Friday, 21 December 2012
Checkpoint Policy Installation (a lot of buggy stuff)
- No traffic
- while installing policy, a lot of non-meaningful messages;
Firstly, Check /opt whether it is full or not.. It is vital. believe me.
Tufin - Accelerate Policy analysis calculations & Increase the amount of memory for Java
These configs are tested on 12.2 HF6;
1. Accelerate Policy analysis calculations.
Instruction:
1. Login to SecureTrack’s GUI.
2. Add stcgitest.htmat the end of the address (Example: https://192.168.1.1/stcgitest.htm).
3. Choose ‘Edit stconf’
4. Click ‘Fetch current conf’.
5. Change the following XML tag from "0" to "1": <is_calc_topology_based_on_JAVA>1</is_calc_topology_based_on_JAVA>
6. Save the new configuration by clicking ‘Submit new conf’ on the bottom of the screen.
2. Increase the amount of memory which can be allocated for Java:
Instruction:
1. Login to SecureTrack’s CLI as root
2. Run the command: #vi /usr/jboss-4.2.2.GA/bin/run.conf
3. Find line: JAVA_OPTS="$JAVA_OPTS -Xms512m -Xmx1024m
4. Change to: JAVA_OPTS="$JAVA_OPTS -Xms1024m -Xmx4096m
5. Save the file and exit.
6. Run the command: #service jboss restart
Tufin Syslog Debug & St Info
SYSLOG Debug
1. Log in to SecureTrack CLI as ‘root’.
2. Run the command: #tcpdump -i eth0 -vv -w /tmp/Tufin.pcap -s 1500 src <ip address of device> and udp dst port 514
3. Edit the file: vi /etc/sysconfig/stconf.xml
a. Find the line <DetailLevel>normal</DetailLevel> and change ‘normal’ to ‘fine’.
b. Add the tag: <Number_Of_Syslog_Message_Handlers>1</Number_Of_Syslog_Message_Handlers>
c. Save & exit
4. Run the following commands:
#tail -F /var/log/st/syslog_message_handler_0 > /tmp/syslog_message_handler.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
#tail -F /var/log/st/syslog_change_log_manager >/tmp/syslog_change_log_manager.log &
#tail -F /var/log/st/syslog_traffic_log_manager >/tmp/syslog_traffic_log_manager.log &
5. Run the command #st restart syslog
6. Commit a change on the device (e.g. add a comment) and wait 5 minutes approximately. Wait for this issue to reproduce.
7. Stop writing to temp logs (#killall tail).
8. revert changes in etc/sysconfig/stconf.xml
9. Run #st restart syslog
10. Send me the log files + /tmp/Tufin.pcap
-------------------------------------------
st info is smilar to cpinfo in Check Point, it does collect the Tufin's full config, not the monitored device revisions or policies.
Part 2: Create STINFO file.
1. Log in to SecureTrack’s CLI as root.
2. Run the command #st info
Juniper SSG - NS (config buffer problem)
Symptoms
It is caused by the buffer size, when tufin initiates "get config". It displays only limited part of the full config. This creates a problem while tufin is trying to get the full configuration;
Connection error! Reason:
Connection closed by foreign host.
Solution
set console page 0 | > set cli screen-length 0 |
This allows tufin to get the full configuration as Juniper does not limit its display with a limited buffer.
Tufin Troubleshooting
Device Specific Communication Problems
1. The version of SecureTrack; Please verify this by running the #st ver command from CLI.
2. the output of the #top -cd1 command.
1) Rise the debug level to high :
# sed -i 's/expect --/expect -d/g' /usr/local/st/*login # sed -I 's/normal/fine/1' /etc/sysconfig/stconf.xml
2) Then use tail for each one of the log files of the problematic device :
# tail -F /var/log/st/var/log/st/securetrack.client.<Device_IP>_<ID> /tmp/device1.log
Make sure to use a capital F ('#tail -F')
3) Then run the command:
'#st restart'
4) Wait for 10 minutes (depends on the current timeout you have
defined) and let the tail -f collect all information needed.
5) Send all /tmp/client<IP>.log files to the support engineer.
7) When you have finished please run :
# sed -i 's/expect -d/expect --/g' /usr/local/st/*login # sed -i 's/fine/normal/1' /etc/sysconfig/stconf.xml
# st restart
Subscribe to:
Posts (Atom)