
set vpn site-to-site advanced-settings log-notification-for-administrative-actions "log"
set vpn site-to-site advanced-settings udp-encapsulation-for-firewalls-and-proxies "true"
set vpn site-to-site advanced-settings period-after-crl-not-valid "1800"
set vpn site-to-site advanced-settings sync-sa-with-other-cluster-members "200000"
set vpn site-to-site advanced-settings keep-dont-fragment-flag-on-packet "false"
set vpn site-to-site advanced-settings log-vpn-successful-key-exchange "log"
set vpn site-to-site advanced-settings copy-diff-serv-from-ipsec-packet "false"
set vpn site-to-site advanced-settings tunnel-test-from-internal "false"
set vpn site-to-site advanced-settings reply-from-incoming-interface "false"
set vpn site-to-site advanced-settings permanent-tunnel-up-track "log"
set vpn site-to-site advanced-settings vpn-configuration-and-key-exchange-errors "log"
set vpn site-to-site advanced-settings vpn-tunnel-sharing "subnets"
set vpn site-to-site advanced-settings copy-diff-serv-to-ipsec-packet "true"
# Configure remote VPN sites
delete vpn site all
# Wireless networks
set wlan radio country "other" operation-mode "11ng" channel "auto" channel-width "20
transmitter-power "full"
set wlan radio advanced-settings antenna "auto"
set wlan radio "on"
set wlan radio advanced-settings guard-interval "short"
# Wireless statistics
# Wireless statistics per vap
1140-Gateway> expert
This is the first time you enter the expert mode.
Expert password must be changed.
Enter new expert password:
Illegal password choice: it is based on a dictionary word, try again.
Enter new expert password:
Enter new expert password (again):
You are in expert mode now.
Expert@1140-Gateway]# ifconfig // EXPERTS MODE SUPPORTS LINUX COMMANDS
LAN1 Link encap:Ethernet HWaddr 00:1C:7F:2F:93:E9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:15
WAN Link encap:Ethernet HWaddr 00:1C:7F:2F:93:E8
inet addr:222.165.111.178 Bcast:222.165.111.255 Mask:255.255.248.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:320633 errors:0 dropped:0 overruns:0 frame:0
TX packets:106254 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:228209724 (217.6 MiB) TX bytes:11919551 (11.3 MiB)
Interrupt:11
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5187 errors:0 dropped:0 overruns:0 frame:0
TX packets:5187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:444534 (434.1 KiB) TX bytes:444534 (434.1 KiB)
wifi0 Link encap:Ethernet HWaddr 48:A9:D2:86:F6:21
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:499 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:9 Memory:e0b40000-e0b50000
wlan0 Link encap:Ethernet HWaddr 48:A9:D2:86:F6:21
inet addr:192.168.252.1 Bcast:192.168.252.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:2290 Metric:1
RX packets:120298 errors:5684 dropped:0 overruns:0 frame:0
TX packets:198359 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14166128 (13.5 MiB) TX bytes:225822886 (215.3 MiB)
[Expert@1140-Gateway]# top // show proc cpu IN CISCO
Mem: 360460K used, 154520K free, 0K shrd, 0K buff, 128272K cached
CPU: 0% usr 0% sys 0% nice 100% idle 0% io 0% irq 0% softirq
Load average: 0.34 0.71 0.70
PID PPID USER STAT RSS VSZ %MEM %CPU COMMAND
1928 1261 root S 53884 128m 26% 0% fw sfwd
2223 1 root S < 9648 67244 13% 0% /opt/fw1/bin/fw web_mon start
2205 2201 root S < 15860 36532 7% 0% /pfrm2.0/bin/lua
/pfrm2.0/share/lua/5.1/sapi/sfw_webd/sfw_webd.lua
1270 1261 root S < 11308 35788 7% 0% cposd
4517 2735 root S 8872 29024 6% 0% /pfrm2.0/bin/lua /pfrm2.0/bin/cli/runCliCommand.lua
expert
1321 1261 root S 1804 28688 6% 0% rtdbd
541 1 root S 2104 21072 4% 0% /pfrm2.0/bin/ntpd /fwtmp/system.db
468 1 root S 2120 21068 4% 0% /pfrm2.0/bin/evtDsptchd /fwtmp/system.db
488 1 root S 2096 21064 4% 0% /pfrm2.0/bin/platformd /fwtmp/system.db
531 1 root S 1148 20544 4% 0% /pfrm2.0/bin/rebootd /fwtmp/system.db
2735 2723 root S 12120 14920 3% 0% /pfrm2.0/bin/newSfwsh.bin
2025 1928 root S 4364 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2047 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2045 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2046 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2048 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2049 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2024 1928 root S 4248 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2050 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2065 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
983 982 root S 5352 8836 2% 0% /pfrm2.0/bin/thttpd -nos -c **.cgi -d
/pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1261 1 root S 2292 6248 1% 0% cpwd
1510 1 root S < 1772 5636 1% 0% /usr/sbin/hostapd /etc/hostap/wireless3.conf
982 1 root S 968 5412 1% 0% thttpd watchdog tpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1544 1 root S < 1152 4756 1% 0% /usr/bin/arping -S 0 -E 30 -I WAN 222.165.104.1
2142 1 root S 1176 4752 1% 0% /sbin/getty -L ttyS0 115200 vt100
999 1 root S 608 4748 1% 0% syslogd -l 7 -p /logs/messages -t 0 -x /pfrm2.0/bin/log_gzip.sh
4540 4520 root R 1168 4748 1% 0% top
1628 1 root S < 1396 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.wlan0 -lf /var/dhcpd.leases.wlan0 -pf /var/run/dhcpd.pid.wlan0 wlan0
1615 1 root S < 900 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.LAN1 -lf
/var/dhcpd.leases.LAN1 -pf /var/run/dhcpd.pid.LAN1 LAN1
2723 981 root S 1432 4312 1% 0% dropbear -j -k -p 22 -r /pfrm2.0/etc/dropbear_rsa_host_key
1464 1 root S < 1132 4236 1% 0% /pfrm2.0/bin/dhclient -q -e
CONN_STATUS=/var/dhclient.status.WAN -e WAN_INDEX=0 -pf /var/run/dhclient.pid.WAN -cf
/var/dhclient.conf.WAN -lf /var/
981 1 root S 584 4188 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1476 1 nobody S < 892 3888 1% 0% /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h
-H /var/hosts -c 0 -E --domain=#
1014 1 root S 236 3632 1% 0% /pfrm2.0/bin/fReset
807 1 root S 816 3556 1% 0% /opt/fw1/bin/sfw_netflowd
4520 4517 root S 1528 2776 1% 0% bash
2201 1 root S < 1204 2676 1% 0% /bin/sh /pfrm2.0/bin/start_sfw_webd.sh
1 0 root S 576 1592 0% 0% init
420 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd3]
383 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd10]
779 2 root RW 0 0 0% 0% [fw_worker_0]
3 2 root SWN 0 0 0% 0% [ksoftirqd/0]
95 2 root SW 0 0 0% 0% [pdflush]
4 2 root SW< 0 0 0% 0% [events/0]
115 2 root SW< 0 0 0% 0% [led_wq]
728 2 root SW 0 0 0% 0% [kissd]
2 0 root SW< 0 0 0% 0% [kthreadd]
5 2 root SW< 0 0 0% 0% [khelper]
67 2 root SW< 0 0 0% 0% [kblockd/0]
70 2 root SW< 0 0 0% 0% [khubd]
73 2 root SW< 0 0 0% 0% [kmmcd]
Mem: 360412K used, 154568K free, 0K shrd, 0K buff, 128272K cached
CPU: 0% usr 0% sys 0% nice 98% idle 0% io 0% irq 0% softirq
Load average: 0.31 0.70 0.70
PID PPID USER STAT RSS VSZ %MEM %CPU COMMAND
779 2 root RW 0 0 0% 0% [fw_worker_0]
1544 1 root S < 1152 4756 1% 0% /usr/bin/arping -S 0 -E 30 -I WAN 222.165.104.1
1928 1261 root S 53884 128m 26% 0% fw sfwd
2223 1 root S < 9648 67244 13% 0% /opt/fw1/bin/fw web_mon start
2205 2201 root S < 15860 36532 7% 0% /pfrm2.0/bin/lua
/pfrm2.0/share/lua/5.1/sapi/sfw_webd/sfw_webd.lua
1270 1261 root S < 11308 35788 7% 0% cposd
4517 2735 root S 8872 29024 6% 0% /pfrm2.0/bin/lua /pfrm2.0/bin/cli/runCliCommand.lua
expert
1321 1261 root S 1804 28688 6% 0% rtdbd
541 1 root S 2104 21072 4% 0% /pfrm2.0/bin/ntpd /fwtmp/system.db
468 1 root S 2120 21068 4% 0% /pfrm2.0/bin/evtDsptchd /fwtmp/system.db
488 1 root S 2096 21064 4% 0% /pfrm2.0/bin/platformd /fwtmp/system.db
531 1 root S 1148 20544 4% 0% /pfrm2.0/bin/rebootd /fwtmp/system.db
2735 2723 root S 12120 14920 3% 0% /pfrm2.0/bin/newSfwsh.bin
2025 1928 root S 4364 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2047 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2045 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2046 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2048 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2049 2025 nobody S 2192 12524 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/UserCheck/httpd.conf -DPORTAL_NAME_UserCheck
2024 1928 root S 4248 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2050 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
2065 2024 nobody S 2160 12372 2% 0% /opt/fw1/web/Apache/apache2/bin/httpd -DFOREGROUND -k start -f /opt/fw1/conf/multiportal/httpd-conf/hotspot/httpd.conf -DPORTAL_NAME_hotspot
983 982 root S 5352 8836 2% 0% /pfrm2.0/bin/thttpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
1261 1 root S 2292 6248 1% 0% cpwd
1510 1 root S < 1772 5636 1% 0% /usr/sbin/hostapd /etc/hostap/wireless3.conf
982 1 root S 968 5412 1% 0% thttpd watchdog tpd -nos -c **.cgi -d /pfrm2.0/var/www -p 80 -sport 4434 -cert /var/certs/self/https.crt -key /var/certs/self/https.key -i /var/ru
4540 4520 root R 1320 4824 1% 0% top
2142 1 root S 1176 4752 1% 0% /sbin/getty -L ttyS0 115200 vt100
999 1 root S 608 4748 1% 0% syslogd -l 7 -p /logs/messages -t 0 -x /pfrm2.0/bin/log_gzip.sh
1628 1 root S < 1396 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.wlan0 -lf /var/dhcpd.leases.wlan0 -pf /var/run/dhcpd.pid.wlan0 wlan0
1615 1 root S < 900 4576 1% 0% /pfrm2.0/bin/dhcpd -q -cf /etc/dhcpd.conf.LAN1 -lf
/var/dhcpd.leases.LAN1 -pf /var/run/dhcpd.pid.LAN1 LAN1
2723 981 root S 1432 4312 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1464 1 root S < 1132 4236 1% 0% /pfrm2.0/bin/dhclient -q -e
CONN_STATUS=/var/dhclient.status.WAN -e WAN_INDEX=0 -pf /var/run/dhclient.pid.WAN -cf
/var/dhclient.conf.WAN -lf /var/
981 1 root S 584 4188 1% 0% dropbear -j -k -p 22 -r
/pfrm2.0/etc/dropbear_rsa_host_key
1476 1 nobody S < 892 3888 1% 0% /pfrm2.0/bin/dnsmasq -y -x /var/run/dnsmasq.pid -h
-H /var/hosts -c 0 -E --domain=#
1014 1 root S 236 3632 1% 0% /pfrm2.0/bin/fReset
807 1 root S 816 3556 1% 0% /opt/fw1/bin/sfw_netflowd
4520 4517 root S 1528 2776 1% 0% bash
2201 1 root S < 1204 2676 1% 0% /bin/sh /pfrm2.0/bin/start_sfw_webd.sh
1 0 root S 576 1592 0% 0% init
420 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd3]
383 2 root SWN 0 0 0% 0% [jffs2_gcd_mtd10]
3 2 root SWN 0 0 0% 0% [ksoftirqd/0]
95 2 root SW 0 0 0% 0% [pdflush]
4 2 root SW< 0 0 0% 0% [events/0]
115 2 root SW< 0 0 0% 0% [led_wq]
728 2 root SW 0 0 0% 0% [kissd]
2 0 root SW< 0 0 0% 0% [kthreadd]
5 2 root SW< 0 0 0% 0% [khelper]
67 2 root SW< 0 0 0% 0% [kblockd/0]
70 2 root SW< 0 0 0% 0% [khubd]
73 2 root SW< 0 0 0% 0% [kmmcd]
[Expert@1140-Gateway]# exit
exit
1140-Gateway> cpshell // ALTERNATE TO EXPERT MODE
? for list of commands
[1140-Gateway]#
