https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205999#M38902 <P>I wrote the first one that just checked the backups via "show backups status" using HeikoAnkenbrand's earlier version of gw_multi_commands<BR />REF: <A href="https://community.checkpoint.com/t5/Scripts/GAIA-Easy-execute-CLI-commands-on-all-gateways-simultaneously/td-p/50883" target="_blank">https://community.checkpoint.com/t5/Scripts/GAIA-Easy-execute-CLI-commands-on-all-gateways-simultaneously/td-p/50883</A><BR />It was ok for a quick look at backups every morning.</P><P>I wont share the new script as it will become added value for our clients.<BR />But for an overview it is BASH with if/then and awk<BR />* mgmt_cli to extract the domains from the MDM and then their gateways<BR />* $CPDIR/bin/cprid_util to run remote commands on the GW's which is using SIC to connect<BR />* Output file is populated with all the data and formats it to HTML<BR />* More if/thens to create emails to the services desk<BR />* Uses an internal smtp relay to forward the email</P> Tue, 13 Feb 2024 20:14:26 GMT spottex 2024-02-13T20:14:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204980#M38645 <P>Hi,</P><P><STRONG>In this post, I'm embarking on a journey to uncover the daily habits of firewall administrators! My goal is to not only equip myself but also empower others reading this to become more confident and effective guardians of our networks.</STRONG></P><P>1-What daily security checks should I perform as a Checkpoint firewall admin to identify potential attacks?</P><P><STRONG>2-Seeking insights:</STRONG> What elements and daily checks should be included in an expert's Checkpoint firewall security report?</P><P>3-What is the most important thing that you need to check very often to make sure that your network is safe?</P><P>4-In your experience, what continuous monitoring practice provides the most actionable intelligence for securing a network?</P><P>5-What are your <STRONG>daily routines</STRONG> as a firewall administrator?</P><P>6-I'm curious about the daily practices of a firewall administrator. What specific checks and configurations do you prioritize?</P><P>Any more ideas are welcome!&nbsp;Don't hesitate to share any additional thoughts or suggestions you have!</P><P>&nbsp;</P><P>/Moudar</P> Sun, 04 Feb 2024 11:16:50 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204980#M38645 Moudar 2024-02-04T11:16:50Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204983#M38647 <P>I will see if I can find a good doc customer sent me while back about this, so glad you made this post, absolutely relevant.</P> <P>Andy</P> Sun, 04 Feb 2024 15:34:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204983#M38647 the_rock 2024-02-04T15:34:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204984#M38648 <P>And while I look for the doc, below are some great references.</P> <P>Andy</P> <P><A href="https://www.process.st/templates/network-administrator-daily-tasks/" target="_blank">https://www.process.st/templates/network-administrator-daily-tasks/</A></P> <P><A href="https://community.checkpoint.com/t5/General-Topics/Check-Point-Firewall-Admin-Tasks/td-p/37185" target="_blank">https://community.checkpoint.com/t5/General-Topics/Check-Point-Firewall-Admin-Tasks/td-p/37185</A></P> <P><A href="https://www.cgtechnologies.com/security/firewall-audit-checklist/" target="_blank">https://www.cgtechnologies.com/security/firewall-audit-checklist/</A></P> <P><A href="https://live.paloaltonetworks.com/t5/general-topics/palo-alto-daily-admin-tasks/td-p/72108" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/palo-alto-daily-admin-tasks/td-p/72108</A></P> <P><A href="https://www.infrassist.com/firewall-audit-checklist/" target="_blank">https://www.infrassist.com/firewall-audit-checklist/</A></P> <P>&nbsp;</P> Sun, 04 Feb 2024 15:37:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/204984#M38648 the_rock 2024-02-04T15:37:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205038#M38657 <P>Excited to dive into the linked resources, but wouldn't it be amazing to combine that with your personal wisdom? If you're willing to share some of your daily habits and how they've shaped your work, I'd be incredibly grateful!</P> Mon, 05 Feb 2024 10:46:57 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205038#M38657 Moudar 2024-02-05T10:46:57Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205039#M38658 <P>I would be happy to share if I were fw admin myself, which Im not lol</P> <P>Best,</P> <P>Andy</P> Mon, 05 Feb 2024 10:48:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205039#M38658 the_rock 2024-02-05T10:48:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205799#M38840 <P>We have a new engineer in our team who has updated a nightly script running on a MDM which checks all the GW's to see if backups have run. It now also looks for core dumps, snapshots the hosts resources and uptime, gets installed hotfixes which reports in a html table via email every morning.&nbsp;<BR />He has added secondary emails to the Service Desk to log a support ticket to the Security Team for each backup that fails and if any core dumps are found.&nbsp;</P> Mon, 12 Feb 2024 19:26:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205799#M38840 spottex 2024-02-12T19:26:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205849#M38859 <P>The automation of processes is a hot topic these days, and I'm definitely intrigued! Could you delve deeper into it, particularly exploring the different tools we could leverage? Specifically, I'm curious about using Ansible scripts, Python scripts, or even leveraging Management APIs. The ideas of what to automate are most important,&nbsp;<SPAN>hence, additional insights into potential automation targets would be immensely valuable.</SPAN></P> Tue, 13 Feb 2024 08:18:16 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205849#M38859 Moudar 2024-02-13T08:18:16Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205999#M38902 <P>I wrote the first one that just checked the backups via "show backups status" using HeikoAnkenbrand's earlier version of gw_multi_commands<BR />REF: <A href="https://community.checkpoint.com/t5/Scripts/GAIA-Easy-execute-CLI-commands-on-all-gateways-simultaneously/td-p/50883" target="_blank">https://community.checkpoint.com/t5/Scripts/GAIA-Easy-execute-CLI-commands-on-all-gateways-simultaneously/td-p/50883</A><BR />It was ok for a quick look at backups every morning.</P><P>I wont share the new script as it will become added value for our clients.<BR />But for an overview it is BASH with if/then and awk<BR />* mgmt_cli to extract the domains from the MDM and then their gateways<BR />* $CPDIR/bin/cprid_util to run remote commands on the GW's which is using SIC to connect<BR />* Output file is populated with all the data and formats it to HTML<BR />* More if/thens to create emails to the services desk<BR />* Uses an internal smtp relay to forward the email</P> Tue, 13 Feb 2024 20:14:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Administrator-daily-routines/m-p/205999#M38902 spottex 2024-02-13T20:14:26Z