Firewall policy in InitialPolicy-checkpoint-gaia,secureplatform
Vendor: checkpoint
OS: gaia,secureplatform
Description:
indeni will alert when a Check Point firewall is running with the InitialPolicy policy.
Remediation Steps:
Ensure a valid policy is installed.
How does this work?
An MD5 hash is calculated along with the policy name.
Why is this important?
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
Without Indeni how would you find this?
An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.
chkp-policy-fingerprint-novsx
name: chkp-policy-fingerprint-novsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
vendor: checkpoint
or:
- os.name: gaia
- os.name: secureplatform
vsx:
neq: true
role-firewall: 'true'
comments:
policy-installed-fingerprint:
why: |
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
how: |
An MD5 hash is calculated along with the policy name.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
command: ${nice-path} -n 15 fw stat && ${nice-path} -n 15 md5sum $FWDIR/state/local/FW1/local.str
parse:
type: AWK
file: policy-fingerprint-novsx.parser.1.awk
chkp_initial_policy_vsx
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/checkpoint/chkp_initial_policy_vsx.scala