- Products
- Learn
- Local User Groups
- Partners
-
More
It's Here!
CPX 360 2021 Content
Check Point Harmony
Highest Level of Security for Remote Users
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
Advanced Protection for
Small and Medium Business
Secure Endpoints from
the Sunburst Attack
Important! R80 and R80.10
End Of Support around the corner (May 2021)
So I've seen how on a clusterxl interface failure checkpoint will begin spamming arp requests for everything in the local network. Is there a way to get checkpoint to do this on demand without a clusterxl event? I know about arping but I'm looking for something I don't have to setup a loop to do.
Timothy_Hall
Gaia 3.10 has hping2 built-in, so if you wanted to spam ARP requests for network 192.168.1.0/24 on interface eth1 just do this:
hping2 --fast --icmp -I eth1 192.168.1.x --rand-dest
Correct me if i'm wrong, but this does require outbound traffic from the firewall to be allowed correct?
Might work. I'll give it a try.
Warning: when this option is enabled hping can't detect the right outgoing interface for the packets, so you should use the --interface option to select the desired outgoing interface.
Not very elegant. Was hoping for a bla/cidr notation worst case.
Timothy_Hall
Yes, hping2 generated traffic will go through capture points o/O in F2F so it will need to be allowed by policy. By default packets originating from the gateway are permitted by an implied rule that is positioned "Before Last", so as long as there are not any rules explicitly dropping traffic originating from the gateway and the implied rule setting is left at default it should be allowed.
yeah outbound isn't allowed even from firewall for certain segments.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY