Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

max - Max Power - Fix me beautiful

Danny
Champion
Champion

image.png max is a community driven health, security and performance optimization script. GPL licensed.

Installation (expert mode) or download:

curl_cli http://dannyjung.de/max | zcat > /usr/bin/max && chmod +x /usr/bin/max


max.png

Changelog

  • 0.1 - Initial Release (Early Availability)
  • 0.2 - Added checks for address spoofing, stateful inspection

 

The script name is referring to Check Points Maximizing Network Performance guide and Tim Hall's Max Power Firewalls

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


8 Replies

Kaspars_Zibarts
Authority
Authority

Great tool if you didn't a similar one already! Smiley Happy Nicely written too..

I'm not entirely sure how far you wanted to go with this tool, but maybe I can put some things on the wish-list

  • check if aggressive aging is not active from fw ctl pstat
  • check if acceleration templates are not disabled high up in the rulebase from fwaccel stat
  • take number on top of release maybe? early takes could indicate possible problems that are already fixed in later takes, i.e. grep 'was installed su
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

Hi Kaspars Zibarts,

thanks for your kind words. I'm hoping the community drives this project as far as possible.

I've noticed that all optimization guides feature simple if-then instructions (e.g. Max Power 2 , 'Special Case: 2 Cores' notes that if a firewall only has 2 Cores with 10Gbps interfaces then it's not recommended for productive use.)

However, no one started to put these instructions into executable code making is easier to correctly apply and use it.

From this perspecti

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


JozkoMrkvicka
Leader
Leader

What a great tool !

I can imagine to have this, CCC script and health check script as one bundle. Why we have 3 separate scripts if we can merge them into one ?

It will be up to user what he need to check/configure.

Just idea for further cooperation Smiley Happy

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

The next version of our ccc script will have an option to install and start max.

I won't merge the scripts into one (yet) as their code is absolutely different. max is 99.9% modular, won't preload anything, doesn't require user interaction etc. while ccc highly interacts with the user to access common Check Point commands.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Reply
0 Kudos

_Val_
Admin
Admin

Interesting work, Danny Jung‌. Timothy Hall‌, what do you say?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Reply
0 Kudos

Timothy_Hall
Champion
Champion

When writing the first edition of my book, I did think to myself at one point: "Hmm I bet I could write a script that would run all the discovery commands, parse the output and issue alerts based on the output".  For any findings the script could even reference the relevant page number in the book for further reading, if the finding did not make sense or more context was required to take meaningful action to correct it.  Never quite got the time to write it, although the healthcheck.sh to

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

Tim wrote: "For any findings the script could even reference the relevant page number in the book for further reading.."

This is exactly what I have in mind for the script: Referencing the exact RFC, page number in your book, Check Point SK etc. This way the script will then hopefully also be respected for it's educational character besides building trust and liability for it's recommendations.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Danny
Champion
Champion

New Release: Version 0.2

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Reply
0 Kudos