Check Point Gateway

#
# Configuration of sanmartin
# Language version: 14.1v1
#
# Exported by agrin on Tue Nov 22 14:53:42 2022
#
set installer policy check-for-updates-period 3
set installer policy periodically-self-update on
set installer policy auto-compress-snapshot on
set installer policy self-test install-policy off
set installer policy self-test network-link-up off
set installer policy self-test start-processes on
set arp table cache-size 4096
set arp table validity-timeout 60
set arp announce 2
set ip-conflicts-monitor state off
set message banner on
set message motd off
set message caption off

set core-dump enable
set core-dump total 1000
set core-dump per_process 2
set core-dump send_crash_data off
set clienv debug 0
set clienv echo-cmd off
set clienv output pretty
set clienv prompt "%M"
set clienv rows 0
set clienv syntax-check off
set dns mode default
set dns suffix correo.local
set dns primary 10.1.10.9
set dns secondary 10.1.10.44
set dns tertiary 10.1.10.38
set expert-password-hash $1$BBBXNBZB$qa8vFdAy4OzihK.R3zPf0.
set format date dd-mmm-yyyy
set format time 24-hour
set format netmask Dotted
set hostname sanmartin
add allowed-client host any-host
set web table-refresh-rate 15
set web session-timeout 10
set web ssl-port 4434
set web ssl3-enabled off
set web daemon-enable on
set inactivity-timeout 10
set ipv6-state off
add command api path /bin/api_wrap description "Start, stop, or check status of API
server"
add command tecli path /bin/tecli_start description "Threat Emulation Blade shell"
set lcd screensaver mode model
set lcd screensaver timeout 30
set net-access telnet off

set ntp active on
set ntp server primary 192.168.2.31 version 1
set ntp server secondary 192.168.1.4 version 1
set password-controls min-password-length 6
set password-controls complexity 2
set password-controls palindrome-check true
set password-controls history-checking true
set password-controls history-length 10
set password-controls password-expiration never
set password-controls expiration-warning-days 7
set password-controls expiration-lockout-days never
set password-controls force-change-when no
set password-controls deny-on-nonuse enable false
set password-controls deny-on-nonuse allowed-days 365
set password-controls deny-on-fail enable false
set password-controls deny-on-fail failures-allowed 10
set password-controls deny-on-fail allow-after 1200
set password-controls password-hash-type SHA512
set user admin shell /bin/bash
set user admin password-hash $1$9nIPTJEn$1m11NPd7sWyWNeZy9AsGr0
add user agrin uid 0 homedir /home/agrin
add rba user agrin roles adminRole
set user agrin gid 0 shell /bin/bash
set user agrin realname "Agrin"
set user agrin password-hash $1$YTCuWF4z$eCVx9I11I8d7TiKQcO9500
add user dgaggero uid 0 homedir /home/dgaggero
add rba user dgaggero roles adminRole
set user dgaggero gid 100 shell /bin/bash
set user dgaggero realname "Diego Gaggero"
set user dgaggero password-hash
$6$rounds=10000$Wm6tttfQ$fGGbLilAycGZ7o5AUwr7QGqGYdY89q1VQ7xU70SCOrG8fSyuvcKC4c2NCF
aIk2/CMhIMfVBt4nw.NK2xzt.7M0
add user jescobar uid 0 homedir /home/jescobar
add rba user jescobar roles adminRole
set user jescobar gid 0 shell /bin/bash
set user jescobar realname "Jescobar"
set user jescobar password-hash $1$WQYlIvJ.$e844bcWmiOFkaxU06Svec1
set user monitor shell /etc/cli.sh
set user monitor password-hash *
add user scornu uid 0 homedir /home/scornu
add rba user scornu roles adminRole
set user scornu gid 100 shell /bin/bash
set user scornu realname "Scornu"
set user scornu password-hash
$6$rounds=10000$O1/Z.4p9$zu08I3CO9GQ7K.lgolECN07FbCDc5pnDlxjVbltK/
RxLq1yF0RoHlm4M.EMCWZ8JUKUyNv7GHHjsbhPiXIFTU.
add user zextfvega uid 0 homedir /home/zextfvega
add rba user zextfvega roles adminRole
set user zextfvega gid 100 shell /bin/bash
set user zextfvega realname "Zextfvega"
set user zextfvega password-hash
$6$RGtMWhx7$XFr.1mQ4rrooUNG1D80dE8urIae9rS2wdRRz6nGwRJDcN.WU1e7Ywq4ufXCE6n/
RDc51d2FoFQjVDIZc95i55/
set max-path-splits 8
set tracefile maxnum 10
set tracefile size 1
set router-options multithreading on
set routedsyslog on
set ssh server cipher 3des-cbc off
set ssh server cipher aes128-cbc on
set ssh server cipher aes128-ctr on
set ssh server cipher aes128-gcm@openssh.com on
set ssh server cipher aes192-cbc off
set ssh server cipher aes256-cbc off
set ssh server cipher aes256-gcm@openssh.com on
set ssh server cipher chacha20-poly1305@openssh.com on
set ssh server cipher rijndael-cbc@lysator.liu.se off
set ssh server mac hmac-md5-96-etm@openssh.com off
set ssh server mac hmac-md5-etm@openssh.com off
set ssh server mac hmac-sha1 on
set ssh server mac hmac-sha1-96-etm@openssh.com off
set ssh server mac hmac-sha1-etm@openssh.com on
set ssh server mac hmac-sha2-256 on
set ssh server mac hmac-sha2-256-etm@openssh.com on
set ssh server mac hmac-sha2-512 on
set ssh server mac hmac-sha2-512-etm@openssh.com on
set ssh server mac umac-64-etm@openssh.com on
set ssh server mac umac-64@openssh.com on
set ssh server mac umac-128-etm@openssh.com on
set ssh server mac umac-128@openssh.com on
add ssh hba ipv4-address 216.228.148.22 public-key access-mode standalone encoded-
data AAAAB3NzaC1yc2EAAAABEQAAAQEAyu1VB/LnSFPfmQ1NNG6b8Lkg4b9buPQh0BnY+YiBjNT1uYz5/
tNTfc2+aqg7Wk1omX5lozt/9N+BEExVWAt1E+24nQK/
42qO7KKiY7KVNzyp+Uuz9PWf2lj7oXWQTEQYg3PoboN1pTmCup+KwcZF2oayzPOwjlmtExuvzyZhIUfn3r4
TLnP5yXJ3K5SvJ6t/
dYEkJQDtLwY779ADBLOd4EVpX8ysubLry0J01xXFL2uL+RJkY8tK7x+9pQPZNIscyG0s8whzQ/
686KWD2hlskLZLB2qZQ3KUeG4IUD6a5dwRHSAJ6JWsNOvHzILj4k4e1ws/ZcIdjvaM7acWqSYbrQ==
add ssh hba ipv4-address mercury.ts.checkpoint.com public-key access-mode
standalone encoded-data
AAAAB3NzaC1yc2EAAAABEQAAAQEAyu1VB/LnSFPfmQ1NNG6b8Lkg4b9buPQh0BnY+YiBjNT1uYz5/
tNTfc2+aqg7Wk1omX5lozt/9N+BEExVWAt1E+24nQK/
42qO7KKiY7KVNzyp+Uuz9PWf2lj7oXWQTEQYg3PoboN1pTmCup+KwcZF2oayzPOwjlmtExuvzyZhIUfn3r4
TLnP5yXJ3K5SvJ6t/
dYEkJQDtLwY779ADBLOd4EVpX8ysubLry0J01xXFL2uL+RJkY8tK7x+9pQPZNIscyG0s8whzQ/
686KWD2hlskLZLB2qZQ3KUeG4IUD6a5dwRHSAJ6JWsNOvHzILj4k4e1ws/ZcIdjvaM7acWqSYbrQ==
add backup-scheduled name "San_Martin_BKP" ftp ip 10.1.10.70 path
/bkpproxylog/BKP_Gateway/SanMartin/ username "ProxyFtp" password ****
set backup-scheduled name San_Martin_BKP recurrence weekly days 1 time 19:30
set syslog filename /var/log/messages
set syslog cplogs off
set syslog mgmtauditlogs on
set syslog auditlog permanent
set syslog uncompressmessages off
set timezone America / Argentina
set ssl tls TLSv1 off
set ssl tls TLSv1.1 off
set ssl tls TLSv1.2 on
set ssl tls TLSv1.3 off
set interface eth2-02 state on
add interface eth2-02 vlan 5
set interface Mgmt comments "MGMNT-gateways"
set interface Mgmt link-speed 1000M/full
set interface Mgmt state on
set interface Mgmt auto-negotiation off
set interface Mgmt ipv4-address 10.8.2.3 mask-length 24
set interface Sync comments "SYNC entre GATEWAYS"
set interface Sync link-speed 1000M/full
set interface Sync state on
set interface Sync auto-negotiation off
set interface Sync mtu 1500
set interface Sync ipv4-address 192.168.250.3 mask-length 28
set interface eth2-01 comments "internet"
set interface eth2-01 link-speed 1000M/full
set interface eth2-01 auto-negotiation off
set interface eth2-01 ipv4-address 172.16.1.3 mask-length 28
set interface eth2-02.5 comments "DMZ"
set interface eth2-02.5 state on
set interface eth2-02.5 ipv4-address 192.168.1.5 mask-length 24
set interface eth2-02.6 comments "WWW"
set interface eth2-02.10 comments "VLAN Antispam"
set interface eth2-02.15 comments "portal SAP"
set interface eth2-02.29 comments "DDAn_VLAN29"
set interface eth2-02.30 comments "DDAn_VLAN30"
set interface eth2-03.16 comments "Wireless"
set interface eth2-03.17 comments "Enrolar Celulares"
set interface eth2-03.18 comments "Wireless Elecciones"
set interface eth2-03.23 comments "Correo Movil 2 Barracas"
set interface eth2-03.26 comments "Prueba Lockers"
set interface eth2-03.31 comments "PLAN_SARMIENTO_VLAN31"
set interface eth2-03.32 comments "Internet-Correo_Cabeceras"
set interface eth2-03.33 comments "Red WiFi_Correo-Movil_Cabeceras"
set interface eth2-03.34 comments "Red WiFi_Servicios_Externos"
set interface eth2-03.35 comments "Wi-fi_OTE"
set interface eth2-04.7 comments "Sepsa"
set interface eth2-04.9 comments "Galicia"
set interface eth2-04.11 comments "WU --- ROUTEO -- activo"
add interface eth2-04.11 alias 192.168.12.4/29
set interface eth2-04.14 comments "WU Backup -- VPN"
set interface eth2-04.20 comments "Anses"
set interface eth2-04.25 comments "Laboratorio Delta"
set interface eth2-04.27 comments "L2L - Remediar"
set interface eth2-05 comments "MGMNT SW"
set interface eth2-06 auto-negotiation on
set interface eth2-07 comments "admin ESX - Vmware"
set interface eth2-08 comments "Proxy - Navegacion"
set interface eth2-08 state off
set interface eth3-01 comments "Fibra - entre FW-SW 3850"
set interface eth3-01 link-speed 10G/full
set interface eth3-01 auto-negotiation on
set interface eth3-02 state off
set interface lo state on
set interface lo ipv4-address 127.0.0.1 mask-length 8
set aaa tacacs-servers state off
set aaa radius-servers super-user-uid 96
add arp proxy ipv4-address 172.16.1.4 interface eth2-01 real-ipv4-address
172.16.1.3
add arp proxy ipv4-address 172.16.1.5 interface eth2-01 real-ipv4-address
172.16.1.3
set lldp state off
set management interface Mgmt
set ospf instance default area backbone on
set inbound-route-filter ospf2 instance default accept-all-ipv4
set inbound-route-filter rip accept-all-ipv4
set rip update-interval default
set rip expire-interval default
set snmp mode default
set snmp agent on
set snmp agent-version any
set snmp community PostaL1842 read-only
set snmp traps trap authorizationError disable
set snmp traps trap biosFailure disable
set snmp traps trap clusterXLFailover disable
set snmp traps trap coldStart disable
set snmp traps trap configurationChange disable
set snmp traps trap configurationSave disable
set snmp traps trap fanFailure disable
set snmp traps trap highVoltage disable
set snmp traps trap linkUpLinkDown disable
set snmp traps trap lowDiskSpace disable
set snmp traps trap lowDiskSpaceAllPartitions disable
set snmp traps trap lowVoltage disable
set snmp traps trap overTemperature disable
set snmp traps trap powerSupplyFailure disable
set snmp traps trap raidVolumeState disable
set snmp traps trap vrrpv2AuthFailure disable
set snmp traps trap vrrpv2NewMaster disable
set snmp traps trap vrrpv3NewMaster disable
set snmp traps trap vrrpv3ProtoError disable
set snmp traps advanced coldStart reboot-only off
set static-route default nexthop gateway address 172.16.1.6 priority 1 on
set static-route 10.0.0.0/8 comment "Ruta hacia WCCP"
set static-route 10.0.0.0/8 nexthop gateway address 172.17.1.20 on
set static-route 66.218.162.5/32 comment "WU H2H"
set static-route 66.218.162.20/32 comment WU
set static-route 133.90.21.21/32 comment "ITRON Sepsa pagoFACIL"
set static-route 161.190.225.9/32 comment Galicia
set static-route 172.18.0.0/16 comment "Red TOTEMS"
set static-route 172.21.0.0/16 comment "WU Nateos de Giros"
set static-route 172.22.22.2/32 comment "WU Nateos de Giros"
set static-route 192.168.230.0/28 comment "Any Connect VPN MG"
set static-route 192.168.231.0/28 comment "Any Connect VPN Bar"
set static-route 200.10.199.127/32 comment "Servicio Anses"

Check Point Gateway

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Check Point Gateway

Uploaded by

Copyright:

Available Formats

#

set message motd off

set message caption off

set net-access telnet off

You might also like