[rescue] rescue Digest, Vol 34, Issue 1

Ido Dubrawsky idubraws at dubrawsky.org
Thu Sep 1 07:59:21 CDT 2005

Just a quick summary for those who want to know and a followup:

rescue-request at sunhelp.org wrote:

> http://www.checkpoint.com/support/technical/documents/docs_nokia.html
I was at CheckPoint's website and could get access to some docs but
not to others (I assume I need to register -- which I did -- and a
license for the CheckPoint software -- current cost unknown before I
can get access to all of the documents on-line).

> http://www.assdingos.com/ipv6/IPv6.pdf
This site is no longer up apparently.  The domain name is for sale
from what I discovered.

> http://cpug.org/ ... there's plenty of information there.
This site was great!  There's a syngress book I will be ordering in
order to learn the device.  And finally, thanks to Mike Meredith over
in the UK for kindly having the manuals for CheckPoint 4.1 available.

> http://userweb.port.ac.uk/~msm/files/cp-manuals.tar.gz

Now, somebody mentioned that I will have to license the CheckPoint
software in order to run it but from what I've seen CheckPoint ties
the license to an IP address on the firewall (in this case there are 4
interfaces : 3 physical, 1 logical (loopback)).  What the previous
owner of the firewall did (I believe it was Transamerica corporation)
was set a second IP address on the loopback interface and then tied
the firewall software license to that IP address.  Theoretically this
means that I could change the physical interface addresses without
compromising the firewall license -- so long as I don't change the
extra IP address on the loopback.  All I want to do is use this device
to learn CheckPoint FW-1 (and then NG) so that I can get CCSA/CCSE
certified.  It's not going into a production network -- and I did find
a webpage describing how to install RedHat Linux on the device and
make it into an NetFilter appliance firewall (and I'm sure
OpenBSD/NetBSD/FreeBSD will also run on the box since IPSO is built on
one of those variants of BSD -- OpenBSD if I'm not mistaken).  It
would be interesting (although probably very heavy) to see if Solaris
x86 will run on it (I would need more memory though)  Am I off on

Ido Dubrawsky, CISSP                    E-mail: ido at dubrawsky.org
Network Security Architect                      idubraws at siliconsec.com
500 Hermleigh Rd
Silver Spring, MD. 20902
(301) 651-5441 (cell)

More information about the rescue mailing list