StoneBlog.stonesoft.com

Last year, Stonesoft France signed a partnership with the Institute of technology of Nice-Sophia-Antipolis (South of France). This partnership consisted in including Stonesoft in the degree’s training programme so that future engineers are certified on Stonesoft’s solutions and products. This is a double advantage for them and for Stonesoft. From now on,

these freshly graduated people will be able to encourage the installation of Stonesoft’s solutions within companies and will benefit from a more technical background. They get to know the whole offer of one more vendor.

 On Friday the 19th of June, the graduation ceremony was taking place in Sophia Antipolis.

Leonard Dahan, country manager, travelled to the South of France to attend the ceremony and give the students their diploma, himself!

written by Pauline - 20 views

Following the SMC scripting galore trend here’s another tool for you, hoping you find it useful.

The scenario is when you need to verify/validate from command line is a given policy has issues if installed on a particular engine (but naturally without installing it).

The command sgPolicyCheck.[bat|sh] can be issued with the following parameters and options.

Parameters:
host=<Mgtserver address> (default: 127.0.0.1)login=<loginname> (default: root)
pass=<password> (default: password)
cluster=<cluster name> (default: "")
policy=<policy name> (default: "")
all_clusters=<use all clusters> (default: false)

An example could be:

C:\Stonesoft\StoneGate\bin>sgPolicyCheck.bat host=192.168.1.101 login=root pass=mypass cluster=FW-5000 policy="verify-this-policy"
…and the output is similar to the one reported below:

Connect to Management Server: root@191.168.1.101
Validation of Firewall Policy verify-this-policy on Single Firewall FW-5000:

6 issues found.
  6 warnings found:
    2 Missing Definitions found.
      Rule @2.0
      Rule @3.0
    2 Unreachable Rules found.
      Rule @1006.0
      Rule @981.0
    2 NAT and Routing Definitions found.
      Rule @1274.5
      Rule @1157.0

As usual, Files area of StoneBlog Community contains the script for Windows and for Linux.

written by RoarinPenguin - 21 views \\ tags: batch interaction, script, SMC

written by teroja - 34 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos

Here we go with a second article to enable batch interaction with a StoneGate Management Center: this one is about publishing a ready made policy to a StoneGate Firewall/VPN Engine.

Scenario could be, for instance, that you receive an alert raising the DefCon level and you want to react by activating a more restrictive policy.

The script for you today is called sgUploadFw.[sh|bat] and the syntax is:

sgUploadFw.[bat|sh] [host=hostname] [login=loginname] [pass=password] cluster=clustername [cluster=otherclustername] policy=policyname

host ==> SMC host where you want this script to be executed.
login ==> login of an Administrator Profile, who has rights to operate on given elements
pass ==> password (yes, in cleartext. It’s up to you to decide about security level you want to implement )
cluster ==> could be a single node or a cluster of engines
policy ==> the name of the policy you want to upload

Example and output:

C:\Stonesoft\StoneGate\bin>sgUploadFw.bat host=192.168.1.101 login=root pass=mypassword cluster=”FW-5000″ policy=”DefCon 1″
Finding cluster(s)
Found FW-5000
Found policy: DefCon 1
Accepted a compatible cluster: FW-5000
Starting upload
Waiting 900 seconds…

Contacting nodes of FW-5000
Connection ok on firewall FW-5000
Preparing configuration for FW-5000
Policy snapshot started
Policy snapshot created.
Uploading configuration on FW-5000
New configuration generated for firewall FW-5000
New configuration uploaded to firewall FW-5000
Rule @1279.6 has Source NAT translated to ipaddresses that corresponds to an int
erface address
Applying configuration on FW-5000
New configuration activated on firewall FW-5000
Checking connectivity on FW-5000
Contact with firewall FW-5000 confirmed
Policy installation successful for FW-5000

upload finished

To download the script for Windows click here, while the version for Linux is available here.

Both scripts will remain available in StoneBlog Community, Files area.

written by RoarinPenguin - 24 views \\ tags: batch interaction, script, SMC, upload policy

written by teroja - 58 views \\ tags: 5.0, Examples, SMC, Tips & Tricks, Training, Videos

Since I didn’t find a way using SMC (v4.3.6) to create a communication matrix that contains any unique host to host communication within a specified time range, I wrote a short python script which creates a communication matrix from exported Stonegate logs in CSV format.

The script is just a short hack. Thus it is not well designed.

You might want to check it out here

written by Bernd Bornkessel - 101 views

Thinking about oxymoron? Nope… this is first of a series of posts to show how it is possible to interact within a batch script with SMC, to automate tasks.

Scripts linked to this posts will remain available in StoneBlog Community under StoneFiles repository for free download.

Useless to remind that these are unsupported scripts, although I’ve tested them up to latest release and they work nicely

First script I’d like to share is about automating some commands to StoneGate Firewall/VPN or IPS Engine.

Continue reading »

written by RoarinPenguin - 106 views \\ tags: automation, script, SMC

Couple of days ago, my Google Alert agent reported me a link to a page titled Windows 7 Stonesoft VPN Client V5 Installation Windows Live.

Bit curious about what this could be, I clicked on it and I found a web album by one of our customers who tried installing our VPN Client 5 on Windows 7.

He was so happy about results, that he decided to post the screenshot on his web album (and he authorized me to republish it here below):

Stonians are everywhere, thanks Jörg!

written by RoarinPenguin - 109 views \\ tags: stonegate, vpn client 5, windows 7

It is common for distributed organizations to have multiple engines in different locations as main gateways for protecting the perimeter of the local network.

Sometimes the firewall sees information that are unrelated specifically to network security; still, these information could be very useful to be centrally collected.

This post shows how it is possible to use StoneGate Central Log Processing to collect this information centrally.

Continue reading »

written by RoarinPenguin - 232 views \\ tags: information retrieval, log, script

This article refers to previous post in which I illustrated how to create a logging profile to allow a 3rd party device syslog stream to be received by StoneGate Log Server.

I’ll deepen this information in this post by showing how to go from log collection to centralized log processing and reporting, using an Apache Web Server as log sending device. The ultimate goal is to use some parsed data from Web Server to create a basic report using StoneGate Reporting functionality included in StoneGate Management Center.

Continue reading »

written by RoarinPenguin - 256 views \\ tags: 3rd party devices, logs, profile