Firewall policy in InitialPolicy-checkpoint-gaia,secureplatform

Firewall policy in InitialPolicy-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will alert when a Check Point firewall is running with the InitialPolicy policy.

Remediation Steps:
Ensure a valid policy is installed.

How does this work?
An MD5 hash is calculated along with the policy name.

Why is this important?
If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.

Without Indeni how would you find this?
An administrator could login and manually check which policy is installed, and when it was installed, comparing between all cluster members.

chkp-policy-fingerprint-novsx

name: chkp-policy-fingerprint-novsx
description: Retrieve policy name and unique identifier
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    vsx:
        neq: true
    role-firewall: 'true'
comments:
    policy-installed-fingerprint:
        why: |
            If all members of a cluster do not have the same security policy installed, unexpected issues can arise after a failover.
        how: |
            An MD5 hash is calculated along with the policy name.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: ${nice-path} -n 15 fw stat && ${nice-path} -n 15 md5sum $FWDIR/state/local/FW1/local.str
    parse:
        type: AWK
        file: policy-fingerprint-novsx.parser.1.awk

chkp_initial_policy_no_vsx

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/checkpoint/chkp_initial_policy_no_vsx.scala